In order to fully address the inherent threats of mobile devices, a wider view of the mobile ecosystem is necessary. This repository contains the Mobile Threat Catalogue, which describes, identifies, and structures the threats posed to mobile information systems. An associated report provide context and describing this repository is available here: NISTIR 8144: Assessing Threats to Mobile Devices & Infrastructure.
The public comment period closed on Thursday, November 10, 2016. Readers of the catalogue may notice that gaps still remain; some threats are not tied to a documented source or lack countermeasures, and other threats not identified here may exist. This catalogue is intended as a living document. Feedback on mobile threats addressed in the catalogue as well as ideas for additional threats are still encouraged, but please note that a prompt response time may not be possible as we work to address offline comments received before the deadline.