Ride the Lightning

New NIST Publication: Vetting the Security of Mobile Applications

April 23, 2019

NIST has just released Special Publication 800-163 Rev. 1, Vetting the Security of Mobile Applications. The original document (January 2015) detailed the processes through which organizations evaluate mobile applications for cybersecurity vulnerabilities. Revision 1 expands on the original document by exploring resources that can be used to inform an organization’s requirements for mobile app security. These include overviews of relevant documentation from the National Information Assurance Partnership (NIAP), the Open Web Application Security Project (OWASP), The MITRE Corporation, and NIST.

Revision 1 also details and refines the vetting model described in the original document by better defining the roles and processes that affect the mobile app vetting process. Specifically, it better defines the inputs and outputs of each step involved in the process of app vetting. It also details how the process might be integrated into an organization’s general security posture.

The original document describes how the actual testing of applications can be undertaken, whereas Revision 1 augments this discussion by describing how vulnerabilities can be identified and weighted based on existing standards and best practices.

Finally, Revision 1 goes into a greater—and updated—exploration of the current threat landscape facing mobile apps. Furthermore, it includes and aligns itself with current guidelines and recommendations being made by both industry and other federal partners.

Email:    Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson