Tom Karygiannis: NIST Mobile App Vetting Guide Details Testing Methods

mobile securityThe National Institute for Standards and Technology is seeking comments from the public on the agency’s new draft guidelines on how to test mobile applications for potential privacy and security risks to the network or organization.

NIST said Wednesday the “Technical Considerations for Vetting 3rd Party Mobile Applications” document covers test requirements, tools and techniques used in vetting apps, software assurance issues, sample findings and security weaknesses of apps.

Tom Karygiannis, a NIST computer scientist, said the guide “describes tests that allow software security analysts to discover and understand vulnerabilities and behavior before the app is approved for use.”

Tests should also be based on the organizations that will deploy the apps as well as their particular security requirements, user environment and context of use, NIST said.

The agency added that users should balance the benefit of apps to employee productivity with the potential vulnerabilities they bring to sensitive and personal data.

The draft guidance also recommends organizations to train employees on mobile app security and privacy issues, create a mobile app vetting system and implement vetting throughout the app life cycle.

NIST will accept comments through Sept. 18.

Check Also


FireEye to Provide Cybersecurity Defenses to Texas DIR; Pat Sheridan Quoted

FireEye, Inc. has announced that it will offer cyber security defenses to Texas public sector agencies, under Texas Department of Information Resources (DIR), the company reported on Thursday. Through the end of 2020, FireEye security products and Mandiant Solutions services will be available to all Texas agencies, county governments, cities and school districts through DIR’s Bulk Purchase Initiative for Endpoint Detection and Response (EDR) solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *