The Defense Department plans to roll out a new process for its acquisition of mobile application security services based on the Federal Risk and Authorization Management Program model, Federal News Radio reported Monday.
John Zangardi, acting DoD chief information officer, signed the mobile application security requirements memorandum which was designed to establish a baseline standard for applications as well as advocate reciprocity throughout the military.
“The [National Information Assurance Partnership] developed the baseline set of security requirements for organizations engaged in locally evaluating mobile applications … These requirements are achievable, testable, and repeatable and provide a basis for technical evaluation and risk determination by Authorization Officials,” said Zangardi in the memo.
Zangardi directed DoD agencies and service branches to utilize the “Requirements for Vetting Mobile Applications from the Protection Profile for Application Software” NIAP profile and tasked the Defense Information Systems Agency to create a portal for the new process within the next 90 days.
DoD service branches and agencies will also assess applications from the mobile application portal and other commercial stores prior to its development and acquisition to determine potential security threats.