The Defense Information Systems Agency program management office for the DoD Mobility Unclassified Capability program handles the security of mobile devices and applications to protect them from cyber attacks.
DISA said Monday the office tests and analyzes between 20 and 30 mobile apps each month on the DoD and Personal Use Mobile App stores. Officials began to assess apps using a subset of the National Information Assurance Partnership review criteria to speed up the evaluation process.
“Because of the protections we’ve put in place, we’ve been able to work with the authorizing official to abbreviate vetting of personal apps for PUMA. It is a largely automated process that is turned around in about 45 days,” said Eugene Kim, DMUC app vetting lead.
Through the process, the office screened 68 Android apps and 264 iOS apps between January 2018 and January 2019. The office also intends to field a mobile endpoint protection platform (MEP) to track the behavior of devices with plans to select a platform vendor by summer.
“MEP will provide real-time monitoring and will alert not just the administrators, but also end users that a certain application is behaving in a suspicious manner and providing instructions for what to do,” said William Bowles, information system security manager for the DMUC PMO.