NIST logo

NIST Security Guide Walks Organizations Through the Mobile App Security Vetting Process

From NIST Tech Beat: January 26, 2015

*
Bookmark and Share

Contact: Evelyn Brown
301-975-5661

A new publication from the National Institute of Standards and Technology (NIST) provides guidance for organizations to improve security as employees move to mobile devices such as phones and tablets for their work and their applications (“mobile apps”).

image of smartphone with app showing on screen
Credit: Baum/NIST

Smart phone and tablet users have access to a great number of installable programs (“mobile apps”) that are designed to make their lives easier, but an employee who downloads an unsafe app may unwittingly expose the organization’s computer network to security and privacy risks.

NIST’s new guide, Vetting the Security of Mobile Applications, provides organizations the information they need to assess the security and privacy risks associated with mobile apps, whether developed in-house or downloaded from mobile app marketplaces. The publication is also a guide for developers seeking to understand the types of vulnerabilities that can be introduced during an app’s software development cycle.

The guide offers plans for implementing the vetting process and considerations for developing app security requirements, and describes the types of app vulnerabilities and the testing methods to use to detect them. The document also provides guidance for determining if an app is acceptable for an organization to use.

Vetting the Security of Mobile Applications (NIST Special Publication 800-163) is the final version of Technical Considerations of Vetting 3rd Party Mobile Applications published for comments in August, 2014. Comments from government and industry led the authors to improve the document’s organization and flow. It is available at www.nist.gov/manuscript-publication-search.cfm?pub_id=917674.