Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Vetting the Security of Mobile Apps: NIST Releases Draft SP 800-163 Rev. 1 for Comment

NIST has released Draft Special Publication (SP) 800-163 Revision 1, which updates a process for vetting mobile applications. This process can be used to ensure that mobile apps conform to an organization's security requirements and are reasonably free from vulnerabilities.

Revision 1 updates this publication to address changes in the mobile landscape. Guidance has been expanded to better define the app vetting process as a whole, while providing greater detail about the roles, capabilities, and strategies of mobile application testing. Security requirements and references have been added to aid organizations in defining their own app vetting policy. Finally, a brief discussion of the mobile app threat landscape is included to better contextualize the need for app vetting.

Comments on Draft SP 800-163 Rev. 1 are due September 6, 2018, and may be sent to with “Comments on Draft SP 800-163 Rev. 1” in the Subject field.

Released July 23, 2018, Updated December 11, 2018