The National Institute of Standards and Technology (NIST) has issued a revised draft and a call for public comment for Special Publication 800-163 Vetting the Security of Mobile Applications that is designed to give organizations basic guidance on app security.
The 50-page document contains the basics on how enterprises can create and implement an in-house app vetting process, develop security requirements for mobile apps the organization is planning on rolling out to its staff, identify the right tools for testing apps and how to determine if an app is acceptable and should be deployed. All of the requirements contained in the publication came from cybersecurity experts and are based on several standards, including those by NIAP, OWASP, MITRE and earlier NIST publications.
“Mobile technology changes quickly, and our publication needs to move fast to keep up,” said computer scientist Michael Ogata, one of the draft’s coauthors. “Security specialists in both the private sector and government have been working to improve app vetting, and this update reflects their efforts.”