NIST Special Publication (SP) 800-163 Revision 1, Vetting the Security of Mobile Applications, is an important update to NIST guidance on mobile application vetting and security. The original document (January 2015) detailed the processes through which organizations evaluate mobile applications for cybersecurity vulnerabilities. Revision 1 expands on the original document by exploring resources that can be used to inform an organization’s requirements for mobile app security. These include overviews of relevant documentation from the National Information Assurance Partnership (NIAP), the Open Web Application Security Project (OWASP), The MITRE Corporation, and NIST.
Revision 1 also details and refines the vetting model described in the original document by better defining the roles and processes that affect the mobile app vetting process. Specifically, it better defines the inputs and outputs of each step involved in the process of app vetting. It also details how the process might be integrated into an organization’s general security posture.
The original document describes how the actual testing of applications can be undertaken, whereas Revision 1 augments this discussion by describing how vulnerabilities can be identified and weighted based on existing standards and best practices.
Finally, Revision 1 goes into a greater—and updated—exploration of the current threat landscape facing mobile apps. Furthermore, it includes and aligns itself with current guidelines and recommendations being made by both industry and other federal partners.
Security and Privacy: assurance, planning, security automation, testing & validation, vulnerability management
Technologies: mobile, software & firmware