U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


Secure websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to our website. Please do not share sensitive information with us.

This is an archive
(replace .gov by .rip)

SP 800-163 Rev. 1

Vetting the Security of Mobile Applications

Date Published: April 2019

Supersedes: SP 800-163 (01/26/2015)


Michael Ogata (NIST), Joshua Franklin (NIST), Jeffrey Voas (NIST), Vincent Sritapan (DHS), Stephen Quirolgico (DHS)



app vetting; app vetting system; malware; mobile applications; mobile security; niap; security requirements; software assurance; software vulnerabilities; software testing
Control Families

Planning; Risk Assessment; System and Communications Protection


SP 800-163 Rev. 1 (DOI)
Local Download

Supplemental Material:
None available

Document History:
07/23/18: SP 800-163 Rev. 1 (Draft)
04/19/19: SP 800-163 Rev. 1 (Final)