U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NIST SP 800-163 Rev. 1 (Initial Public Draft)

Vetting the Security of Mobile Applications

Date Published: July 2018
Comments Due: September 6, 2018 (public comment period is CLOSED)
Email Questions to: nist800-163@nist.gov

Author(s)

Michael Ogata (NIST), Joshua Franklin (NIST), Jeffrey Voas (NIST), Vincent Sritapan (DHS), Stephen Quirolgico (DHS)

Announcement

Draft Special Publication (SP) 800-163 Revision 1 updates a process for vetting mobile applications. This process can be used to ensure that mobile apps conform to an organization's security requirements and are reasonably free from vulnerabilities.

Revision 1 updates this publication to address changes in the mobile landscape. Guidance has been expanded to better define the app vetting process as a whole, while providing greater detail about the roles, capabilities, and strategies of mobile application testing. Security requirements and references have been added to aid organizations in defining their own app vetting policy. Finally, a brief discussion of the mobile app threat landscape is included to better contextualize the need for app vetting.

Abstract

Keywords

app vetting; app vetting system; malware; mobile applications; mobile security; niap; security requirements; software assurance; software vulnerabilities; software testing
Control Families

Planning; Risk Assessment; System and Communications Protection

Documentation

Publication:
Draft SP 800-163 Rev. 1 (pdf)

Supplemental Material:
None available

Document History:
07/23/18: SP 800-163 Rev. 1 (Draft)
04/19/19: SP 800-163 Rev. 1 (Final)