IT & Networks

NIST outlines process for vetting mobile apps

As employees look to do more and more work on their mobile devices, the National Institute of Science and Technology has developed a set of standards for testing the security of mobile software called the "app vetting process."

Mobile technology spurs productivity by allowing real-time information sharing, the ability to work from any location and an "unprecedented level of connectivity between employees, vendors and customers," NIST noted.

This speed often translates to the development process, as well, as app builders look to capitalize on a need as quickly as possible. Unfortunately, this can lead to security weaknesses and sloppy coding that leaves the device and the network it connects to vulnerable.

Special Publication: Vetting the Security of Mobile Applications

"To help mitigate the risks associated with app vulnerabilities, organizations should develop security requirements that specify, for example, how data used by an app should be secured, the environment in which an app will be deployed and the acceptable level of risk for an app," NIST wrote in a special publication released this week.

The proliferation of mobile apps creates another unique concern.

"Mobile devices provide access to potentially millions of apps for a user to choose from," NIST wrote. "This trend challenges the traditional mechanisms of enterprise IT security software where software exists within a tightly controlled environment and is uniform throughout the organization."

The new special publication (800-163) outlines the process for vetting a third-party application, from setting security standards to developing analytics tools to approval or rejection.

The document also includes an extensive list of questions to help administrators identify specific security concerns.

Recommended for you
Around The Web