The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) and the National Information Assurance Partnership with the National Security Agency (NSA) said June 29 that their joint pilot program is showing that cybersecurity for mobile application software for Federal use can be an automated process.
Up until now, making sure that mobile apps are NIAP Protection Profile (PP) compliant can be an arduous and costly process. S&T and NIAP’s pilot program has shown that automating the process can deliver accurate and trustworthy results that offer “agencies the ability to quickly, affordably, and reliably determine if their apps meet NIAP’s stringent security requirements.”
“Automated testing will help bring the speed of NIAP evaluations to keep pace with the rapid, agile development and release cycles of today’s modern mobile app ecosystem,” Director of NIAP Mary Baish said.
According to a news release, results of the pilot show include:
- “Automated vetting against NIAP requirements allows for faster testing and fielding of app updates;
- Apps can be assessed for basic compliance before a formal NIAP evaluation, providing risk reductions for several stakeholders including agencies, software vendors, and end-users;
- Apps can be accurately vetted, even if analysts and evaluators do not have access to source code;
- Apps can be vetted against updated requirements without undergoing a full NIAP recertification;” and
- “The results bode well for other security automation efforts, some of which already are underway.”