NIST Issues Third-party Mobile Apps Vetting Publication for Public Comment

Practical Law Legal Update 0-578-9705 (Approx. 3 pages)

NIST Issues Third-party Mobile Apps Vetting Publication for Public Comment

by��Practical Law Intellectual Property & Technology

Published on 25 Aug 2014 • USA (National/Federal)

The National Institute for Standards and Technology (NIST) issued a draft of its Special Publication 800-163, Technical Considerations for Vetting 3rd Party Mobile Applications for public comment.

On August 19, 2014, the National Institute of Standards and Technology (NIST) issued a draft of Special Publication 800-163, Technical Considerations for Vetting 3rd Party Mobile Applications (SP 800-163) for public comment. SP 800-163 provides guidance for individuals and organizations adopting vetting processes to assess the security and reliability of mobile applications (apps). SP 800-163 is intended for individuals or organizations that:

Vet, assess and acquire mobile apps.
Have responsibilities for setting app vetting policies and practices.
Develop mobile apps.

In SP 800-163, NIST recommends that interested parties:

Understand the security and privacy risks mobile apps present and have a strategy for mitigating them.
Train employees on mobile app security and privacy.
Engage in a vetting process to provide long-term assurance of software throughout its lifecycle.
Establish a process for quickly vetting security-related updates.
Inform stakeholders of what the vetting process provides in terms of secure behavior of apps.
Have a software analyst review mobile app testing results within the context of an organization's mission objectives, security posture and risk tolerance.

Comments should be e-mailed to [email protected] using NIST's Comment Template. Comments must be received by September 18, 2014.

NIST Issues Third-party Mobile Apps Vetting Publication for Public Comment | Practical Law