by Brianna Crandall — January 28, 2015—For facilities managers who want to be on the same page as information technology (IT) managers, whether for the facilities team or when helping provide equipment for teleworkers, a new publication from the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) offers guidance for organizations to improve security as employees move to mobile devices such as phones and tablets for their work and their applications.
Smart phone and tablet users have access to a great number of installable programs (“mobile apps”) that are designed to make their lives easier, but an employee who downloads an unsafe app may unwittingly expose the organization’s computer network to security and privacy risks, reminds NIST.
NIST’s new guide, Vetting the Security of Mobile Applications, provides organizations the information they need to assess the security and privacy risks associated with mobile apps, whether developed in-house or downloaded from mobile app marketplaces. The publication is also a guide for developers seeking to understand the types of vulnerabilities that can be introduced during an app’s software development cycle.
The guide offers plans for implementing the vetting process and considerations for developing app security requirements, and describes the types of app vulnerabilities and the testing methods to use to detect them. The document also provides guidance for determining if an app is acceptable for an organization to use.
Vetting the Security of Mobile Applications (NIST Special Publication 800-163) is the final version of Technical Considerations of Vetting 3rd Party Mobile Applications, published for comments in August 2014. Comments from government and industry led the authors to improve the document’s organization and flow, explains NIST.
