Automating NIAP Requirements Testing for Mobile Apps   [open pdf - 949KB]

From the Executive Summary: "In the past decade, mobility has evolved from a differentiator or key enabler within the modern information technology (IT) enterprise to a business necessity and operational imperative. Organizations large and small, across all market sectors, have embraced mobility for its benefits, but in the process have assumed all of mobility's endemic risks as well. For federal agencies, the majority of which have made improved mobility core to their enterprise IT strategies, the stakes are particularly high given their critical role. [...] For many years, the National Security Agency (NSA)-funded National Information Assurance Partnership (NIAP) has been responsible for overseeing a program that certifies the security of commercial products used in National Security Systems (NSS). While NSS are a special category of systems whose requirements do not apply to most government IT, the success of NIAP's requirements and evaluation model has led many other agencies to adopt its standards as well as the results of its product evaluations when they make IT procurement decisions. Even so, some agencies may prefer a lightweight vetting process that enables them to quickly assess whether their myriad mobile apps comply with NIAP standards, while reserving full and thorough NIAP evaluation for their most critical and sensitive enterprise apps."

Public Domain
Retrieved From:
U.S. Department of Homeland Security: https://www.dhs.gov/
Media Type:
Help with citations