NIST, NCCoE Planning Big Updates to Mobile Security Guidance

The National Institute of Standards and Technology (NIST) is updating two of its major publications regarding mobile device security, and NIST’s National Cybersecurity Center of Excellence (NCCoE) is expanding into uncharted territory.

Representatives from NIST, speaking today at an event hosted by ATARC, discussed why these updates have become so necessary amid an evolving security landscape.

The first relates to the security of mobile applications, including that agencies ensure they apply necessary security protocols throughout an application’s vetting process to ensure they are “reasonably free from vulnerabilities.”

Michael Ogata, computer scientist at NIST’s Applied Cybersecurity Division, is one of the lead authors of the first draft revision to SP 800-163, “Vetting the Security of Mobile Applications,” which was released in July. He charted the course of the new updates to the guidance, saying “the document greatly expands the scope of what mobile application vetting is.”

SP 800-163 outlines the mobile app security review process–including the application’s path through the vetting process and test infrastructure–and also explores evolving threats across the mobile landscape.

Read more at: Meri Talk