The Department of Homeland Security (DHS) has partnered with the National Security Agency (NSA) to assess commercial technologies intended to automate the vetting of mobile apps in line with NSA's security requirements.
DHS said Monday its Science and Technology (S&T) Directorate is working with its Mobile Security and Emergency Communications (SEC) partners to evaluate the capacity of commercial vetting tools to automatically determine whether apps meet security standards under NSA's National Information Assurance Partnership (NIAP).
As part of the pilot effort, the research team deployed an assessment technology developed by software company Kryptowire to analyze Intelligent Waves’ Hypori virtual mobility app for Android and Apple iOS.
The team also worked with Leidos’ Common Criteria Testing Laboratory to evaluate Kryptowire’s performance and found that the latter’s automated testing technology matches NIAP’s procedures.
“This increased testing will raise the security posture of the government’s mobile app ecosystem and at the same time raise confidence among app end-users, primarily the tax-paying public,” said Vincent Sritapan, program manager for Mobile SEC at S&T.
The team intends to release the study's results in a report titled "Automating National Information Assurance Partnership Requirements Testing for Mobile Apps”.