NowSecure Connect — THE mobile AppSec + AppDev community online event — returns with new content and the latest training. Join the world’s brightest innovators, practitioners, community leaders, and industry influencers online for in-depth training, discussions, strategy sessions, CTF and more. Gain access to keynotes, exclusive breakouts, expert panels, on-demand sessions, plus an interactive peer-to-peer community. #NSConnect22 is your source for cutting-edge mobile AppDev, mobile AppSec and mobile DevSecOps insight. Register for replays!

magnifying glass icon

NIAP Mobile App Vetting — NowSecure Announces World’s First Automated Testing Solution

Posted by

Mobile apps are critical to enabling the U.S. federal agencies such as the U.S Department of Defense to meet their mission. Core to that mission is ensuring a high security testing bar for the mobile apps they build and use. Until now, completing that security compliance testing has been a complicated, time-consuming manual process that was built for web apps, not mobile apps.

Today, NowSecure is announcing the world’s first automated NIAP Mobile App Vetting solution that supports NIAP v1.3 Mobile App Vetting Protection Profile for Application Software. Click here to get a NowSecure demo.

Starting with a SBIR partnership with the U.S. Air Force and the BESPIN team as part of their innovative DevSecOps program, this new NowSecure solution extends our automated mobile app security testing platform with NIAP compliance capabilities to help speedr testing and ATO for massive mobilization across DoD and federal agencies.

Mobile apps are critical to enabling the Air Force to meet our mission around the world,” said Captain Michael Valentin, Air Force BESPIN operations & support service manager. “We are excited to partner with experts like NowSecure to bring automated mobile app security testing and NIAP compliance into our BESPIN program. This new capability can help the Air Force, DoD and federal agencies confidently unleash more widespread development and use of mobile apps. From the SBIR award a year ago to shipping product today, we are achieving our goals of moving fast with continuous innovation.”

The NowSecure NIAP Solution enables the Air Force to more easily meet the mandates of NIAP compliance testing for unmanaged mobile systems as specified in the DoD memo from Acting CIO Dr. John Zangardi.

Inside the NowSecure NIAP Solution

The NowSecure NIAP Mobile App Vetting Solution tests for all 50+ mobile app vetting requirements from the NIAP v1.3 Protection Profile for Application Software. See examples of two NIAP requirements in the solution below.


The NowSecure Platform test engine uses automated static, dynamic and interactive analysis of Android and iOS mobile applications on real devices for deep, accurate and comprehensive testing in minutes. NowSecure includes a step-by-step interactive workflow for NIAP assessors to review and finalize results in a few hours. Finally, NowSecure automatically generates a detailed, high-quality report ready for ATO submission. The NowSecure NIAP Mobile App Vetting solution compresses months of complex testing and documentation into just a day or two of work at a dramatically lower cost.

As shown above, the NowSecure NIAP Mobile App Vetting solution can be used in multiple ways:

  • To test mobile apps developed by agencies, by suppliers, by integrators or downloaded from public sources including the Apple AppStore™ and Google Play™.
  • To test as part of a DevSecOps mobile app development lifecycle, either on-demand or integrated into CI/CD pipelines to security test every build every day so that once development is completed, NIAP assessors can complete their work even faster.
  • To inventory the mobile app population via an existing MDM/EMM deployment and scan for NIAP compliance across the existing mobile app portfolio to provide greater visibility into agency-wide risk.

Get a demo now to see how your agency or department can leverage this new innovation.