Washington DC, April 27, 2020—NowSecure, the leading mobile app security and privacy software company, announced today the NowSecure NIAP Mobile App Vetting Software Solution to enable U.S. federal agencies, U.S. Department of Defense (DoD) and Service Providers to rapidly test for NIAP compliance to speed production deployments of critical mobile applications.
The National Information Assurance Partnership (NIAP) oversees the U.S. implementation of the Common Criteria for Information Technology Security Evaluation. Leveraging industry, government and academia, NIAP manages a U.S. national program for ensuring rigorous security requirements, including a NIAP specification for vetting mobile apps. Further, the DoD mandates NIAP compliance for unmanaged mobile systems.
“Mobile apps that comply with NIAP set a high security bar which protects the DoD and federal agencies, staff and the supply chain from attack,” said Andrew Hoog, co-founder of NowSecure. “Our successful SBIR partnership with the U.S. Air Force and the BESPIN team in conjunction with their innovative DevSecOps program extends our automated mobile app security testing platform with NIAP compliance capabilities to help drive faster testing that speeds ATO for massive mobilization across DoD and federal agencies.”
NIAP was originally designed for large web and infrastructure projects with long lifecycles where lengthy, human-driven NIAP compliance testing was reasonable to achieve Authority to Operate (ATO). But mobile apps tend to have fast and frequent release cycles on rapidly evolving platforms, requiring a faster automated approach to achieving NIAP compliance.To address these challenges, NowSecure has extended its automated mobile app security testing platform to enable rapid NIAP self-assessment to speed ATO and deploy critical mobile apps across federal agencies substantially faster and lower cost.
“Mobile apps are critical to enabling the Air Force to meet our mission around the world,” said Captain Michael Valentin, Air Force BESPIN Operations & Support Service Manager. “We are excited to partner with experts like NowSecure to bring automated mobile app security testing and NIAP compliance into our BESPIN program. This new capability can help the Air Force, DoD and federal agencies confidently unleash more widespread development and use of mobile apps. From the SBIR award a year ago to shipping product today, we are achieving our goals of moving fast with continuous innovation.”
The NowSecure NIAP Mobile App Vetting Solution tests for all 50+ requirements for mobile app vetting from the NIAP v1.3 Protection Profile for Application Software. The NowSecure Platform test engine uses automated static, dynamic and interactive analysis of Android and iOS mobile applications on real devices for deep, accurate and comprehensive testing in minutes. NowSecure includes a step-by-step interactive workflow for NIAP assessors to review and finalize results in a few hours. Finally, NowSecure automatically generates a detailed, high-quality report ready for ATO submission. The NowSecure NIAP Mobile App Vetting solution compresses months of complex testing and documentation into just a day or two of work at a dramatically lower cost.
The NowSecure NIAP Mobile App Vetting solution can be used in multiple ways:
- To test mobile apps developed by agencies, by suppliers, by integrators or downloaded from public sources including Apple App Store™ and Google Play™.
- To test as part of a DevSecOps mobile app development lifecycle, either on-demand or integrated into CI/CD pipelines to security test every build every day so that once development is completed, the NIAP assessor can complete their work even faster.
- To inventory the mobile app population via an existing MDM/EMM deployment and scan for NIAP compliance across the existing mobile app portfolio to provide greater visibility into agency-wide risk.
Located at Maxwell Air Force Base Gunter Annex in Alabama, BESPIN is an Air Force organization connecting government operations with developers from the private sector. The office uses an agile development methodology to quickly implement ideas that ultimately support the service and the Department of Defense.
Learn more about the new NowSecure NIAP Mobile App Vetting Solution here.
As the recognized experts in mobile security and privacy, NowSecure protects the global mobile app economy and safeguards the data of millions of mobile app users. Built on a foundation of standards, NowSecure empowers the world’s most demanding organizations with security automation to release and monetize 30% faster, reduce testing and delivery costs by 30% and reduce appsec risk by 40%. Only NowSecure offers a full solution suite of continuous security testing for DevSecOps, mobile app supply-chain monitoring, expert mobile pen testing as a Service (PTaaS) and training courseware. NowSecure actively contributes and supports the mobile security open-source community, standards and certification including OWASP MASVS, ADA MASA, NIAP and is recognized by IDC, Gartner, Deloitte Fast 500, and TAG Cyber.