Washington DC, April 27, 2020—NowSecure, the leading mobile app security and privacy software company, announced today the NowSecure NIAP Mobile App Vetting Software Solution to enable U.S. federal agencies, U.S. Department of Defense (DoD) and Service Providers to rapidly test for NIAP compliance to speed production deployments of critical mobile applications.
The National Information Assurance Partnership (NIAP) oversees the U.S. implementation of the Common Criteria for Information Technology Security Evaluation. Leveraging industry, government and academia, NIAP manages a U.S. national program for ensuring rigorous security requirements, including a NIAP specification for vetting mobile apps. Further, the DoD mandates NIAP compliance for unmanaged mobile systems.
“Mobile apps that comply with NIAP set a high security bar which protects the DoD and federal agencies, staff and the supply chain from attack,” said Andrew Hoog, co-founder of NowSecure. “Our successful SBIR partnership with the U.S. Air Force and the BESPIN team in conjunction with their innovative DevSecOps program extends our automated mobile app security testing platform with NIAP compliance capabilities to help drive faster testing that speeds ATO for massive mobilization across DoD and federal agencies.”
NIAP was originally designed for large web and infrastructure projects with long lifecycles where lengthy, human-driven NIAP compliance testing was reasonable to achieve Authority to Operate (ATO). But mobile apps tend to have fast and frequent release cycles on rapidly evolving platforms, requiring a faster automated approach to achieving NIAP compliance.To address these challenges, NowSecure has extended its automated mobile app security testing platform to enable rapid NIAP self-assessment to speed ATO and deploy critical mobile apps across federal agencies substantially faster and lower cost.
“Mobile apps are critical to enabling the Air Force to meet our mission around the world,” said Captain Michael Valentin, Air Force BESPIN Operations & Support Service Manager. “We are excited to partner with experts like NowSecure to bring automated mobile app security testing and NIAP compliance into our BESPIN program. This new capability can help the Air Force, DoD and federal agencies confidently unleash more widespread development and use of mobile apps. From the SBIR award a year ago to shipping product today, we are achieving our goals of moving fast with continuous innovation.”
The NowSecure NIAP Mobile App Vetting Solution tests for all 50+ requirements for mobile app vetting from the NIAP v1.3 Protection Profile for Application Software. The NowSecure Platform test engine uses automated static, dynamic and interactive analysis of Android and iOS mobile applications on real devices for deep, accurate and comprehensive testing in minutes. NowSecure includes a step-by-step interactive workflow for NIAP assessors to review and finalize results in a few hours. Finally, NowSecure automatically generates a detailed, high-quality report ready for ATO submission. The NowSecure NIAP Mobile App Vetting solution compresses months of complex testing and documentation into just a day or two of work at a dramatically lower cost.
The NowSecure NIAP Mobile App Vetting solution can be used in multiple ways:
- To test mobile apps developed by agencies, by suppliers, by integrators or downloaded from public sources including Apple App Store™ and Google Play™.
- To test as part of a DevSecOps mobile app development lifecycle, either on-demand or integrated into CI/CD pipelines to security test every build every day so that once development is completed, the NIAP assessor can complete their work even faster.
- To inventory the mobile app population via an existing MDM/EMM deployment and scan for NIAP compliance across the existing mobile app portfolio to provide greater visibility into agency-wide risk.
Located at Maxwell Air Force Base Gunter Annex in Alabama, BESPIN is an Air Force organization connecting government operations with developers from the private sector. The office uses an agile development methodology to quickly implement ideas that ultimately support the service and the Department of Defense.
Learn more about the new NowSecure NIAP Mobile App Vetting Solution here.
NowSecure is the standards-based mobile app security and privacy software company trusted by the world’s most demanding organizations and most advanced security teams. NowSecure protects millions of mobile app users across banking, insurance, high tech, IoT, retail, hospitality, energy and government sectors. Only NowSecure delivers fully automated mobile app security and privacy testing software, mobile supply chain risk monitoring, expert mobile pen testing services, mobile security training courseware with the depth, speed, accuracy, and efficiency to meet modern business demands. NowSecure provides standards-based compliance testing for OWASP, NIAP, GDPR, CCPA, FINRA, FISMA, ioXt and numerous industry regulatory standards. With more than a dozen years of mobile-first, mobile-only experience, NowSecure identifies the broadest array of security threats, compliance gaps, and privacy risks across the entire mobile app portfolio. As a trusted security expert, NowSecure was positioned as the worldwide leader in two 2019 IDC MarketScapes for Mobile Application Security Testing, Mobile DevSecOps Trailblazer by Gartner in 2020, Deloitte Fast500 Winner in 2020, and TAG Cyber Distinguished Vendor in 2021. www.nowsecure.com