The solution suite enables agencies to quickly access security threat reports, vulnerability information and SBOMs for commercial mobile app supply chain to support federal tracking and reporting mandates from EO, CISA OMB and DoD
CHICAGO – Jan. 31, 2023 — NowSecure, the recognized experts in mobile security and privacy, today announced NowSecure GovApp solution suite to help federal agencies ensure the mobile apps they use are compliant with upcoming federal mandates. Available exclusively to United States governmental agencies and authorized contractors, the NowSecure GovApp solution suite delivers proactive risk reports, threat assessments and mitigation recommendations to make the federal compliance process easy, efficient and cost effective, so agencies can meet their mandates on time. With over 15 years working with the public sector and employed experts with more than 30 years accumulated experience in federal and security clearance, NowSecure is uniquely positioned to help federal agencies meet compliance requirements of the upcoming federal mandates.
Four major U.S. mandates have upcoming deadlines in 2023 for federal agencies and their suppliers to ensure the mobile apps they use are compliant with the principles outlined including:
- CISA BOD 23-01 – Requires all federal agencies to track vulnerabilities in the iOS and Android mobile apps they use.
- OMB M-22-18 – Mandates that all federal agencies must self-attest mobile app SBOMs and ensure secure developer practices for all of their software supply chain, including mobile apps.
- DoD CMMC 2.0 – Provides a framework that includes cyber protection standards to protect the Defense Industrial Base (DIB) from damage by advanced persistent threats (APTs) including mobile apps.
- DoD NIST SP 800-171 – Provides proof of controls for secure data management & privacy including mobile apps.
Every U.S. federal agency uses commercial mobile apps from the Apple App Store™ and Google Play™ and now must track the vulnerabilities and SBOMs for all those mobile apps in key scenarios, including:
- Bring Your Own Devices (BYOD) that connect to a government network and include connected Bring Your Own Apps (BYOA)
- Commercial mobile apps that access, collect, transmit government data.
- Federal contractors developing or providing mobile apps to government agencies.
- Developers of commercial mobile apps sold to government agencies.
U.S. agencies need to ensure they meet all these mandates and deadlines, or otherwise risk non-compliance with federal regulations, leaving their agencies, employees and citizens at risk of a mobile app breach with potential national security ramifications.
“Software supply chain risk poses one of the biggest threats to national security today,” said NowSecure CEO Alan Snyder. “As deadlines approach for these mandates, it is imperative that federal agencies have a complete understanding of what the mobile apps they use are doing to ensure that they are fully compliant. Given the volume of mobile apps and the rate of change, manual testing is not remotely feasible due to time and cost limitations. The NowSecure GovApp solution suite offers an easy, on-demand and cost-effective solution that agencies need to comply with the various regulations about to take effect.”
NowSecure GovApp DB™ is an on-demand database of commercial mobile app risk reports and SBOMs for the most popular mobile apps utilized by the federal government. The NowSecure GovApp DB™ is built on an automated analysis engine and provides continuously updated reports that include mobile app metadata, risk scores, vulnerability and privacy data and compliance information plus SBOMs updated for each new mobile app release. Rather than manually testing every mobile app and each new mobile app release, security and compliance teams using NowSecure GovAppDB™ can automatically receive updated analysis every time the mobile app changes. These reports enumerate vulnerabilities such as unencrypted credentials UID/PWD, unencrypted data transmission, improperly stored sensitive data, trackable GEO location, insecure third-party libraries, insecure authentication and biometrics, disabled native mobile OS security APIs, weak cryptography and data transmission to nations of interest.
With NowSecure GovApp Threat Assessment Service, agencies can additionally receive expert threat analysis and consultation of the top mobile apps they specifically use across their work streams. The annual professional service pairs a federal agency with a NowSecure expert to inventory the top mobile apps deployed across all employee-connected and agency-owned devices and analyze them for mobile app supply chain risk and federal mandate compliance. Agencies will then receive comprehensive threat assessment documentation outlining the risk and compliance posture across their mobile portfolio with actionable recommendations to help meet vulnerability reporting requirements and supply chain management requirements, protecting mobile users and improving national security.
The NowSecure GovApp solution suite joins the industry’s only full suite of mobile app security solutions from NowSecure including NowSecure Platform for automated security testing, NowSecure Workstation kit for pen tester productivity, NowSecure Supply Chain Risk Management, NowSecure expert Mobile Pen Testing as a Service (PTaaS), and NowSecure Academy training courseware for dev and security teams. Built on a foundation of standards and automation, NowSecure empowers organizations to deliver the most secure mobile apps faster and continuously monitor their mobile app supply chains for risk at a lower cost. Dozens of federal agencies from the Department of Defense to the Department of Justice to the intelligence community entrust NowSecure to assess the security and privacy of mobile apps, train developers about secure coding, pinpoint risks in the mobile app supply chain and achieve NIAP compliance.
To learn more about how the NowSecure GovApp solution suite can ensure federal agencies are mandate compliant, sign up for a demo here. For a deeper dive, join us on February 16 at 11 AM EST for the Carahsoft Mobile Mandates: NowSecure GovApp Threat Assessment Service Webinar.
Aligned with this launch, NowSecure CEO Alan Snyder will participate in a panel at the 2023 Carahsoft National Cyber Innovation Forum in partnership with Microsoft and Forescout, where he will discuss securing software development and the software supply chain.
As recognized experts in mobile security and privacy, NowSecure protects the global mobile app economy and safeguards the data of millions of mobile app users. Built on a foundation of standards, NowSecure empowers the world’s most demanding organizations with security automation to release and monetize 30% faster, reduce testing and delivery costs by 30% and reduce appsec risk by 40%. Only NowSecure offers a full solution suite of continuous security testing for DevSecOps, mobile app supply-chain monitoring, expert mobile pen testing as a Service (PTaaS), and training courseware. NowSecure actively contributes and supports the mobile security open-source community, standards and certification including OWASP MASVS, ADA MASA, and NIAP, and is recognized by IDC, Gartner, Deloitte Fast 500, and TAG Cyber.