The DHA and the NSA recently announced the successful pilot run of their newest system, an automated tool designed to properly veto mobile applications to ensure they meet cybersecurity guidelines. The automated system was designed due to the fact that ensuring the security of mobile app development is made difficult due to the number of apps launched on a daily basis, some of which are of questionable origins or security.
The Homeland Security Department’s Science and Technology Directorate and the NSA’s National Information Assurance Partnership (NIAP), have been working on this development for a while now, while ensuring that productivity doesn’t get bottlenecked. The NIAP’s Protection Profile covers the project, as they handle the analysis of mobile app development and the certification of mobile apps.
On June 23, 2020, the two US agencies announced the successful testing of this new program, with Intelligent Waves’ Hypori app, a security app that handles personal device security for Android and Apple operating systems, especially when connecting to enterprise networks. The results of the testing were then verified by NIAP analysts, with additional checking conducted by the Leidos Common Criteria Testing.
They published a summary report on June 29 on the matter, which stated that the DHA and the NSA found the results of the new automated system promising, which demonstrated the practicality of automating a considerable part of the app software evaluation process, which would greatly help with improving efficiency, shortening veto times, and cutting down on costs. The report noted that additional analysis by the NSA’s experts concluded that most of the automated tests met their requirements, with a clearance rate of 87% for iOS and 64% for Android.
NIAP Director Mary Baish announced the results, saying that automated testing will do much to help the NIAP’s evaluations keep up with the mobile app development field, known for its rapid changes. Part of the testing even assessed the NIAP’s own evaluation process, which revealed that the NIAP’s processes aren’t always the most efficient.
S&T Mobile Security and Emergency Communications, or Mobile SEC, Program Manager Vincent Sritapan stated that the pilot’s results will do a lot to help lower the entry barrier for development by reducing the burden on agencies, and the NIAP PP Mobile App Vetting certification system.