Saturday, July 6, 2013

Federal mobile apps lack standard security processes


Agencies are creating separate processes and procedures to vet software tools that run on smartphones or tablet computers. But history has shown the lack of a governmentwide process leads to inconsistencies and extra costs.

Robert Palmer, the director of information assurance in the Information System Development Office at the Homeland Security Department, said the technology to test these apps exists, but no common criteria exists.

"What I'd like to see is alignment across the federal government around what are those criteria so we could potentially get to some kind of federal government app store," Palmer said Monday at the AFCEA Washington, D.C., chapter event in Arlington, Va. "The heavy lift is the distribution model. How do we get around the privacy problems? How do we get around the legal and terms of reimbursement and personal use concepts that we haven't gotten folks engaged on. That's really the key."

The obvious choice would be for the National Institute of Standards and Technology to create the governmentwide standard for securing mobile apps.

NIST is developing a new document to help agencies test the security of mobile software, but it's not a standard or guidance, said Tom Karygiannis, a computer scientist at the bureau.


No comments:

Post a Comment