5 MAS - Industry Day - NIAP Briefing.pdf
Posted: June 23, 2016
• Type: .pdf
• Size: 0.76MB
Overview
Description
Mobile Application Security (MAS) Industry Day Slides and Q&A
Related Opportunity
Related Agency
Summary
Industry Day Presentation: Mobile Application Security (MAS) Industry Day Slides and Q&A
Key Information:
- The presentation focused on the importance of automating mobile application testing in accordance with CNSS Policy #11 and #7, which govern the acquisition of information assurance products for use in national security systems.
- The Mobile Access Capability Package (MACP) was discussed as a means to protect classified data in mobile access solutions transiting various networks.
- Requirements for CSFC components were outlined, emphasizing the need for certification against NIAP-approved protection profiles and compliance with NIST security controls.
- The presentation highlighted challenges faced by vendors in getting their products evaluated for certification, including time and cost constraints, and proposed solutions such as reducing evaluation costs through automation.
- Key takeaways included the necessity of automation for cost-effective evaluation of apps, the importance of industry collaboration, and the need for a single source of security requirements for government and industry stakeholders.
Key Information:
- The presentation focused on the importance of automating mobile application testing in accordance with CNSS Policy #11 and #7, which govern the acquisition of information assurance products for use in national security systems.
- The Mobile Access Capability Package (MACP) was discussed as a means to protect classified data in mobile access solutions transiting various networks.
- Requirements for CSFC components were outlined, emphasizing the need for certification against NIAP-approved protection profiles and compliance with NIST security controls.
- The presentation highlighted challenges faced by vendors in getting their products evaluated for certification, including time and cost constraints, and proposed solutions such as reducing evaluation costs through automation.
- Key takeaways included the necessity of automation for cost-effective evaluation of apps, the importance of industry collaboration, and the need for a single source of security requirements for government and industry stakeholders.
Show All