Description
Mobile Application Security (MAS) Industry Day Slides and Q&A
Summary
Industry Day Presentation: Mobile Application Security (MAS) Industry Day Slides and Q&A
Key Information:
- The presentation focused on the importance of automating mobile application testing in accordance with CNSS Policy #11 and #7, which govern the acquisition of information assurance products for use in national security systems.
- The Mobile Access Capability Package (MACP) was discussed as a means to protect classified data in mobile access solutions transiting various networks.
- Requirements for CSFC components were outlined, emphasizing the need for certification against NIAP-approved protection profiles and compliance with NIST security controls.
- The presentation highlighted challenges faced by vendors in getting their products evaluated for certification, including time and cost constraints, and proposed solutions such as reducing evaluation costs through automation.
- Key takeaways included the necessity of automation for cost-effective evaluation of apps, the importance of industry collaboration, and the need for a single source of security requirements for government and industry stakeholders.