The suite of solutions enables agencies to access security threat reports, vulnerability intelligence, and SBOMs for the mobile application supply chain to support federal EO tracking and reporting mandates, CISA, OMB and DoD
CHICAGO –News Direct– NowSecure
Now securerecognized experts in mobile security and privacy, today announced the NowSecure GovApp Solution Suite to help federal agencies ensure the mobile apps they use comply with upcoming federal mandates. Available exclusively to US government agencies and authorized contractors, the NowSecure GovApp suite of solutions provides proactive risk reporting, threat assessments, and mitigation recommendations to make the federal compliance process simple, efficient, and cost-effective. , so that the agencies can fulfill their mandates on time. With over 15 years of working with the public sector and employed experts with over 30 years of accumulated experience in federal and security clearances, NowSecure is uniquely positioned to help federal agencies meet warrant compliance requirements. upcoming federal.
Four major U.S. mandates have deadlines coming up in 2023 for federal agencies and their vendors to ensure the mobile apps they use comply with the stated principles, including:
-
LPCC CA 23-01 – Requires all federal agencies to track vulnerabilities in the iOS and Android mobile apps they use.
-
CAMO M-22-18 – Mandates that all federal agencies must self-certify mobile application SBOMs and ensure secure development practices for their entire software supply chain, including mobile applications.
-
DoD CMMC 2.0 – Provides a framework that includes cyber protection standards to protect the Defense Industrial Base (DIB) against damage from Advanced Persistent Threats (APTs), including mobile applications.
-
DoD SP NIST 800-171 – Provides proof of control for secure data management and privacy, including mobile apps.
Every US federal agency uses commercial mobile apps from the Apple App Store™ and Google Play™ and must now track vulnerabilities and SBOMs for all of these mobile apps in key scenarios, including:
-
Bring your own devices (BYOD) that connect to a government network and include connected Bring Your Own Apps (BYOA) apps.
-
Commercial mobile applications that access, collect and transmit government data.
-
Federal contractors developing or providing mobile applications to government agencies.
-
Developers of commercial mobile applications sold to government agencies.
U.S. agencies must ensure they meet all of these mandates and deadlines or risk failing to comply with federal regulations, leaving their agencies, employees, and citizens at risk of a mobile app breach with potential ramifications for national security.
“Software supply chain risk poses one of the greatest threats to national security today,” said Alan Snyder, CEO of NowSecure. “As the deadlines for these mandates approach, it is imperative that federal agencies have a full understanding of what the mobile apps they use are doing to ensure they are fully compliant. Given the volume of mobile applications and the rate of change, manual testing is not feasible remotely due to time and cost constraints. The NowSecure GovApp solution suite offers a simple, on-demand and cost-effective solution that agencies need to comply with the various regulations that are about to come into force.
NowSecure GovApp DB™ is an on-demand database of commercial mobile app risk and SBOM reporting for the most popular mobile apps used by the federal government. The NowSecure GovApp DB™ is based on an automated scanning engine and provides continuously updated reports that include mobile app metadata, vulnerability and privacy data, risk scores and compliance information as well as SBOM updated for each new version of mobile app. Rather than manually testing every mobile app and new mobile app release, security and compliance teams using NowSecure GovAppDB™ can automatically receive updated analysis whenever the mobile app changes. These reports list vulnerabilities such as unencrypted UID/PWD credentials, unencrypted data transmission, improperly stored sensitive data, traceable GEO location, insecure 3rd party libraries, insecure authentication and biometrics , mobile OS native security APIs disabled, cryptography and weak data transmission to nations. of interest.
With NowSecure GovApp Threat Assessment Service, agencies can additionally receive expert threat analysis and consultation of the top mobile apps they specifically use in their workflows. Annual Professional Service pairs a federal agency with a NowSecure expert to catalog the best mobile apps deployed on all agency-owned, employee-connected devices and scan them for mobile app supply chain risks and compliance to the federal mandate. Agencies will then receive comprehensive threat assessment documentation outlining the risk and compliance posture in their mobile wallet with practical recommendations to help meet vulnerability reporting requirements and supply chain management requirements. , protecting mobile users and improving national security.
The NowSecure GovApp suite of solutions joins NowSecure’s only comprehensive suite of mobile app security solutions, including NowSecure Platform for automated security testing, NowSecure Workstation pen tester productivity kit, NowSecure Supply Chain Risk Management, Expert NowSecure Mobile Pen Testing as a Service (PTaaS)and NowSecure Academy training tutorials for development and security teams. Built on a foundation of standards and automation, NowSecure enables organizations to deliver the most secure mobile apps faster and continuously monitor risk in their mobile app supply chains at lower cost. Dozens of federal agencies from the Department of Defense to the Department of Justice to the Intelligence Community, trust NowSecure to assess the security and privacy of mobile applications, train developers in secure coding, identify risks in the supply chain of mobile applications and achieve NIAP compliance.
To learn more about how the NowSecure GovApp suite of solutions can ensure federal agencies are in compliance with the mandate, register for a demo here. For a deeper dive, join us Feb. 16 at 11 a.m. EST for the Carahsoft Mobile Warrants: NowSecure GovApp Threat Assessment Service Webinar.
In conjunction with this launch, NowSecure CEO Alan Snyder will participate in a panel at Carahsoft National Cybersecurity Innovation Forum 2023 in partnership with Microsoft and Forescout, where he will discuss securing software development and the software supply chain.
About NowSecure:
As recognized experts in mobile security and privacy, Now secure protects the global mobile app economy and protects the data of millions of mobile app users. Built on a foundation of standards, NowSecure enables the world’s most demanding private and public sector organizations to automate security to release and monetize 30% faster, reduce testing and delivery costs by 30%, and reduce risk appsec by 40%. Only NowSecure offers a full suite of solutions for continuous security testing for DevSecOps, mobile app supply chain monitoring, expert mobile pen testing as a service (PTaaS), and training courseware. NowSecure actively contributes and supports the mobile security open source community, standards and certification including OWASP MASVS, ADA MASA, NIAP and is recognized by IDC, Gartner, Deloitte Fast 500 and TAG Cyber.
Contact details
Hannah LaCorte
+1 202-240-7611
press@nowsecure.com
Company Website
See source version at newsdirect.com: https://newsdirect.com/news/nowsecure-launches-govappdb-and-threat-assessment-service-to-support-federal-mandates-for-mobile-security-and-privacy – 991905972