NIST Releases Draft Guide for Employers Vetting Mobile Apps

August 23, 2014 in News

This week, the National Institute of Standards and Technology issued a draft guide designed to help organizations, including those in the health care industry, test for potential security vulnerabilities in mobile applications, Health Data Management reports.

NIST is soliciting comment on the guide through Sept. 18.

Draft Guide Details

The draft guide provides organizations with several tests they can use to identify and address security vulnerabilities in a product before they approve the app.

The guide warns that “individuals may be tracked without their knowledge by way of a calendar app, social media app, Wi-Fi sensor or other utilities that access a global positioning system” (Goedert, Health Data Management, 8/21).

Specifically, the guide details six key recommendations, including how organizations should:

  • Acknowledge and be prepared to address the security and privacy risks of mobile app technologies;
  • Train employees on mobile app security and privacy policies;
  • Vet all mobile apps and all updates to existing mobile apps;
  • Adopt a process for quickly vetting security-related mobile app updates;
  • Notify stakeholders about how vetting processes are designed to reduce risk by identifying and mitigating vulnerabilities, even though that risk cannot be completely nullified; and
  • Submit mobile app vetting results to a software analyst to review the findings within the context of the organization’s overall mission, security efforts and risk tolerance (NIST draft guide, 8/18).
Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://feedproxy.google.com/~r/Ihealthbeat/~3/UPzQuPFIt24/nist-releases-draft-guide-for-employers-vetting-mobile-apps

Be Sociable, Share!
Bookmark and Share

Leave a reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>