SBIR-STTR Award

We propose enhancement to our commercially available NowSecure automated mobile app vetting software to support Department of Defense (DoD) security vetting requirements, notably the NIAP Protection Profile for Application Software Version 1.2. By leveraging the automation of our platform and tailoring it for DoD-specific requirements, we can significantly streamline the mobile app certification process, thereby equipping our modern and mobile war fighter with critical and timely information which ultimately enhances effectiveness and operational advantage. Automating cyber security compliance and processes,mobile app security testing, NIAP compliance,eMASS integration

viaForensics will enhance the automated security testing of NIAP-based criteria, and streamline NIAP evaluation workflow, providing developers, security teams and evaluators the necessary context to assess and achieve compliance. The NIAP evaluator reporting workflow will accelerate the evaluation process with security findings in-context, coupled with evaluator guidance, and entry points for assertions, list assignments, notes and Pass/Fail rating. Additionally, we will develop two mobile apps (iOS and Android) and a corresponding containerized API backend. The mobile apps and APIs will purposefully fail multiple NIAP requirements, to aid in validating automated NIAP tests and in educating USAF developers on secure mobile app development. Finally, we will enhance integration of custom app security reviews into a mobile device management (MDM) system. The combination of automated NIAP security tests and evaluator workflow will enable development teams to address security issues during the development process and significantly reduce the time and effort involved for security teams to vet the mobile apps. Authorizing officials will have the confidence to approve and push updated mobile apps to deployed devices quickly, supporting the warfighter through mobility.