Software Development

In search of a mobile app standard

Shutterstock image: mobile enterprise.

The CIO Council's Mobile Technology Tiger Team has released a set of criteria for federal agencies to vet mobile applications. The goal is to create more consistency among agencies in their vetting standards and enable industry to better meet agency needs by following a single standard for application development for federal customers.

Robert Palmer, acting deputy executive director of the Enterprise Systems Development Office at the Department of Homeland Security and co-chairman of the tiger team, made the announcement at the Federal Mobile Computing Summit in Washington on Feb. 18.

The criteria follow the National Institute of Standards and Technology's Special Publication 800-163, "Vetting the Security of Mobile Applications," which provides guidance for improving security for a mobile workforce.

"The vision is to have industry and government respond alike," Palmer said. "From my perspective, being a practitioner in [the DHS CIO's office], I would love to have a suite of tools that I could readily get to through whatever vehicle that I know meet this criteria."

The criteria were rolled out through the National Information Assurance Partnership, and the materials will be housed in the NIAP Protection Profiles. The group has been developing the technical aspects of the criteria for a year and a half and signed off on them last week.

"We have a situation where we're taking all of the great work done individually and collectively by federal agencies and industry, aligning it in terms of making sure the technical details are in sync and having a good home for sharing," Palmer said.

The Defense Department and DHS have taken the lead in adopting the criteria, with both agreeing to follow the guidelines, he added.

Palmer called the criteria a "solid start" while noting there was more work to do, some of which will be done by the tiger team and some of which will be based on feedback from agencies and industry.

Several industry days are planned to generate awareness of the new criteria, and the group also plans to publish the guidelines through the CIO Council.

The benefits will manifest themselves in the response from industry, Palmer said. Companies can streamline the process for adopting new applications by making tools that meet the criteria. In an environment where the number of applications is growing so rapidly, having industry work with one set of standards will save agencies time and money.

"When we write the guidelines, we like to talk to industry directly to make sure that what we recommend can actually be performed by industry," said Tom Karygiannis, an author of NIST's SP 800-163, at the event. "You don't want to create a guideline or requirement that no one can meet. I think when compared to what the state of practice is in industry, we've raised the bar a little bit and gave them a target to improve what they're doing now."

About the Author

Colby Hochmuth is a former staff writer for FCW.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.