Mobile Application Security

Mobile Application Security assures that user-requested or agency developed mobile applications fully and always meet agency security requirements.

Digital lock

Mobile application security covers a wide range of services:

  • Voice and data communications;
  • Email, calendar, web browsing, contacts;
  • Mission-specific information and applications;
  • Government and agency-specific applications; and
  • Personal information.

Mobile device computing power and storage, networking capabilities, and sensory features can enable numerous privacy and security risks for an agency including:

  • Compromised data storage or transmission;
  • Malware that can read or modify sensitive data;
  • Changes to the system or application;
  • PII collected either from a device or from the public;
  • SQL injections; and
  • Unapproved access to information or resources.

Mobile Application Playbook

Mobile application security begins with the design of the application and continues through its useful life. The Mobile Application Playbook [PDF - 2.78 MB] can guide you through the process.

Also, the Department of Homeland Security (DHS) has submitted a report to Congress that details current and emerging threats to the federal government’s use of mobile devices and recommends security upgrades to the mobile device ecosystem. Learn more about the DHS Study on Mobile Device Security.

Contractor Listings

  • Mobile Application Vetting
    Includes software, processes, and tools required to test, validate, and verify mobile apps against a baseline of security, privacy, and organization-specific requirements and policies.

  • Mobile Threat Protection (MTP)
    Solutions and services that monitor the mobile endpoint in real-time to find mobile threats that may compromise the mobile endpoint, mobile applications, or data residing on the device that are not addressed by EMM/MDM or App Vetting.

  • Mobile Identity Management
    Mobile Identity Management is a set of free products and solutions that issue and maintain certificates, which may include Derived PIV Credential usage.

Industry partners who would like to be added should complete the Modification Checklist.

Last Reviewed: 2020-11-18