Viaforensics, LLC SBIR Phase II Award, October 2019

viaForensics will enhance the automated security testing of NIAP-based criteria, and streamline NIAP evaluation workflow, providing developers, security teams and evaluators the necessary context to assess and achieve compliance. The NIAP evaluator reporting workflow will accelerate the evaluation process with security findings in-context, coupled with evaluator guidance, and entry points for assertions, list assignments, notes and Pass/Fail rating. Additionally, we will develop two mobile apps (iOS and Android) and a corresponding containerized API backend. The mobile apps and APIs will purposefully fail multiple NIAP requirements, to aid in validating automated NIAP tests and in educating USAF developers on secure mobile app development. Finally, we will enhance integration of custom app security reviews into a mobile device management (MDM) system. The combination of automated NIAP security tests and evaluator workflow will enable development teams to address security issues during the development process and significantly reduce the time and effort involved for security teams to vet the mobile apps. Authorizing officials will have the confidence to approve and push updated mobile apps to deployed devices quickly, supporting the warfighter through mobility.