On April 29, the Cyber Division of the Department of Homeland Security issued Binding Operational Directive 19-02. A binding operational directive is a compulsory direction to federal, executive branch, departments and agencies for purposes of safeguarding federal information and information systems.
Binding Operational Directive 19-02 outlines the “Vulnerability Remediation Requirements for Internet-Accessible Systems”. Derek Johnson noted in GNC that the directive cuts in half the time agencies have to patch vulnerabilities — from 30 days of being detected to 15. It also compels all civilian agencies to review DHS’ weekly cyber hygiene reports that identify both critical and high vulnerabilities and patch them within 15 and 30 calendar days of being detected, not when agencies are first informed about them. As a justification for the change, the directive notes that “recent reports from government and industry partners indicate that the average time between discovery and exploitation of a vulnerability is decreasing as today’s adversaries are more skilled, persistent, and able to exploit known vulnerabilities.”
This new federal standard is an indication that organizations need to react quickly when new vulnerabilities are discovered.
Deploy Mobile Security Patches instantly
I started my software career in product management. Product managers live by MRDs, PRDs, and roadmaps. Release schedules are followed meticulously and drive all go-to-market and product marketing activities. When vulnerabilities are found, especially towards the end of the development process, they throw a wrench in the release schedule.
Appdome allows any organization to run product development and security implementations in parallel without having them impact each other.
Security can easily implement the latest mobile security version to any mobile app, at any time during the development cycle, without having to send the app back upstream to product and engineering to rebuild everything and impacting the entire schedule.
Similarly, once mobile apps are released into production, SecOps teams can respond immediately to newly discovered vulnerabilities, without impacting the development schedule.
As a best practice, organizations should integrate Appdome in their mobile development process. Appdome-DEV’s CI/CD integration makes this process seamless. As a result, mobile apps will always be protected with the world’s most comprehensive security suite. Build-by-build, release-by-release.
Recommendations for Federal and Executive Branch Departments and Agencies.
Appdome’s Mobile Security Suite already protects all Android and iOS apps from all vectors of attack. The Appdome engineering team adds protection against any newly identified security risk or vulnerability in its current release cadence. As a result, any department or agency can trust Appdome as its partner to comply with Binding Operational Directive 19-02 and deploy mobile security patches fast.
Appdome is the only vendor publicly endorsed by the United States Department of Defense (DOD) for securing the US Navy’s mobile app projects for 2.5M sailors that make up the Navy.
Appdome is only the only solution that enables government agencies, vendors and contracts to implement FIPS 140-2 Encryption to mobile apps without code or coding.
Contact the Appdome Federal Team today at firstname.lastname@example.org for more information.
Thanks for reading! This blog is part of a series focused on Mobile Security Basics, which is appropriate for readers of any level looking to increase their overall mobile security knowledge.