The ICT security guidelines for mobile apps from the National Cyber Security Center (NCSC) provide guidance on how to more securely develop, manage and provide apps for mobile devices.
These guidelines were developed based on the SSD standards framework for mobile apps from the Center for Information Security and Privacy Protection (CIP). In this collaboration, the NCSC guidelines and CIP standards have been harmonized with each other so that both editions are identical in content.
The ICT security guidelines for mobile apps are categorized according to the SIVA framework, thus aligning with the classification of the ICT security guidelines for Web applications. The SIVA framework describes three domains for which guidelines are described:
Policy
Implementation domain
Management domain
For the guidelines for mobile apps, only the implementation domain is given. The policy and control domains from the web application guidelines also apply to mobile apps. The NCSC publishes the policy and control domains for secure software development as a separate product in an application-independent written form.
If the server side of the mobile app is a Web application, then the mobile app guidelines can be seamlessly incorporated as a fifth layer of research into the execution domain of the Web application guidelines. Therein, the policy and control domains apply overarchingly across the entire application system.
source: NCSC
ICT-security-guidelines-for-mobile-apps
