CSA Mobile Application Security Testing (MAST) Initiative

Similar documents
RESEARCH GOVERNANCE GUIDELINES

Bylaws of the College of Registered Nurses of British Columbia BYLAWS OF THE COLLEGE OF REGISTERED NURSES OF BRITISH COLUMBIA

DMTF Standards Incubation Process

National Syndromic Surveillance Program- Community of Practice Community Charter

NIA BY-LAWS NURSING INFORMATICS AUSTRALIA (NIA)

Ontario Quality Standards Committee Draft Terms of Reference

Work Health and Safety Committee Terms of Reference

Revision Date Description. National Council AGM Revisions 2018 Details of changes at rear of document O 08/04/2017

SUTTER MEDICAL CENTER, SACRAMENTO DEPARTMENT OF MEDICINE PULMONARY SECTION RULES AND REGULATIONS. 1. Must be a member of the Department of Medicine

Bylaws of the College of Registered Nurses of British Columbia. [bylaws in effect on October 14, 2009; proposed amendments, December 2009]

Primary Care Commissioning Committee. Terms of Reference. FINAL March 2015

Boy Scouts of America Troop 5 Potawatomi Area Council. By-Laws. Mission Statement

Northeast Power Coordinating Council, Inc. Regional Standard Processes Manual (RSPM)

PATHWAYS FOR STANDARDS DEVELOPMENT. Developing internationally aligned Australian Standards in the national interest

CEN Technical Committees Mode of operations

Student Nurses Association Bylaws

STUDENT AFFAIRS SUBCOMMITTEE

GEORGIA JAYCEE REBEL CORPS Revised May 5, 2017

EUROPEAN SOCIETY OF COLOPROCTOLOGY

Nepean Blue Mountains Primary Health Network GP Advisory Committee TERMS OF REFERENCE

CLINICAL GOVERNANCE AND QUALITY COMMITTEE. Final - Terms of Reference - Final

Commonwealth Nurses and Midwives Federation. Constitution

Northeast Power Coordinating Council, Inc. Regional Standards Process Manual (RSPM)

Technical Charter (the Charter ) for. ONAP Project a Series of LF Projects, LLC

Alliance for Nursing Informatics Operating Guidelines

Roles and Principles of Governance Agreement

Bylaws Of the University of Virginia Health System Professional Nursing Staff Organization

QUALITY COMMITTEE. Terms of Reference

Community Development Block Grant Citizen Participation Plan City of Richmond, California

MUSKOKA AND AREA HEALTH SYSTEM TRANSFORMATION COUNCIL TERMS OF REFERENCE

Australian Medical Council Limited

Q1: How does the Innovation Voucher Programme work? Q6: Do I have to be a client of Enterprise Ireland to apply?

Clinical Commissioning Group Governing Body Paper Summary Sheet For: PUBLIC session PRIVATE session. Date of Meeting: 24 March 2015

Governance and Institutional Development for the Public Innovation System

Subj: RESOURCES AND REQUIREMENTS REVIEW BOARD CHARTER

EMERGING LEADERS IN PUBLIC HEALTH APPLICATION PACKET. Application Packet COHORT III

Terms of Reference Approved 30 April 2015/ Revised 29 September 2016

Queenswood Educational Admissions Policy Visits Policy

DUQUESNE UNIVERSITY SCHOOL OF NURSING ALUMNI ASSOCIATION BYLAWS 8/9/16

[The section is subject to the publication of Scottish Government Guidance and ongoing discussions between the Parties]

This document describes the purpose and functions of University Health and Safety Committees.

UNITED NATIONS INDUSTRIAL DEVELOPMENT ORGANIZATION TERMS OF REFERENCE FOR PERSONNEL UNDER INDIVIDUAL SERVICE AGREEMENT (ISA)

Topical Peer Review 2017 Ageing Management of Nuclear Power Plants

Mission. History. Cleared for public release. SAF/PA Case Number

Brisbane North Mental Health Coordinating Structure. Options Paper. ConNetica Page 1 of 11

Rotary Club of Cupertino World Community Service Committee World Community Service Project Proposals

Field Operations Guide. National Organization Section Rules Section Conclave Section Training

Scouting Ireland National Council Elections Policy

Health Professions Act BYLAWS. Table of Contents

EUROPEAN FEDERATION OF NURSES ASSOCIATIONS (EFN) CONSTITUTION

WATER RESOURCES RESEARCH INSTITUTE (WRRI) OF THE UNIVERSITY OF NORTH CAROLINA URBAN WATER CONSORTIUM STORM WATER GROUP GROUP OPERATING PROCEDURES

ALICE Policy for Publications and Presentations

Section II 2010 NCSBN Annual Meeting

BYLAWS MARINE CORPS LEAGUE DEPARTMENT OF PENNSYLVANIA

The International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use. Rules of Procedure of the Assembly

STATE ROAD FUNDS TO LOCAL GOVERNMENT AGREEMENT 2011/ /16

TE WHARE O TOROA MARAE CHARTER

PACFA Organisational Structure Document. (Revised 2016)

Recruitment and Election of Trustees Policy

Department of Defense INSTRUCTION

Kitigan Zibi Health and Social Services Advisory Council

METHODOLOGY. Transparency. Conflicts of Interest. Multidisciplinary Steering Committee Composition. Evidence Review

Charter Department of Defense Military Family Readiness Council

Socio-economic Survey

Alumni Trustee Selection Policy

No. 1-35/IT/A & N /2009 Andaman and Nicobar Administration Information Technology *** PRESS NOTE

IRISH ASSOCIATION OF DIRECTORS OF NURSING AND MIDWIFERY. ARTICLES OF ASSOCIATION

Scientific Advisory Board Terms of Reference

National Health and Safety Function, Workplace Health and Wellbeing Unit, National HR Division. Guideline Document

ESTTP European Solar Thermal Technology Panel

Sponsor Facts About Applied Projects

Independent Group Advising (NHS Digital) on the Release of Data (IGARD)

Columbus and Franklin County Continuum of Care Governance and Policy Statements

PERSONNEL SECURITY CLEARANCES

ACTION BY UNANIMOUS WRITTEN CONSENT WITHOUT MEETING BY THE BOARD OF DIRECTORS OF OASIS OPEN

VIVO Project Charter v 1.1

Research Policy. Date of first issue: Version: 1.0 Date of version issue: 5 th January 2012

Guide to Assessment and Rating for Services

(AMENDMENT) REGULATION 2001

Ensuring our safeguarding arrangements act to help and protect adults TERMS OF REFERENCE AND GOVERNANCE ARRANGEMENTS

Technical Charter (the Charter ) for. Acumos AI Project a Series of LF Projects, LLC

ROYAL COLLEGE OF ART HEALTH AND SAFETY POLICY

Introduction to GRIP Governance for Railway Investment Projects

THE REPUBLIC OF BULGARIA THE COUNCIL OF MINISTERS. DECREE No. 121 dated May 31 st, 2007

NHS WOLVERHAMPTON CLINICAL COMMISSIONING GROUP CONSTITUTION

Chapter 4 THE SCOUT DISTRICT

TC 100 Guidelines and Procedures

British Association of Dermatologists

Draft Health Practitioner Regulation National Law Amendment Paramedic specific clauses

Salford Integrated Care System Governance Framework: Adult Health and Care Services FINAL

COMMISSION IMPLEMENTING DECISION. of

ANMF (VIC BRANCH) SPECIAL INTEREST GROUP BY-LAWS

Gritman Medical Center Auxiliary Moscow, Idaho BYLAWS PREAMBLE ARTICLE I NAME AND PURPOSE ARTICLE II MEMBERSHIP

Pamplin Standing Committees Definitions and Procedures

Charter United States Army Science Board

Regional Medicines Optimisation Committees

Business Practice for IT Project and Procurement Governance

Overview ICH GCP E6(R2) Integrated Addendum

Department of the Army. Intergovernmental and Intragovernmental Committee Management Program UNCLASSIFIED. Army Regulation 15 39

ACI AIRPORT SERVICE QUALITY (ASQ) SURVEY SERVICES

Transcription:

CSA Mobile Application Security Testing (MAST) Initiative Charter 16 February, 2015

INITIATIVE EXECUTIVE OVERVIEW Mobile Applications are becoming an integral part of not just modern enterprises but also of human existence and a huge part of this shift is due to the emergence of cloud computing. Cloud computing has allowed for the instantaneous utilization of applications which imparts tremendous agility to the enterprise. Accompanying such convenience are risk management challenges due to a lack of transparency, leading to security concerns that include applications. The initiative will aim to create a safer cloud eco system for mobile applications by creating systematic approaches to application testing and vetting that helps integrate and introduce quality control and compliance to mobile application development and management. The initiative hopes that more research into mobile application security vetting and testing will help reduce the risk and security threats that organizations and individuals expose themselves to by using mobile applications. Initiative objectives Specific fields of action of the initiative could include: To develop a whitepaper for vetting and certification scheme based off the NIST Special Publication 800 163: Vetting the Security of Mobile Applications ; To develop a certification scheme for mobile application security with a maturity model; To develop a vetting scheme (i.e. approval rejection basis) for mobile applications; To develop resources for addressing potential security issues or an incident during certification period. Scope The app security testing and vetting process uses both static and dynamic analysis to analyse the application. The testing and vetting process covers permissions, exposed communications, potentially dangerous functionality, application collusion, obfuscation, excessive power consumption and traditional software vulnerabilities. The testing covers the internal communications such as debug flag and activities and external communication such as GPS, NFC access as well as checking the links that is written in the source code. In addition to security testing and vetting, the project will also develop processes and procedures for security incidence response. Copyright 2015 Cloud Security Alliance. All rights reserved. 1

Initiative Membership Structure and Responsibilities The MAST Initiative is structured as follows: two co chairs (and their alternates) working group members a representative of the CSA / subject matter expert a representative of the CSA / OCF Secretariat Only CSA Corporate Members are eligible for the role of co chairs. If a corporate member is not available for nomination or an individual with a unique skill set is required, an exception can be filed for non member nominees by contacting exec@cloudsecurityalliance.org. The role of MAST co chairs entails the following responsibilities: Define the work plan for each year (e.g., meetings and expected deliverables) Ensure progress of work according to the work plan Report to the CSA Executive Team on execution risks and suggest possible solutions Convene meetings when necessary and act as Chairperson of MAST Initiative. Lead the preparation of draft deliverables, or identify a suitable person within the MAST Initiative who will take the role of main editor/rapporteur of the deliverable Ensure that guidance provided in the current MAST Initiative charter is followed Ensure that relevant documents are circulated to MAST Initiative members The role of CSA Subject Matter Expert(s) entails the following responsibilities: Can be either a CSA Staff member or an expert nominated by the CSA Provide subject matter expertise, in the forms of contribution to deliverables and advice to the MAST Initiative co chairs The role of CSA Secretariat entails the following responsibilities: Will be a CSA Staff member Provide secretariat and project management support to the co chairs (e.g. create the virtual shared workspace, manage the mailing list, collect input from members, assist the preparation of the work plan, arrange for logistics of both virtual and physical meetings, support meeting minutes preparation, etc.) Copyright 2015 Cloud Security Alliance. All rights reserved. 2

The role of MAST Initiative Members entails the following responsibilities: Contribute to the definition of the work plan Contribute to the definition of the FSSP deliverables Sub-Work Groups Ad hoc sub work groups comprised of subject matter experts may be formed to plan or execute any related outreach, awareness or research opportunities. Such sub working groups shall report directly to the main working group. The initiative may also choose to allow resource sharing between cloud communities and other CSA working groups to assist in the timely completion of projects, programs and other activities needed to support/enable the initiative s defined body of work. Communications Methods Infrastructure & Resource Requirements The initiative will be composed of CSA volunteers; it will have a steering committee and co chairs. The initiative will require typical project management, online workspace and technical writing assistance. Work Group Conference Calls and In-person Meetings Th e initiative w ill hold conference calls no less than bi monthly. Attendance by the Principal or Alternate is required. The Alternate must have full authority to act on behalf of the Principal if the Principal is absent. In person meetings will happen once a year in a location to be determined. Decision-making Procedures Definition of a majority 1) A majority shall consist of more than half of the members present and voting. 2) In computing a majority, members abstaining shall not be taken into account. 3) In case of a tie, a proposal or amendment shall be considered rejected. 4) For the purpose under this Charter, a member present and voting shall be a member voting for or against a proposal, including proxy representative. Proxy where authority is delegated through a written statement or non repudiated email should be declared and inspected for validity by the chair before voting starts. Abstentions of more than fifty percent Copyright 2015 Cloud Security Alliance. All rights reserved. 3

1) When the number of abstentions exceeds half the number of votes cast (for, against, abstentions), consideration of the matter under discussion shall be postponed to a later meeting, at which time abstentions shall not be taken into account. Voting procedures 1) The voting procedures are as follows: a) By a show of hands as a general rule unless a secret ballot has been requested; if at least two members, present and entitled to vote, so request before the beginning of the vote and if a secret ballot under b) has not been requested, or if the procedure under a) shows no clear majority b) By a secret ballot, if at least five of the members present and entitled to vote so request before the beginning of the vote (online voting is applicable) 2) The Chair(s) shall, before commencing a vote, observe any request as to the manner in which the voting shall be conducted, and then shall formally announce the voting procedure to be applied and the issue to be submitted to the vote. The Chair(s) shall then declare the beginning of the vote and, when the vote has been taken, shall announce the results. 3) In the case of a secret ballot, the secretariat shall at once take steps to ensure the secrecy of the vote. Operations Advisory The CSA Working Group will be advised by the CSA Subject Matter Expert (SME) Advisory Council, International Standardization Council (ISC), and CSA Executive Team to ensure that the research under this initiative is within the scope of the CSA and aligns with other industry partner research. The research will remain unique to industry and make reference to any redundant or replicated works. Research Lifecycle The CSA Working Group will follow the development of the CSA research lifecycle for all projects and initiatives: https://downloads.cloudsecurityalliance.org/initiatives/general/csa_research_lifecycle_final.pdf Peer Review / We will seek CSA s help in reaching out to peers for reviewing our charter and other documented activities of the initiative. Deliverables/Activities Q1 2015 o Deliverables: Charter Copyright 2015 Cloud Security Alliance. All rights reserved. 4

Q2 2015 o Deliverables: Project plan Q3 2015 Q4 2015 o Deliverables: MAST Whitepaper Draft 1.0 o Activities: MAST Whitepaper Open Peer Review Q1 2016 o Deliverables: MAST Whitepaper Draft 2.0, STAR Mobile Certification Framework Charter o Activities: MAST Whitepaper Open Peer Review Q2 2016 o Deliverable: MAST pilot kick off, STAR Mobile Certification Framework Draft 1.0 Q3 2016 Q4 2016 o Deliverables: End of MAST pilot, STAR Mobile Certification Framework Draft 2.0 Q1 2017 o Activities: STAR Mobile Certification Framework Open Peer Review Q2 2017 o Deliverables: Release of STAR Mobile Certification Framework Duration The initiative will operate until Q2 2017 for its chartered deliverables, and at that time consider charter renewal. Charter Revision History Feb 2015 Mar 2016 Copyright 2015 Cloud Security Alliance. All rights reserved. 5

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback