Improving Authentication in a Fast-Paced Environment
The National Cybersecurity Center of Excellence (NCCoE) has just released a draft of National Institute of Standards and Technology (NIST) Special Publication 1800-13, Mobile Application Single Sign-On: Improving Authentication for Public Safety and First Responders. This draft practice guide will be available for public comment through June 18, 2018.
About This Guide
On-demand access to public safety data is critical to ensuring that public safety and first responder (PSFR) personnel can protect life and property during an emergency. Gaining quick access to information in the field requires heavy reliance on mobile platforms, which might be used to access sensitive information such as personally identifiable information, law enforcement sensitive information, and protected health information. Securing that data is a high priority; however, complex login requirements can slow the process of providing emergency services, and any delay—even seconds—can sometimes become a matter of life or death.
In collaboration with stakeholders, the NCCoE aims to help PSFR personnel efficiently and securely gain access to their mission-critical data via mobile devices and applications.
This guide illustrates a method for public safety organizations to deploy efficient and interoperable multifactor authentication and single sign-on tools to protect access to sensitive information while meeting the demands of an operational environment that relies on rapid response.
Our standards-based example solution uses commercially available products and can be used in whole or in part. It can also be used as a reference to help an organization design its own, custom solution.
How can you help?
The full draft practice guide is freely available to download or to view online.
We would appreciate your feedback on this draft guide—the approach, the architecture, and possible alternatives.
The comment period is open through June 18, 2018. Submit comments online or via email to psfr-nccoe@nist.gov. Comments can be submitted anonymously.
Learn More at RSA
Bill Fisher, lead engineer on the NCCoE’s Mobile Application Single Sign-On project, is in San Francisco this week at the RSA Conference. He will be demonstrating this solution at the NIST booth and at some of our collaborators’ booths. Bill is also presenting “Improving Mobile Authentication for Public Safety and First Responders” on Thursday at the conference. Learn more on the NCCoE Events web page.
We look forward to hearing from you about this practice guide,
The NCCoE Team