The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has recently released the final version of the NIST Cybersecurity Practice Guide SP 1800-13, Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders.
Public safety and first responder (PSFR) personnel require on-demand access to public safety data in order to provide proper support and emergency care. In order to access the necessary data, PSFR personnel are heavily reliant on mobile platforms. Through these platforms, PSFR personnel can access the personal and protected health information of patients and sensitive law enforcement information; however, in order to keep sensitive information secure and to prevent unauthorized access, strong authentication mechanisms are required.
Those authentication mechanisms are needed to keep data secure and to protect privacy, but they have potential to hinder PSFR personnel and get in the way of them providing emergency services. While authentication may only take a matter of seconds, any delay in providing emergency services can have grave consequences and may even be a matter of life and death.
The Cybersecurity Practice Guide was developed in collaboration with NIST’S Public Safety Communications Research lab and industry stakeholders and aims to help resolve authentication issues to ensure sensitive data remains private and confidential and PSFR personnel can rapidly gain access to the data they need via mobile devices and associated applications.
The guide includes a detailed example solution with capabilities to address risk with appropriate security controls, along with a demonstration of the approach using commercially available products. Instructions are also included for implementers and security engineers to help them integrate the solution into their organization’s enterprise and configure it in a way to achieve security goals with minimal impact on operational efficiency and expense.
“This practice guide describes a reference design for multifactor authentication and mobile single sign-on for native and web applications while improving interoperability among mobile platforms, applications, and identity providers, regardless of the application development platform used in their construction,” explained NCCoE.