First responders need all the help they can get and that is why there is a new practice guide available.
Published by the National Cybersecurity Center of Excellence (NCCoE), the practice guide, “Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders,” provides first responders with an efficient and secure means to access information from portable devices.
Today, public safety first responders (PSFR) use a variety of tools to assist in their mission, including smartphones, tablets, or laptops that are configured with applications to access local, state, and federal information resources.
To be most effective, the device must have the means to ensure the right person has the right information at the right time. Complete situational awareness is paramount in a first responder’s success. Whether it be a police officer, a firefighter, or an EMT, having quick access to accurate information is an absolute necessity. The challenge with making that information readily available is it must also be protected from unauthorized access.
To solve the challenge of securely providing on-demand information access, the NCCoE collaborated with industry and technology providers to combine off-the-shelf technologies, widely accepted industry standards, and the tactical expertise of Public Safety Organizations (PSOs).
The result is NIST Special Publication 1800-13, “Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders.” This guide approaches security and efficiency from four angles: Multifactor authentication (MFA), single sign-on (SSO), identity federation, and well-established standards.
MFA helps secure information by requiring a user to prove his or her identity in at least two different ways, like a fingerprint and a password.
SSO helps expedite information access by not requiring a PSFR to log in each time when accessing an application — in some cases, logging in only once at the beginning of a shift.
Identity federation allows access to multiple applications across jurisdictional boundaries and in the cloud.
By ensuring that all architecture components adhere to established standards, other technologies that also follow those standards become interoperable with the NCCoE example solution.
PSOs, or other organizations that need immediate access to important information, can use this example solution as a whole, in parts, or as a starting point to customize their own solution.
This practice guide can help organizations:
• Define requirements for mobile application SSO, federation, and MFA implementation
• Improve function between mobile platforms, applications, and identity providers regardless of who built the app (as long as they use the same well-accepted standards)
• Improve the efficiency of PSFRs by reducing the number of login steps, the time needed to get access to critical data, and the number of credentials (like passwords) that need to be managed
• Support a multitude of credentials, enabling PSOs to choose an authentication solution that best meets their own needs