The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has released the final version of a Cybersecurity Practice Guide for first responders.
The NIST Cybersecurity Practice Guide SP 1800-13, Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders (PSFRs) was developed in collaboration with industry stakeholders and NIST’s Public Safety Communications Research Lab.
To provide emergency care and support, PSFR personnel rely on mobile platforms to access public safety data. Among the data that PSFRs must access in the performance of their roles is personally identifiable information, law enforcement sensitive information, and protected health information.
The new Cybersecurity Practice Guide was created with the aim of resolving authentication issues so that sensitive data can be accessed by PSFRs both securely and quickly enough to prevent any delay in the provision of potentially life-saving care.
Public safety organizations can use the guide to define requirements for mobile application single sign-on (SSO) and multi-factor authentication (MFA) implementation and improve interoperability among mobile platforms, applications, and identity providers (IdPs).
Included in the guide is advice on how to enhance the efficiency of PSFRs by cutting down on the number of authentication steps, the time it takes to access critical data, and the number of credentials that must be managed.
“This practice guide describes a reference design for multi-factor authentication and mobile single sign-on for native and web applications while improving interoperability among mobile platforms, applications, and identity providers, regardless of the application development platform used in their construction,” said the NCCoE.
The products described in the NIST Cybersecurity Practice Guide are standards-based commercially available or open-source products.
In the guide, PSFRs are urged to be aware of the potential risks associated with using mobile platforms and applications.
The guide warns users that “complex passwords are harder to remember and input to IT systems” and that “mobile devices exacerbate this issue with small touchscreens that may not work with gloves or other PSFR equipment, and with three separate keyboards among which the user must switch.”