NCCoE Practice Guide Demonstrates How to Improve Authentication in a Fast-Paced Environment
The National Cybersecurity Center of Excellence’s (NCCoE’s) most recent practice guide, Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders, aims to provide first responders with an efficient and secure means to access information from portable devices.
Today public safety first responders (PSFR) use a variety of tools to assist in their mission to protect life and property. These tools may include smartphones, tablets, or laptops that are configured with applications to access local, state, and federal information resources. To be most effective, the device must have the means to ensure that the right person has the right information at the right time. Complete situational awareness is paramount in a first responder’s success. Whether it be a police officer, a firefighter, or an EMT, having quick access to accurate information is an absolute necessity. The challenge with making that information readily available is that it must also be protected from unauthorized access.
To solve the challenge of securely providing on-demand information access, the NCCoE collaborated with industry and technology providers to combine off-the-shelf technologies, widely accepted industry standards, and the tactical expertise of Public Safety Organizations (PSOs). The result is documented in NIST Special Publication 1800-13, Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders. This guide approaches security and efficiency from four angles: multifactor authentication (MFA), single sign-on (SSO), identity federation, and well-established standards.
The first, MFA, helps secure information by requiring a user to prove his or her identity in at least two different ways, like a fingerprint and a password. SSO helps expedite information access by not requiring a PSFR to log in each time when accessing an application—in some cases, logging in only once at the beginning of a shift. Identity federation allows access to multiple applications across jurisdictional boundaries and in the cloud. By ensuring that all architecture components adhere to established standards, other technologies that also follow those standards become interoperable with the NCCoE example solution.
PSOs, or other organizations that need immediate access to important information, can use this example solution as a whole, in parts, or as a starting point to customize their own solution.
This practice guide can help organizations:
- define requirements for mobile application SSO, federation, and MFA implementation
- improve function between mobile platforms, applications, and identity providers regardless of who built the app (as long as they use the same well-accepted standards)
- improve the efficiency of PSFRs by reducing the number of login steps, the time needed to get access to critical data, and the number of credentials (like passwords) that need to be managed
- support a multitude of credentials, enabling PSOs to choose an authentication solution that best meets their own needs
To download the document, visit the project page. We would appreciate your feedback on this draft guide—the approach, the architecture, and possible alternatives. The comment period is open through June 18, 2018. Submit comments online or via email to firstname.lastname@example.org.