Public Safety/First Responder Sector

In the United States, over 10,000 jurisdictions, from townships and cities to counties and states, employ public safety personnel to respond to emergency situations. These first responders treat life-threatening injuries, keep natural disasters at bay, and combat terrorism. To perform these duties, emergency responders must undergo unique training, utilize specialized equipment, and access a variety of information systems. The NCCoE's Public Safety and First Responder (PSFR) program is working with the first responder community to implement standards-based solutions to make public safety systems resilient against attack and to ensure immediate access to critical assets during incident response.

Modernizing ICAM Capabilities

Technology is providing public safety organizations (PSOs) with new opportunities, such as improving their information sharing capabilities. PSOs need to ensure that their adoption of technology doesn’t hinder their ability to protect life and property. A major area where technology can help is identity, credential, and access management (ICAM). Working in a joint partnership with the Public Safety Communications Research (PSCR) Division at NIST, the NCCoE has been focusing on research and guidance in three critical topics in ICAM:

Biometric authentication is “automated recognition of individuals based on their biological and behavioral characteristics.” [NIST SP 800-63-3] Many PSOs are adopting mobile devices, such as smartphones and tablets, to enable field access to sensitive information for first responders. Most recent mobile devices support one or more forms of biometrics for authenticating users. Draft NISTIR 8334, Using Mobile Device Biometrics for Authenticating First Responders examines how first responders could use mobile device biometrics in an authentication system and what challenges they may face in deploying these systems. PSOs considering using biometrics for authenticating first responders are encouraged to use the guidelines in this NISTIR. Please download, read, and comment on our new draft report.

Identity federation is “a process that allows the conveyance of identity and authentication information across a set of networked systems.” [NIST SP 800-63-3] Identity federation technologies can help PSOs to share information with each other more easily while also protecting that data from unauthorized access. Identity federation technologies can also help PSOs transition services to the cloud and facilitate the use of mobile devices such as smartphones. Draft NISTIR 8336, Background on Identity Federation Technologies for the Public Safety Community is intended to aid the public safety community in adopting identity federation technologies. PSOs considering these technologies are encouraged to use the guidelines in this NISTIR. Please download, read, and comment on our new draft report.

Identity as a service (IDaaS) is when a company offers ICAM services to customers through a software-as-a-service (SaaS) cloud-service model. PSOs could potentially reduce costs and adopt new standards and authenticators more easily by using IDaaS to provide authentication services for their own applications. This would allow PSOs to offload some or most of their authentication responsibilities to the IDaaS provider. Draft NISTIR 8335, Identity as a Service for Public Safety Organizations informs PSOs about IDaaS and how they can benefit from it. It also lists questions that PSOs can ask IDaaS providers when evaluating their services to ensure the PSOs’ authentication needs are met and the risk associated with authentication is mitigated properly. PSOs considering IDaaS usage are encouraged to use this NISTIR. Please download, read, and comment on our new draft report.

Mobile Application Single Sign-On

First responders increasingly need on-demand access to sensitive public safety information from mobile devices. This requires robust and reliable mobile device authentication mechanisms that do not hinder delivery of emergency services. This guide describes how public safety organizations can implement single sign-on capabilities for public safety personnel, use identity federation to authenticate personnel across organization boundaries, and enable multifactor authentication with a high level of assurance. Please download our practice guide