HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

NCCoE Releases Final Cybersecurity Practice Guide on Mobile Application Single Sign-On for First Responders

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has recently released the final version of the NIST Cybersecurity Practice Guide SP 1800-13, Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders.

Public safety and first responder (PSFR) personnel require on-demand access to public safety data in order to provide proper support and emergency care. In order to access the necessary data, PSFR personnel are heavily reliant on mobile platforms. Through these platforms, PSFR personnel can access the personal and protected health information of patients and sensitive law enforcement information; however, in order to keep sensitive information secure and to prevent unauthorized access, strong authentication mechanisms are required.

Those authentication mechanisms are needed to keep data secure and to protect privacy, but they have potential to hinder PSFR personnel and get in the way of them providing emergency services. While authentication may only take a matter of seconds, any delay in providing emergency services can have grave consequences and may even be a matter of life and death.

The Cybersecurity Practice Guide was developed in collaboration with NIST’S Public Safety Communications Research lab and industry stakeholders and aims to help resolve authentication issues to ensure sensitive data remains private and confidential and PSFR personnel can rapidly gain access to the data they need via mobile devices and associated applications.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The guide includes a detailed example solution with capabilities to address risk with appropriate security controls, along with a demonstration of the approach using commercially available products. Instructions are also included for implementers and security engineers to help them integrate the solution into their organization’s enterprise and configure it in a way to achieve security goals with minimal impact on operational efficiency and expense.

“This practice guide describes a reference design for multifactor authentication and mobile single sign-on for native and web applications while improving interoperability among mobile platforms, applications, and identity providers, regardless of the application development platform used in their construction,” explained NCCoE.

The NIST Cybersecurity Practice Guide can be found on this link.

Image Source: J. Stoughton/NIST

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.