NIST drafts mobile security standards for first responder technology
The National Institute of Standards and Technology (NIST) has collaborated with the first responder community to draft a proposed reference design for both multifactor authentication and mobile single sign-on to help overcome security concerns regarding public safety data in the field, according to a report by GCN.
Developed by NIST’s National Cybersecurity Center of Excellence (NCCoE), the draft is aimed directly at the public safety/first responder community and details all the standards-based technical options that public safety organizations will need to consider incorporating into their mobile security services.
The reference design, which is based on commercially available and open source products, ought to “improve interoperability between mobile platforms, applications and identity platforms regardless of the application development platform used in their construction,” the NCCoE said.
The method addresses cybersecurity issues that organizations such as the National Association of State Chief Information Officers have emphasized, particularly in regards to the Internet of Things.
“Success will be predicated on an open platform that allows partners working together to use the same baseline technologies,” according to a NASCIO study.
The NCCoE project proposal includes several scenarios in which its standards would be applicable and describes a high-level architecture that could potentially work for mobile devices.
The draft also emphasizes that the reference design and implementation use a standards-based process that uses the “native capabilities” of the mobile OS of the device.
The NCCoE is opening up the Mobile Application Single Sign-On project for comment with a September 16, 2016 deadline.
The NIST has also completed the first draft of a new Digital Authentication Guideline, a portion of its SP 800-63 line of electronic authentication technical and procedural guidelines that initially started in 2004.
The new publication is an extensive update of the authentication requirements that government agencies should adhere to, including the recommendation of phasing out the use of out-of-band secure message service (SMS) for authentication, the importance of continuing the use of passwords, and limiting the value of previously accepted authentication methods like biometrics.
Previously reported, the National Institute of Standards and Technology posted four documents to GitHub detailing drastic changes it has made to its guidelines for federal agencies’ digital authentication practices.