NIST SPECIAL PUBLICATION 1800 -13 Mobile Application Single Sign-On Improving Authentication for Public Safety First Responders Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B); and How -To Guide s (C) Bill Fisher Paul Grassi William C. Barker Spike E. Dog Santos Jha William Kim Taylor McCorkill Joseph Portner Mark Russell Sudhi Umarji May 2019 SECOND DRAFT This publication is available free of charge from https://www.nccoe.nist.gov/projects/use - cases/mobile -sso NIST SPECIAL PUBLICATION 1800 -13 Mobile Application Single Sign -On Improving Authentication for Public Safety First Responders Includes Executive Summary (A); Approach, Architecture, an d Security Characteristics (B) ; and How -To Guides (C) Bill Fisher Paul Grassi * Applied Cybersecurity Division Information Technology Laboratory Spike E. Dog Santos Jha William Kim * Taylor McCorkill Joseph Portner * Mark Russell Sudhi Umarji The MITRE Corporation McLean, Virginia William C. Barker Dakota Consulting Silver Spring, Maryland *Former employee; all work for this publication was done while at employer . SECOND DRAFT May 2019 U.S. Department of Commerce Wilbur Ross , Secretary National Institute of Standards and Technology Walter Copan, NIST Director and Undersecretary of Commerce for Standards and Technology NIST SPECIAL PUBLICATION 1800 -13A Mobile Application Single Sign-On Improving Authentication for Public Safety First Responders Volume A : Executive Summary Bill Fisher Paul Grassi * Applied Cybersecurity Division Information Technology Laboratory Spike E. Dog Santos Jha William Kim * Taylor McCorkill Joseph Portner * Mark Russell Sudhi Umarji The MITRE Corporation McLean, Virginia William C. Barker Dakota Consulting Silver Spring, Maryland *Former employee; all work for this publication was done while at employer. May 2019 SECOND DRAFT This publication is available free of charge from https://www.nccoe.nist.gov/projects/use -cases/mobile -sso SECOND DRAFT NIST SP 1800 -13A: Mobile Application Single Sign -On 1 Executive Summary 1 ▪ On-demand access to public safety data is critical to ensuring that public safety and first 2 responders (PSFRs) can protect life and property during an emergency. 3 ▪ This public safety information, often needing to be accessed via mobile or portable devices , 4 routinely include s sensitive information , such as personally identifiable information, law 5 enforcement sensitive information, and protected health information. 6 ▪ Because the communications are critical to public safety and may include sensitive infor mation, 7 robust and reliable authentication mechanisms that do not hinder delivery of emergency 8 services are required . 9 ▪ In collaboration with the National Institute of Standards and Technology ( NIST ) Public Safety 10 Communications Research lab oratory and industry s takeholders, the National Cybersecurity 11 Center of Excellence (NCCoE) at NIST built a laboratory environment to demonstrate standards - 12 based technologies t hat can enable PSFRs to gain access to public safety information efficiently 13 and securely by using mobile devices. 14 ▪ The technologies demonstrated are currently available and include (1) single sign -on (SSO) 15 capabilities that reduce the number of credentials that need to be managed by public safe ty 16 personnel , and reduc e the time and effort that individuals spend authenticating themselves ; 17 (2) identity federation that can improve the ability to authenticate personnel across public 18 safety organization (PSO) boundaries ; and (3) multifactor authentication (MFA) that enabl es 19 authentication with a high level of assurance . 20 ▪ This NIST Cybersecurity Practice Guide describ