221 KB | 3 files | DOC, PDF
Managing credentials is vital for any organization; for emergency responders, it is absolutely critical. This research on ERO authentication practices should give you insight on how to manage identity in you own organization.
The purpose of an identity system is to enable individuals to be distinguished from each other in a trustworthy manner. The process of distinguishing one person within a group of people is referred to as identification. The process of repetitively affirming the identity of a specific person is termed authentication. A capability to reliably authenticate individuals at different times and in different places allows information to be attributed to each individual in a correspondingly trustworthy manner. This attribution of additional information (in addition to those required for asserting the identity) forms the basis for authorization of that individual to perform certain tasks. The collection of information used for authentication and subsequently for authorization is called credentials. Jurisdictions, through the issuance of credentials, thus can grant and convey recognition of various levels of capability or authority to be exercised by the individual. If there exists an infrastructure for secure exchange of credentials and creation of trust in these credentials, it provides the capability to establish mutual trust and by extension a circle of trust.
In this document, we describe a framework for establishing such an infrastructure for authentication and authorization of Emergency Response officials (ERO) who respond to various types of man-made and natural disasters.
The attached Zip file includes:
This table outlines the top needs of each stakeholder group that can help guide your conversations on priorities and needs for the GRC program. ... More >>
This publication provides guidelines for establishing and participating in cyber threat information sharing relationships. ... More >>
This document provides recommendations and guidelines for enhancing trust in email, including transmission and content security recommendations. ... More >>