Skip to Main Content
Home /

Agencies

Service Features

myHawaii is an identity platform designed to provide a modernized login experience for your customers and services. Below is a list of authentication features that help secure access to your critical, citizen-facing services:

  • Password Protection: Enforces industry-standard encryption and complexity requirements for secure local account passwords.
  • Multi-Factor Authentication: Supports verification codes via text message, voice call, and authenticator app for added security.
  • Email Verification: Confirms user ownership to prevent fraudulent account creation.
  • Sign-in with Google: Allows users to sign in with their existing Google credentials for added convenience.
  • Self-Service Password Management: Enables users to change their passwords using registered MFA methods.
  • Profile Management: Allows users to update all relevant myHawaii account details in one place.
  • Fraud Protection: Evaluates real-time sign-in risks to enhance account security.

Roadmap

myHawaii will continue to evolve to better serve our citizens and connected services. Below is a general roadmap outlining potential enhancements for your services on this platform. While priorities may shift over time, this reflects our current direction for the future.

  • Publish an onboarding workflow for agencies, departments, and counties to streamline new application integration.
  • Enhance single sign-on support, allowing more users to access services with their existing identities.
  • Continuously improve fraud protection measures across the platform.
  • Enhance support for Identity Verification services.
  • Improve the user account and profile experience.
  • Enable support for WebAuthn authentication methods.
  • Implement contextual and device-based authentication.
  • Integrate authentication with mobile applications.
  • Expand support for Digital Identity solutions.
  • Create a unified Single Government Portal experience.

Security and Compliance

The myHawaii platform aligns with the security and privacy standards outlined in NIST 800-53, ensuring robust protection through the following control families:

Security Certifications & Compliance

The myHawaii platform meets industry-recognized security and privacy standards to ensure data protection and compliance with global regulations.

  • ISO 27017 – Cloud security best practices
    • Applied to: myHawaii IAM Services
  • ISO 27018 – Protection of personal data in the cloud
    • Applied to: myHawaii IAM Services
  • ISO 27001:2013 – Information security management system (ISMS)
    • Applied to: myHawaii IAM Services, myHawaii Threat Protection Services
  • AICPA SOC – Security, availability, and confidentiality controls
    • Applied to: myHawaii IAM Services, myHawaii Threat Protection Services
  • CSA STAR (Cloud Security Alliance Security, Trust, and Assurance Registry)
    • Level 1 Certification: myHawaii Threat Protection Services
    • Level 2 Certification: myHawaii IAM Services

Security Controls

  • Access Control (AC): Fine-grained access control, information sharing, session management, least privilege, account management, access enforcement, control policy management, access control for mobile devices, RBAC, ABAC, PBAC, account lockout, and more.
  • Audit and Accountability (AU): Common Audit Framework, tamper evidence, encryption, and audited consent (integrated with Privacy Controls).
  • Identification and Authentication (IA): Identification and authentication services for users, services, and devices, supporting single-factor, multi-factor, and adaptive risk-based authentication, along with authentication policy management.
  • Physical and Environmental Protection (PE): IoT and sensor identification, authentication, and authorization using HTTP and industrial protocols, enabling unified credential, authentication, and authorization services for both Logical Access Control (LACS) and Physical Access Control (PACS).
  • System and Communications Protection (SC): Secure endpoint protection, security token management, encryption, transmission confidentiality and integrity, PKI, and protection of information at rest and in transit.

Privacy Controls

  • Authority and Purpose (AP), Individual Participation (IP), and Use Limitation (UL): User-driven constrained consent, and the ability to revoke consent for shared information.
  • Accountability, Audit, and Risk Management (AR): Common Audit Framework.
  • Data Minimization and Retention (DM): Encryption of Personally Identifiable Information (PII).

By implementing these security and privacy measures, the myHawaii platform ensures compliance with industry standards while providing a secure and user-centric authentication experience.

To get in touch with us for more information, agencies can reach out to their IT Coordinators.