Public Trust Page
Security & Standards
MBFD Hub is designed to support secure, accountable fire department logistics, maintenance, project, and administrative workflows. This page summarizes the platform's security posture and the fire-service documentation standards its implemented modules are designed to support.
Security-first overview
MBFD Hub is built around controlled access, role-aware workflows, and secure-by-design development practices. Public, employee, and administrative areas are separated, sensitive operations require authentication and role-based authorization, and administrative records are designed to be reviewable and accountable. Security information on this page is intentionally summarized at a high level — detailed infrastructure, configuration, and control information is restricted to authorized administrators and IT reviewers.
Security posture
Organized using widely referenced concepts from NIST CSF 2.0 (Govern, Identify, Protect, Detect, Respond, Recover) and informed by CISA Secure by Design principles. MBFD Hub is not certified by NIST or CISA.
Controlled Access
Administrative areas require authentication. Privileged actions require an assigned role.
Encrypted Connections
Traffic to MBFD Hub is delivered over HTTPS with modern transport security and strict transport headers.
Role-Aware Workflows
Least-privilege roles separate command staff, administrators, logistics, training, and read-only reviewers.
Input Validation
Form submissions and uploads are validated server-side, including file-type and size checks on photos and attachments.
Audit-Friendly Records
Records capture timestamps, the responsible user, status changes, and review activity for defensible documentation.
Rate Limiting
Public endpoints are rate-limited per client, and edge protections are in place against bulk and abusive traffic.
Signed Access Links
Where enabled, station-side workflows use signed, scope-limited URLs so credentialed sessions are not required on shared devices.
Secure Development
Application secrets stay out of source control. AI-generated HTML is sanitized before being rendered to users.
Monitoring & Health
Application health and error visibility are continuously monitored. Anomalies and failures are surfaced to administrators for review.
Fire-service standards awareness
NFPA does not approve, certify, or endorse this software. MBFD Hub is designed to support documentation and workflow alignment with applicable fire-service standards, subject to the adopted code editions, departmental policies, and Authority Having Jurisdiction requirements. This page is not a substitute for legal, IT, AHJ, or records-retention review.
MBFD Hub's implemented modules — including apparatus inspection, defects and repairs, station inspections and room audits, uniform and assigned equipment, station and traveling inventory, capital and under-25k projects, fire equipment requests, and structured workgroup evaluations — are designed to support consistent, defensible recordkeeping that aligns with concepts from the standards summarized below.
Standards alignment matrix
| Reference | Area | MBFD Hub alignment | Evidence (implemented module) | Claim level |
|---|---|---|---|---|
| NFPA 950 | Data development & exchange for the fire service | Structured fire-service operational and administrative records that support consistent data capture and reporting. | Stations, apparatus, employees, inventory, projects — structured records with exports. | Implemented |
| NFPA 951 | Guide to building & utilizing digital information | Department-wide digital information management across logistics, maintenance, and administrative records. | Filament admin panels for stations, apparatus, equipment, inventory, projects, requests, and reviews. | Implemented |
| NFPA 1850 | PPE / assigned-equipment care & maintenance | Item-level tracking, assignment history, and lifecycle documentation for uniforms and assigned equipment. | Uniform & assigned-equipment modules with employee assignment and request workflows. | Implemented |
| NFPA 1910 | Emergency vehicle inspection, maintenance, refurbishment, testing & retirement | Apparatus inspections, deficiency tracking, repair workflows, attachments, and status & lifecycle documentation. | Apparatus, apparatus inspections, defects, defect recommendations, shop work, unit-master vehicle records. | Implemented |
| NFPA 1660 | Continuity, preparedness & readiness concepts | Station readiness, repair tracking, capital projects, and support-service documentation that support continuity-minded workflows. | Station inspections, room audits, capital projects, under-25k projects, big-ticket requests, supply requests. | Supported where enabled |
| NFPA 1401 | Fire-service training reports & records | Where training modules are enabled, structured training assignments, status, and administrative review workflows. | Training panel with training-todo and update records. | Partially implemented |
| NFPA 1561 | Incident management & command safety | No incident-command, accountability, or IAP modules are implemented today. | — | Not claimed |
| NFPA 1225 | Emergency services communications | No dispatch, CAD, station alerting, or radio-log functionality is implemented today. | — | Not claimed |
| NFPA 1710 / 1720 | Deployment & response-time reporting | No turnout, travel, or arrival-time analytics are implemented today. | — | Not claimed |
| NERIS / NFIRS | National incident reporting | No incident-reporting or CAD/RMS export modules are implemented today. | — | Not claimed |
Claim levels reflect the implemented feature set at publication time. Where a standard addresses operational response, communications, or incident-command activities outside the current scope, MBFD Hub makes no claim. Departmental policy, adopted code editions, and the Authority Having Jurisdiction govern how recordkeeping is used in practice.
Records & audit readiness
- Timestamped entries with the responsible user captured on creation and material updates.
- Status tracking across inspections, defects, requests, projects, and supply workflows.
- Notes, comments, and structured attachments (photos and documents) on the records that benefit from them.
- Where enabled, review and approval workflows route records to the appropriate role before close-out.
- Reporting and export options support administrative review without exposing operational internals.
- Retention and disposition remain subject to departmental policy and applicable public-records requirements.
Contact & responsible disclosure
For security, access, or records-handling concerns related to MBFD Hub, please contact the MBFD Hub administrator through official department channels. Reports made in good faith are reviewed promptly; please do not share exploit details, credentials, or sensitive technical information in unsolicited or public communications.