50 percent Yes.
NAS security mode command is only Integrity Protected where as NAS security mode complete is Integrity Protected and Ciphered, with activated security context.
So after this message Ciphering is applied to all NAS message except EMM attach request, Tracking Area Update request and of-course NAS security mode command message.
UE <-->MME<-->HSS: Authentication takes place:
If UE context does not present in anywhere in the network and Attach Request which is not Integrity protected OR Integrity Check Fails then and then only Integrity Protection and Ciphering are mandatory otherwise it is optional.
As for Emergency call, MME should not do Authentication process, and for that MME is configured to support UN-Authenticated UE's. So when UE send Attach request with attach type as "emergency call" then MME skips authentication and security and continue with attach procedure.