GSA will lead e-authentication project
Connecting state and local government leaders
The General Services Administration will oversee formation of a governmentwide public-key infrastructure through an electronic authentication project endorsed by the Office of Management and Budget.
The General Services Administration will oversee formation of a governmentwide public-key infrastructure through an electronic authentication project endorsed by the Office of Management and Budget.
John Sindelar, deputy associate administrator in GSA's Office of Governmentwide Policy, said PKI is not mandatory, although it is the preferred security measure for e-government projects.
'We don't have to create another centrifugal force,' Sindelar said. He said agencies should just use existing resources.
The FirstGov.gov portal, Sindelar said, will integrate its communication channels to become an official public gateway to a growing number of online federal services and will promote PKI services under GSA's Access Certificates for Electronic Services program.
FirstGov will be able to collect information'in a customer relationship management or case management methodology'in a way that will prevent agencies from collecting duplicate information, Sindelar said.
Some initiatives will be fine without a PKI, he said. Others, such as tax filing or other sensitive transactions, probably will need it.
'What we see is a landscape of interconnectivity,' said Mark Forman, OMB associate director for IT and e-government. With government-to-government projects, for example, PKI would ease concerns about sharing information that's behind a firewall, he said.
Forman told about 500 federal officials and commercial security experts at a symposium last month that PKI will be the enabler of OMB's 23 endorsed e-gov projects. He also warned that agencies that don't implement security measures in their e-gov initiatives' business cases would not get funding.
Even though OMB has been working with the Federal PKI Steering Committee for five years, 'I think 9/11 really galvanized things' for PKI security, said Judith Spencer, chairwoman of the CIO Council's PKI Steering Committee.
Tim Polk, PKI program manager at the National Institute of Standards and Technology, referred to agencies' well-known reluctance to trust third parties with their digital certificates [GCN, July 23, Page 7].
'No one wants to be the registration authority, and no one wants to house the certification authority,' Polk said.
NEXT STORY: Commerce Secretary confirms encryption standard