GSA open to outsourcing federal PKI operation

The General Services is looking for new ideas about how to manage the Federal Public Key Infrastructure (PKI) Trust system, including the possibility of turning it over to a contractor.

At present, GSA is responsible for the system, which maintains links between federal agencies and public and private groups that issue PKI certificates, and systems that connect different government PKI systems. Among other functions, the system is used to support the process for maintaining Personal Identity Verification credentials.

But in a request for information released earlier this month, GSA invited people to suggest alternative solutions for managing federal PKI operations. The RFI asks for comments on two basic approaches: the current model, in which a contractor provides the service using government-furnished systems, and a services-only model, in which a contractor takes over the system as well.

In the case of the current model, GSA also is looking for ideas about to enhance existing services. For example, the agency would like to develop a funding model that would make it possible to recover the costs of operating the PKI infrastructure. The RFI also asks for comments on how to better divide management responsibilities between the government and the contractor.

In the case of the services-only model, GSA would like comments on how to manage the transition.

About the Author

John S. Monroe is the editor-in-chief of Federal Computer Week.

Featured

Reader comments

Thu, Feb 9, 2012 Larry Hale

I am Larry Hale, GSA Director of Strategic Solutions and Security Services and I oversee this program. I want to explain GSA's intent and clarify a few of the details mentioned above. The operation of the FPKI infrastructure is currently provided by a commercial vendor. This RFI is an effort to gather market information on the state of this maturing technology to gauge the competitive environment prior to developing an acquisition strategy. Its intention is both practical in determining what vendor capabilities are for cost and system improvements to the current state and for engaging industry in broad based suggestions for long term strategic planning.

Wed, Feb 8, 2012 myron

GSA is responsible for the system, which maintains links between federal agencies and public and private groups that issue PKI certificates, and systems that connect different government PKI systems

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above