Lack of federal PKI hinders progress on e-purchasing

Federal PKI Steering Committee

The high level of electronic transaction security that public-key infrastructure technology can bring to the federal government will not be fully realized until an overall management framework is formed to consistently guide agencies, according to a new report.

The development of a federal PKI—using digital certificates to authenticate, authorize and encrypt electronic transactions between agencies and between agencies and citizens—has made substantial progress during the last few years, led by the Federal PKI Steering Committee and the General Services Administration. But several challenges still must be overcome, including getting the Office of Management and Budget to lend its authority to direct the governmentwide implementation effort, wrote David McClure, director of information technology management issues at the General Accounting Office.

GAO outlined these challenges:

Developing a system that ensures seamless interoperability of agency PKIs. Overcoming the current lack of a proven example of a PKI-enabled application in the federal government. Reducing the high cost of building a PKI and enabling software applications to use it. Developing well-defined security policies and procedures. Training administrators and users to work with a complex technology. The Federal PKI Steering Committee is seeking solutions to these issues and has already developed the Federal Bridge Certification Authority, which allows the many agency PKI applications to connect in a larger network. But the steering committee "does not have the authority to define or require adherence to a governmentwide management framework," McClure wrote.

The report recommends that the com-mittee and GSA continue their efforts. But the only way to ensure such authority is to have OMB establish a frame-work, working with the committee, the CIO Council, the National Institute of Standards and Technology and others.

Featured

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • Budget
    Stock photo ID: 134176955 By Richard Cavalleri

    House passes stopgap spending bill

    The current appropriations bills are set to expire on Oct. 1; the bill now goes to the Senate where it is expected to pass.

Stay Connected