Feds to test security of transactions

The General Services Administration this month kicks off a year-long test of an encryption project that it hopes will eventually allow participants to conduct secure transactions with the government from personal computers or public kiosks.

In its first series of applications the Federal Security Infrastructure Program (FSIP) will include 2 000 computer users from six agencies. The pilot project will protect vendors' electronic bids on the agency's Post-FTS 2000 and Federal Acquisition Services for Technology (FAST) program which GSA uses to match agencies' information technology needs with vendors said GSA program manager Stanley Choffrey. FSIP also will secure vendors' responses to synopses published in the Commerce Business Daily.

In addition users from the interagency National Security Telecommunications and Information Systems Security Committee (NSTISSC) will use the infrastructure to encrypt "virtual meeting" sessions.

"This is a new technology and we've got a lot to learn " Choffrey said. "Hopefully we will have learned enough after six to eight months of the pilot that we will have an operational infrastructure in place that agencies can continue using."

Bidders on Post-FTS 2000 contracts will be required to submit bids via FSIP said David Cleveland deputy assistant commissioner for service development at GSA's Federal Telecommunications Service. "We want to receive proposals in the electronic medium and the FSIP appears to be a way to do that " he said. "I expect we will probably request a paper copy as well."

Besides GSA's Post-FTS 2000 and FAST program offices and the NSTISSC organizations participating in the project include the Federal Transit Administration and the Office of Motor Carriers at the Transportation Department and the Government Printing Office. The pilot will be expanded to about 10 000 users by the end of the year.

Choffrey said the infrastructure will be based on hardware-token technology generally accepted as more secure than software-based solutions.

To participate in FSIP users are required to provide two forms of identification to the U.S. Postal Service which is acting as the project's "certification authority." The authority will then provide a hardware token resembling a 3.5-inch floppy diskette which will contain a certificate identifying the user and a public/private key pair unique to the user. The token will allow users to access a secure server verify each other's identity and establish an encrypted connection.

Atalla Corp. a company specializing in high-performance cryptographic proc-essing technology will provide its WebSafe2 cryptographic hardware module. WebSafe2 which accepts transactions from any browser will bridge the gap between public-network keys used mostly by the private sector and private-network keys used extensively in the government.

Larry Hines director of technical support for Atalla said the GSA project is one of the most innovative security test beds because while many entities are mainly concerned with protecting sensitive data from outside intruders FSIP protects communications throughout the transmittal process to also guard against internal threats such as disgruntled employees.


  • Management
    people standing on keyboard (Who is Danny/Shutterstock.com)

    OPM-GSA merger plan detailed in legislative proposal

    The White House is proposing legislation for a dramatic overhaul of human resources inside government and wants $50 million to execute the plan.

  • Cloud
    cloud applications (chanpipat/Shutterstock.com)

    GSA plans civilian DEOS counterpart

    GSA is developing a cloud email and enterprise services contract inspired by the single-source vehicle the Department of Defense devised for back-office software.

  • Defense
    software (whiteMocca/Shutterstock.com)

    DOD looks to unify software spending for 2020

    Defense Department acquisition head, Ellen Lord, hopes to simplify software buying and improve business systems following the release of the Defense Innovation Board's final software acquisition study.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.