Report calls PKI key to a digital U.S. government

A fledgling technology built on public key infrastructure (PKI) will be key to the government's success in achieving the "digital government" envisioned by the Clinton administration, according to a report released today.

The report, called "Access With Trust," lays out a plan for agencies to begin building a PKI foundation to secure electronic transactions. It also describes a partnership between the government and the private sector to design and build a PKI to improve the public's access to government services and information, and to tighten the security of unclassified government information systems.

PKI, a framework of technology and policy regarding the use of digital signatures, will be a foundation to support trusted communication among federal government agencies and between agencies and the private sector, according to the report.

"We're looking at this document...as a means to an end," said Richard Guida, security champion for security of the Government Information Technology Services Board. "The end we're trying to achieve is...the appropriate use of digital signature technology by federal agencies for their internal transactions and their external transactions. PKI is never going to jell until you apply a stimulus to it. You've got to go out and use the technology and maybe take a few bruises in the process."

The report outlines several agency pilot projects testing PKI technology, including the Agriculture Department's use of PKI technology to secure electronic benefits transfer between the department and various states.

Guida said the report is designed to provide agencies guidance and some examples of other government uses. "We don't want to have...a situation where you have disparate uses of the technology...that creates stovepipes," Guida said. "[We are] bringing agencies together that are working on this so agencies can learn from each other."

According to the report, PKI will provide four security services: authentication, data integrity, nonrepudiation (verification that an electronic message has been sent) and confidentiality. It will be designed not with a "government-only approach" but as part of the evolving private-sector PKI being built using commercial products.

The report was published by the Federal Public Key Infrastructure Steering Committee, GITS and the Office of Management and Budget.

It is available online at gits.gov.

Featured

  • Cybersecurity
    Boy looks under voting booth at Ventura Polling Station for California primary Ventura County, California. Joseph Sohm / Shutterstock.com

    FBI breach notice rules lauded by states, but some want more

    A recent policy change by the FBI would notify states when their local election systems are hacked, but some state officials and lawmakers want the feds to inform a broader range of stakeholders in the election ecosystem.

  • paths (cybrain/Shutterstock.com)

    Does strategic planning help organizations?

    Steve Kelman notes growing support for strategic planning efforts -- and the steps agencies take to keep those plans relevant.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.