Report calls PKI key to a digital U.S. government

A fledgling technology built on public key infrastructure (PKI) will be key to the government's success in achieving the "digital government" envisioned by the Clinton administration, according to a report released today.

The report, called "Access With Trust," lays out a plan for agencies to begin building a PKI foundation to secure electronic transactions. It also describes a partnership between the government and the private sector to design and build a PKI to improve the public's access to government services and information, and to tighten the security of unclassified government information systems.

PKI, a framework of technology and policy regarding the use of digital signatures, will be a foundation to support trusted communication among federal government agencies and between agencies and the private sector, according to the report.

"We're looking at this document...as a means to an end," said Richard Guida, security champion for security of the Government Information Technology Services Board. "The end we're trying to achieve is...the appropriate use of digital signature technology by federal agencies for their internal transactions and their external transactions. PKI is never going to jell until you apply a stimulus to it. You've got to go out and use the technology and maybe take a few bruises in the process."

The report outlines several agency pilot projects testing PKI technology, including the Agriculture Department's use of PKI technology to secure electronic benefits transfer between the department and various states.

Guida said the report is designed to provide agencies guidance and some examples of other government uses. "We don't want to have...a situation where you have disparate uses of the technology...that creates stovepipes," Guida said. "[We are] bringing agencies together that are working on this so agencies can learn from each other."

According to the report, PKI will provide four security services: authentication, data integrity, nonrepudiation (verification that an electronic message has been sent) and confidentiality. It will be designed not with a "government-only approach" but as part of the evolving private-sector PKI being built using commercial products.

The report was published by the Federal Public Key Infrastructure Steering Committee, GITS and the Office of Management and Budget.

It is available online at gits.gov.

Featured

  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/Shutterstock.com)

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected