Report calls PKI key to a digital U.S. government

A fledgling technology built on public key infrastructure (PKI) will be key to the government's success in achieving the "digital government" envisioned by the Clinton administration, according to a report released today.

The report, called "Access With Trust," lays out a plan for agencies to begin building a PKI foundation to secure electronic transactions. It also describes a partnership between the government and the private sector to design and build a PKI to improve the public's access to government services and information, and to tighten the security of unclassified government information systems.

PKI, a framework of technology and policy regarding the use of digital signatures, will be a foundation to support trusted communication among federal government agencies and between agencies and the private sector, according to the report.

"We're looking at this document...as a means to an end," said Richard Guida, security champion for security of the Government Information Technology Services Board. "The end we're trying to achieve is...the appropriate use of digital signature technology by federal agencies for their internal transactions and their external transactions. PKI is never going to jell until you apply a stimulus to it. You've got to go out and use the technology and maybe take a few bruises in the process."

The report outlines several agency pilot projects testing PKI technology, including the Agriculture Department's use of PKI technology to secure electronic benefits transfer between the department and various states.

Guida said the report is designed to provide agencies guidance and some examples of other government uses. "We don't want to have...a situation where you have disparate uses of the technology...that creates stovepipes," Guida said. "[We are] bringing agencies together that are working on this so agencies can learn from each other."

According to the report, PKI will provide four security services: authentication, data integrity, nonrepudiation (verification that an electronic message has been sent) and confidentiality. It will be designed not with a "government-only approach" but as part of the evolving private-sector PKI being built using commercial products.

The report was published by the Federal Public Key Infrastructure Steering Committee, GITS and the Office of Management and Budget.

It is available online at gits.gov.

Featured

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

Stay Connected