GSA overhauls solicitation for ACES

The General Services Administration has released a "massive rewrite" of its solicitation for a project that will verify individuals' identities for electronic transactions between agencies and the public - a critical component for the concept of a digital government.

The Access Certificates for Electronic Services (ACES) project, first scheduled for award a year ago, is intended to provide commercial off-the-shelf products that will issue and authenticate digital certificates for citizens accessing or providing data to federal agencies. This will form the basis for the new electronic government, GSA officials said.

"It's just another piece in the whole puzzle...particularly electronic-government stuff where citizens are looking to do business with the government," said Tony Trenkle, co-chairman of GSA's E-Commerce Program Management Office. "What comes out of [ACES] will be the infrastructure for electronic commerce and electronic government."

ACES also is one of the initiatives needed to form a common public-key infrastructure (PKI) across government, said Richard Guida, chairman of the Federal PKI Steering Committee for the Government Information Technology Services Board. "ACES is aimed right at the heart of what Access America is trying to do," he said. (See related story, "Report: PKI key to digital government," at

ACES has been under development since 1997, and GSA intended to award the original contract in January 1998, but it was held up because of concerns from vendors and public interest groups. "What we have done is fully consider all of the issues in question to do a massive rewrite of the framework," said Jon Faye, contracting officer for ACES. "But we have not changed the requirements."

One change GSA made in the request for proposals - a change that vendors applauded - is that vendors can use many types of digital signature algorithms to make up the security of the certificates, instead of restricting vendors to just one algorithm.

"We were happy to see that they were looking at the full range of options out there," said Skip Hirsh, director of federal programs at Certicom Corp. "The original ACES didn't have that spectrum. They just arbitrarily picked RSA," the Rivest, Shamir and Alderman algorithm, which is the most widely used commercial algorithm.

"From a technology point of view, they have taken a major step forward," agreed John Pescatore, senior security consultant with Entrust Technologies Inc.

Vendors backed away from the draft ACES RFP because GSA gave no guarantee that agencies would buy off the contract, Hirsh said. GSA plans to release a list of agencies interested in using the program, said Judith Spencer, director of the Center for Governmentwide Security at GSA.

The basic aspects of the contract have not changed, even though in July many vendors expressed the concern that federal requirements would change the products and services offered under ACES to "government off-the-shelf" rather than COTS. The purpose of the program is to satisfy the needs that agencies have expressed to GSA, Faye said.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.