GSA accepts bids on governmentwide PKI program

The General Services Administration is one step closer to awarding the first contract aimed at providing public-key infrastructure technology governmentwide after receiving proposals on its Access Certificates for Electronic Services program.

As the first contract designed to provide the technology necessary to secure government business over the Internet, GSA's ACES contract has generated a lot of interest in the government and vendor communities.

"This really represents the first governmentwide contract [for PKI and related technologies and services] that agencies can order off of," said Tony Trenkle, director of electronic services at the Social Security Administration. "It provides a linchpin for really pushing a governmentwide PKI infrastructure that was not there before."

This will be especially important for smaller agencies that could not afford the time or money necessary to put together a PKI pilot the way the Defense Department and other agencies have done during the past year, Trenkle said.

GSA would not disclose the number of proposals the agency received last month, but an AT&T spokeswoman confirmed that the company submitted a bid on the ACES program.

Several sources close to the contract said Digital Signature Trust Co. also submitted a bid.Spokespeople for PKI vendors Entrust Technologies Inc. and VeriSign Inc. said the companies bid as subcontractors but would not disclose their teaming arrangements.

Now that the bids are in, GSA will take the next few months to make an initial evaluation of the proposals. The agency plans to award the contract in mid-summer to as many vendors as it deems necessary, according to Judith Spencer, director of the GSA Center for Governmentwide Security.

Several agencies will be working closely with the GSA team in the upcoming months, officials said.The U.S. Postal Service at one point considered participating in a bid on the contract, but in the end decided against that step, said Charles Chamberlain, USPS' technology policy manager.

"I think we're going to do everything we can to help GSA, but we're not bidding," he said.

SSA was one of the first agencies to issue a letter of intent on the contract and is now working closely with Spencer's office, Trenkle said. SSA has been eyeing ACES from the beginning as a possible tool for the agency's plans to put several of its systems and services online. This could include the agency's Personal Earnings and Benefit Estimate Statement system, which was pulled from the Internet in 1997 after Congress expressed concern that the information could be available to any visitor.

"We have developed a working relationship with GSA to make sure our concerns are met before we start using the contract," he said.

Those concerns include privacy and control of personal information, he said. And though ACES has a lot of potential, it will not be the best fit for every application, and SSA is taking very careful steps in choosing which systems, if any, will use the contract.

"We're very interested and excited about it, but we need to look at it from a very pragmatic viewpoint," Trenkle said.


  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

  • IT Modernization
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    VA plans 'strategic review' of $16B software program

    New Veterans Affairs chief Denis McDonough announced a "strategic review" of the agency's Electronic Health Record Modernization program of up to 12 weeks.

Stay Connected