GSA accepts bids on governmentwide PKI program

The General Services Administration is one step closer to awarding the first contract aimed at providing public-key infrastructure technology governmentwide after receiving proposals on its Access Certificates for Electronic Services program.

As the first contract designed to provide the technology necessary to secure government business over the Internet, GSA's ACES contract has generated a lot of interest in the government and vendor communities.

"This really represents the first governmentwide contract [for PKI and related technologies and services] that agencies can order off of," said Tony Trenkle, director of electronic services at the Social Security Administration. "It provides a linchpin for really pushing a governmentwide PKI infrastructure that was not there before."

This will be especially important for smaller agencies that could not afford the time or money necessary to put together a PKI pilot the way the Defense Department and other agencies have done during the past year, Trenkle said.

GSA would not disclose the number of proposals the agency received last month, but an AT&T spokeswoman confirmed that the company submitted a bid on the ACES program.

Several sources close to the contract said Digital Signature Trust Co. also submitted a bid.Spokespeople for PKI vendors Entrust Technologies Inc. and VeriSign Inc. said the companies bid as subcontractors but would not disclose their teaming arrangements.

Now that the bids are in, GSA will take the next few months to make an initial evaluation of the proposals. The agency plans to award the contract in mid-summer to as many vendors as it deems necessary, according to Judith Spencer, director of the GSA Center for Governmentwide Security.

Several agencies will be working closely with the GSA team in the upcoming months, officials said.The U.S. Postal Service at one point considered participating in a bid on the contract, but in the end decided against that step, said Charles Chamberlain, USPS' technology policy manager.

"I think we're going to do everything we can to help GSA, but we're not bidding," he said.

SSA was one of the first agencies to issue a letter of intent on the contract and is now working closely with Spencer's office, Trenkle said. SSA has been eyeing ACES from the beginning as a possible tool for the agency's plans to put several of its systems and services online. This could include the agency's Personal Earnings and Benefit Estimate Statement system, which was pulled from the Internet in 1997 after Congress expressed concern that the information could be available to any visitor.

"We have developed a working relationship with GSA to make sure our concerns are met before we start using the contract," he said.

Those concerns include privacy and control of personal information, he said. And though ACES has a lot of potential, it will not be the best fit for every application, and SSA is taking very careful steps in choosing which systems, if any, will use the contract.

"We're very interested and excited about it, but we need to look at it from a very pragmatic viewpoint," Trenkle said.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.