Agencies pushed toward PKI
- By Diane Frank
- Apr 17, 2000
Amid the drive to put more government services on the Internet, federal
officials are urging agencies to secure information systems and are providing
the technical and legal tools to help.
At a forum last week, the General Services Administration and the Office
of Management and Budget outlined the benefits of a public-key infrastructure
(PKI) that will use digital certificates to secure agencies' electronic
Vendors on GSA's Access Certificates for Electronic Services (ACES)
contract provide PKI products and services that enable agencies to issue
certificates to the public to secure interactions.
Digital certificates are the basis of the ACES contract. The certificates
offer an added level of security to the passwords and personal identification
numbers that agencies use now. They have encryption capabilities and hold
electronic signatures that authenticate a user's identity.
But agencies have been uncertain whether they need digital certificates
in the first place, said Richard Guida, chairman of the Federal PKI Steering
"Don't spend your time gnashing your teeth," he said. "If you're not
certain if this is your cup of tea, write down what your needs are and let
GSA and the vendors help decide if it's your cup of tea."
Another agency concern is the perception that electronic signatures
do not have the same legal authority as paper signatures. But the Government
Paperwork Elimination Act of 1999 requires agencies to provide, whenever
practical, an electronic way to interact with the public by 2003.
OMB will issue its guidelines for how agencies should comply with GPEA
by April 21, but it is clearly stated in the legislation that electronic
signatures have full legal authority, said Jonathan Womer, a member of OMB's
Office of Information and Regulatory Affairs.