Agencies pushed toward PKI

Amid the drive to put more government services on the Internet, federal

officials are urging agencies to secure information systems and are providing

the technical and legal tools to help.

At a forum last week, the General Services Administration and the Office

of Management and Budget outlined the benefits of a public-key infrastructure

(PKI) that will use digital certificates to secure agencies' electronic

transactions.

Vendors on GSA's Access Certificates for Electronic Services (ACES)

contract provide PKI products and services that enable agencies to issue

certificates to the public to secure interactions.

Digital certificates are the basis of the ACES contract. The certificates

offer an added level of security to the passwords and personal identification

numbers that agencies use now. They have encryption capabilities and hold

electronic signatures that authenticate a user's identity.

But agencies have been uncertain whether they need digital certificates

in the first place, said Richard Guida, chairman of the Federal PKI Steering

Committee.

"Don't spend your time gnashing your teeth," he said. "If you're not

certain if this is your cup of tea, write down what your needs are and let

GSA and the vendors help decide if it's your cup of tea."

Another agency concern is the perception that electronic signatures

do not have the same legal authority as paper signatures. But the Government

Paperwork Elimination Act of 1999 requires agencies to provide, whenever

practical, an electronic way to interact with the public by 2003.

OMB will issue its guidelines for how agencies should comply with GPEA

by April 21, but it is clearly stated in the legislation that electronic

signatures have full legal authority, said Jonathan Womer, a member of OMB's

Office of Information and Regulatory Affairs.

Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.