Commerce looks outside for security

The Commerce Department released a solicitation this month for commercial

authentication technologies to support its new Web-based time and attendance


Commerce wants to outsource public-key infrastructure (PKI) and certificate

authority (CA) capabilities for the system because the department lacks

the resources for them in-house.

PKI is a system for encrypting, decrypting, signing and verifying information

transmitted via the Internet. A CA issues and manages digital certificates,

which store digital signatures used during electronic transactions.

Commerce expects the vendor to provide up to 1,000 digital certificates

to employees in the Office of the Secretary, said Karen Hogan, Commerce's

acting deputy chief information officer and director of its digital department

program. Those supervisors will use digital signatures in conjunction with

a new time and attendance system to certify that an em-ployee's time sheet

is accurate.

Commerce is piloting the Web-based time and attendance system with the

digital signature capability before it rolls out the system departmentwide

early next year. It will replace a system that stores employee time sheet

information on floppy disks, which are manually combined for payroll, Hogan

said. Commerce is also piloting a "few different digital signature" capabilities

in other offices before taking a departmentwide approach, Hogan said.

Commerce's approach is not unusual, said Richard Guida, chairman of

the Federal PKI Steering Committee. But he said it is important that there

is "the proper level of oversight and control over the contractor so that

the function can be transitioned to a different contractor if the need should



  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.