Industry raps Pentagon PKI

Defense Department officials say they're revamping their public-key infrastructure policy in light of an industry consortium report that sharply criticized DOD practices.

The Federal Electronic Commerce Coalition called for the Pentagon to relax its Aug. 12, 2000, PKI policy that mandates the highest level of PKI certification — Level 4 — for every transaction by 2005.

Because retirees will need to access DOD financial, health and personnel systems, and vendors dealing with DOD may not use Level 4 certificates, the department should mandate different levels of certification — from Level 2 to Level 4 — depending on the business area, said Michael Mestrovich, chairman of Arlington, Va.-based FECC.

Thirty-eight industry officials signed the FECC "Impact Assessment of DOD's PKI Policy" white paper on Dec. 11. The organization represents 16 industry associations with 7,000 members.

"They're suggesting we use the federal [PKI] bridge, and we have always been committed to that," said Paul Grant, electronic business executive for the assistant secretary of Defense for command, control, communications and intelligence.

DOD officials are implementing key areas of the report, he said, and added that he believed the Bush administration would try to implement the FECC recommendations.

Nonetheless, he said it will be difficult to enable retirees and vendors with weaker certificate authority to perform transactions with DOD systems without compromising sensitive or classified data.

Featured

  • Comment
    customer experience (garagestock/Shutterstock.com)

    Leveraging the TMF to improve customer experience

    Focusing on customer experience as part of the Technology Modernization Fund investment strategy will enable agencies to improve service and build trust in government.

  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

Stay Connected