Industry raps Pentagon PKI

Defense Department officials say they're revamping their public-key infrastructure policy in light of an industry consortium report that sharply criticized DOD practices.

The Federal Electronic Commerce Coalition called for the Pentagon to relax its Aug. 12, 2000, PKI policy that mandates the highest level of PKI certification — Level 4 — for every transaction by 2005.

Because retirees will need to access DOD financial, health and personnel systems, and vendors dealing with DOD may not use Level 4 certificates, the department should mandate different levels of certification — from Level 2 to Level 4 — depending on the business area, said Michael Mestrovich, chairman of Arlington, Va.-based FECC.

Thirty-eight industry officials signed the FECC "Impact Assessment of DOD's PKI Policy" white paper on Dec. 11. The organization represents 16 industry associations with 7,000 members.

"They're suggesting we use the federal [PKI] bridge, and we have always been committed to that," said Paul Grant, electronic business executive for the assistant secretary of Defense for command, control, communications and intelligence.

DOD officials are implementing key areas of the report, he said, and added that he believed the Bush administration would try to implement the FECC recommendations.

Nonetheless, he said it will be difficult to enable retirees and vendors with weaker certificate authority to perform transactions with DOD systems without compromising sensitive or classified data.

Featured

  • Workforce
    Avril Haines testifies SSCI Jan. 19, 2021

    Haines looks to restore IC workforce morale

    If confirmed, Avril Haines says that one of her top priorities as the Director of National Intelligence will be "institutional" issues, like renewing public trust in the intelligence community and improving workforce morale.

  • Defense
    laptop cloud concept (Andrey Suslov/Shutterstock.com)

    Telework, BYOD and DEOS

    Telework made the idea of bringing your own device a top priority as the Defense Information Systems Agency begins transitioning to a permanent version of the commercial virtual remote environment.

Stay Connected