Industry raps Pentagon PKI

Defense Department officials say they're revamping their public-key infrastructure policy in light of an industry consortium report that sharply criticized DOD practices.

The Federal Electronic Commerce Coalition called for the Pentagon to relax its Aug. 12, 2000, PKI policy that mandates the highest level of PKI certification — Level 4 — for every transaction by 2005.

Because retirees will need to access DOD financial, health and personnel systems, and vendors dealing with DOD may not use Level 4 certificates, the department should mandate different levels of certification — from Level 2 to Level 4 — depending on the business area, said Michael Mestrovich, chairman of Arlington, Va.-based FECC.

Thirty-eight industry officials signed the FECC "Impact Assessment of DOD's PKI Policy" white paper on Dec. 11. The organization represents 16 industry associations with 7,000 members.

"They're suggesting we use the federal [PKI] bridge, and we have always been committed to that," said Paul Grant, electronic business executive for the assistant secretary of Defense for command, control, communications and intelligence.

DOD officials are implementing key areas of the report, he said, and added that he believed the Bush administration would try to implement the FECC recommendations.

Nonetheless, he said it will be difficult to enable retirees and vendors with weaker certificate authority to perform transactions with DOD systems without compromising sensitive or classified data.

Featured

  • People
    2021 Federal 100 Awards

    Announcing the 2021 Federal 100 Award winners

    Meet the women and men being honored for their exceptional contributions to federal IT.

  • Comment
    Diverse Workforce (Image: Shutterstock)

    Who cares if you wear a hoodie or a suit? It’s the mission that matters most

    Responding to Steve Kelman's recent blog post, Alan Thomas shares the inside story on 18F's evolution.

Stay Connected