Industry raps Pentagon PKI

Defense Department officials say they're revamping their public-key infrastructure policy in light of an industry consortium report that sharply criticized DOD practices.

The Federal Electronic Commerce Coalition called for the Pentagon to relax its Aug. 12, 2000, PKI policy that mandates the highest level of PKI certification — Level 4 — for every transaction by 2005.

Because retirees will need to access DOD financial, health and personnel systems, and vendors dealing with DOD may not use Level 4 certificates, the department should mandate different levels of certification — from Level 2 to Level 4 — depending on the business area, said Michael Mestrovich, chairman of Arlington, Va.-based FECC.

Thirty-eight industry officials signed the FECC "Impact Assessment of DOD's PKI Policy" white paper on Dec. 11. The organization represents 16 industry associations with 7,000 members.

"They're suggesting we use the federal [PKI] bridge, and we have always been committed to that," said Paul Grant, electronic business executive for the assistant secretary of Defense for command, control, communications and intelligence.

DOD officials are implementing key areas of the report, he said, and added that he believed the Bush administration would try to implement the FECC recommendations.

Nonetheless, he said it will be difficult to enable retirees and vendors with weaker certificate authority to perform transactions with DOD systems without compromising sensitive or classified data.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.