Security bridge nears opening

Federal PKI Steering Committee

The federal government will soon put online its central mechanism for enabling agencies' security authentication systems to interact, and officials are working to extend it to nonfederal partners.

The Federal Bridge Certification Authority (FBCA), hosted by the General Services Administration, will enable agencies to recognize the assurance levels of digital certificates from other agencies.

A digital certificate, used within a public-key infrastructure, can store identification, authentication and authorization information as well as provide encryption for electronic transactions.

GSA and five other organizations tested the FBCA last year, and now that the fiscal 2001 funding has come through, it should become operational by early April, said Judith Spencer, chairwoman of the Federal PKI Steering Committee, speaking Wednesday at the Securing Electronic Government conference in Washington, D.C.

So that the policy and technical aspects are ready at the same time, the Federal PKI Policy Authority is in the final stages of reviewing the agreements that agencies must sign to interoperate with the bridge, said Michelle Moldenhauer, chairwoman of the policy authority. The documents will be available for agencies on the policy authority's Web site, which should be going online in the next month, she said.

The steering committee and the policy authority function under the federal CIO Council.

Once the bridge is running, the steering committee will act to allow state and local governments, as well as private-sector organizations, to interoperate with the bridge, Spencer said. GSA officials are talking with some states and market sectors, including health care and education, that are forming their own bridges and want to be able to cross-certify with the federal bridge.

The steering committee's Legal and Policy Working Group is looking at what actions must be taken to allow this kind of cross-certification, Spencer said. The cross-certification would mean, for example, that a federal certificate from the Environmental Protection Agency could be accepted by a state agency that is involved in environmental regulation.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.