Lack of federal PKI hinders progress on e-purchasing

Federal PKI Steering Committee

The high level of electronic transaction security that public-key infrastructure technology can bring to the federal government will not be fully realized until an overall management framework is formed to consistently guide agencies, according to a new report.

The development of a federal PKI—using digital certificates to authenticate, authorize and encrypt electronic transactions between agencies and between agencies and citizens—has made substantial progress during the last few years, led by the Federal PKI Steering Committee and the General Services Administration. But several challenges still must be overcome, including getting the Office of Management and Budget to lend its authority to direct the governmentwide implementation effort, wrote David McClure, director of information technology management issues at the General Accounting Office.

GAO outlined these challenges:

Developing a system that ensures seamless interoperability of agency PKIs. Overcoming the current lack of a proven example of a PKI-enabled application in the federal government. Reducing the high cost of building a PKI and enabling software applications to use it. Developing well-defined security policies and procedures. Training administrators and users to work with a complex technology. The Federal PKI Steering Committee is seeking solutions to these issues and has already developed the Federal Bridge Certification Authority, which allows the many agency PKI applications to connect in a larger network. But the steering committee "does not have the authority to define or require adherence to a governmentwide management framework," McClure wrote.

The report recommends that the com-mittee and GSA continue their efforts. But the only way to ensure such authority is to have OMB establish a frame-work, working with the committee, the CIO Council, the National Institute of Standards and Technology and others.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected