Lack of federal PKI hinders progress on e-purchasing
- By Diane Frank
- Mar 04, 2001
Federal PKI Steering Committee
The high level of electronic transaction security that public-key infrastructure technology can bring to the federal government will not be fully realized until an overall management framework is formed to consistently guide agencies, according to a new report.
The development of a federal PKI—using digital certificates to authenticate, authorize and encrypt electronic transactions between agencies and between agencies and citizens—has made substantial progress during the last few years, led by the Federal PKI Steering Committee and the General Services Administration. But several challenges still must be overcome, including getting the Office of Management and Budget to lend its authority to direct the governmentwide implementation effort, wrote David McClure, director of information technology management issues at the General Accounting Office.
GAO outlined these challenges:
Developing a system that ensures seamless interoperability of agency PKIs. Overcoming the current lack of a proven example of a PKI-enabled application in the federal government. Reducing the high cost of building a PKI and enabling software applications to use it. Developing well-defined security policies and procedures. Training administrators and users to work with a complex technology. The Federal PKI Steering Committee is seeking solutions to these issues and has already developed the Federal Bridge Certification Authority, which allows the many agency PKI applications to connect in a larger network. But the steering committee "does not have the authority to define or require adherence to a governmentwide management framework," McClure wrote.
The report recommends that the com-mittee and GSA continue their efforts. But the only way to ensure such authority is to have OMB establish a frame-work, working with the committee, the CIO Council, the National Institute of Standards and Technology and others.