Lack of federal PKI hinders progress on e-purchasing

Federal PKI Steering Committee

The high level of electronic transaction security that public-key infrastructure technology can bring to the federal government will not be fully realized until an overall management framework is formed to consistently guide agencies, according to a new report.

The development of a federal PKI—using digital certificates to authenticate, authorize and encrypt electronic transactions between agencies and between agencies and citizens—has made substantial progress during the last few years, led by the Federal PKI Steering Committee and the General Services Administration. But several challenges still must be overcome, including getting the Office of Management and Budget to lend its authority to direct the governmentwide implementation effort, wrote David McClure, director of information technology management issues at the General Accounting Office.

GAO outlined these challenges:

Developing a system that ensures seamless interoperability of agency PKIs. Overcoming the current lack of a proven example of a PKI-enabled application in the federal government. Reducing the high cost of building a PKI and enabling software applications to use it. Developing well-defined security policies and procedures. Training administrators and users to work with a complex technology. The Federal PKI Steering Committee is seeking solutions to these issues and has already developed the Federal Bridge Certification Authority, which allows the many agency PKI applications to connect in a larger network. But the steering committee "does not have the authority to define or require adherence to a governmentwide management framework," McClure wrote.

The report recommends that the com-mittee and GSA continue their efforts. But the only way to ensure such authority is to have OMB establish a frame-work, working with the committee, the CIO Council, the National Institute of Standards and Technology and others.

Featured

  • Defense

    DOD wants prime contractors to be 'help desk' for new cybersecurity model

    The Defense Department is pushing forward with its unified cybersecurity standard for contractors and wants large companies and industry associations to show startups and smaller firms the way.

  • FCW Perspectives
    tech process (pkproject/Shutterstock.com)

    Understanding the obstacles to automation

    As RPA moves from buzzword to practical applications, agency leaders say it’s forcing broader discussions about business operations

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.