Lack of federal PKI hinders progress on e-purchasing

Federal PKI Steering Committee

The high level of electronic transaction security that public-key infrastructure technology can bring to the federal government will not be fully realized until an overall management framework is formed to consistently guide agencies, according to a new report.

The development of a federal PKI—using digital certificates to authenticate, authorize and encrypt electronic transactions between agencies and between agencies and citizens—has made substantial progress during the last few years, led by the Federal PKI Steering Committee and the General Services Administration. But several challenges still must be overcome, including getting the Office of Management and Budget to lend its authority to direct the governmentwide implementation effort, wrote David McClure, director of information technology management issues at the General Accounting Office.

GAO outlined these challenges:

Developing a system that ensures seamless interoperability of agency PKIs. Overcoming the current lack of a proven example of a PKI-enabled application in the federal government. Reducing the high cost of building a PKI and enabling software applications to use it. Developing well-defined security policies and procedures. Training administrators and users to work with a complex technology. The Federal PKI Steering Committee is seeking solutions to these issues and has already developed the Federal Bridge Certification Authority, which allows the many agency PKI applications to connect in a larger network. But the steering committee "does not have the authority to define or require adherence to a governmentwide management framework," McClure wrote.

The report recommends that the com-mittee and GSA continue their efforts. But the only way to ensure such authority is to have OMB establish a frame-work, working with the committee, the CIO Council, the National Institute of Standards and Technology and others.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.