Agencies to vote on bridge

Federal agency representatives will vote Thursday to approve the governmentwide mechanism that will enable agencies to exchange digital certificates for secure electronic transactions.

Agencies employing public-key infrastructure will be able to use the Federal Bridge Certification Authority to accept certificates from any other agency that is a member of the group. A digital certificate, used within PKI, can store identification, authentication and authorization information as well as provide encryption for electronic transactions.

The Federal PKI Steering Committee oversees the FBCA. Members will vote Thursday morning to approve the certificate policy and certificate practice statement that govern how the FBCA works, said Judith Spencer, chairwoman of the steering committee.

Once that vote passes, the FBCA will be available for agencies to use, she said, but it will not actually be in operation until agencies have applied to become members. For an agency to be included in the FBCA, the Federal PKI Policy Authority must approve the agency's existing certificate policy and certificate practice statement. Once approved, that policy will be mapped against the four certificate authentication levels — rudimentary, basic, medium and high — so that agencies know how other certificates correspond to their own policies.

NASA, the Agriculture Department's National Finance Center and the Federal Deposit Insurance Corp. are among he first agencies with PKIs in place that have expressed interest in applying to be FBCA members, Spencer said.

Energy Department officials are in the process of establishing their own PKI and are modeling their certificate policy and certificate practice statement on those used by the federal bridge so that the department can immediately apply for membership, Spencer said.

Featured

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • Comment
    cloud (Phaigraphic/Shutterstock.com)

    A call for visionary investment

    Investing in IT modernization is not an either-or proposition, Rep. Connolly writes. This pandemic has presented Congress a choice: We can put our head in the sand and pretend these failures didn't happen, or we can take action to be prepared for the future.

Stay Connected