GSA will lead e-authentication project

GSA will lead e-authentication project

The General Services Administration will oversee formation of a governmentwide public-key infrastructure through an electronic authentication project endorsed by the Office of Management and Budget.

John Sindelar, deputy associate administrator in GSA’s Office of Governmentwide Policy, said PKI is not mandatory, although it is the preferred security measure for e-government projects.

“We don’t have to create another centrifugal force,” Sindelar said. He said agencies should just use existing resources.

The FirstGov.gov portal, Sindelar said, will integrate its communication channels to become an official public gateway to a growing number of online federal services and will promote PKI services under GSA’s Access Certificates for Electronic Services program.

FirstGov will be able to collect information—in a customer relationship management or case management methodology—in a way that will prevent agencies from collecting duplicate information, Sindelar said.

Some initiatives will be fine without a PKI, he said. Others, such as tax filing or other sensitive transactions, probably will need it.

“What we see is a landscape of interconnectivity,” said Mark Forman, OMB associate director for IT and e-government. With government-to-government projects, for example, PKI would ease concerns about sharing information that’s behind a firewall, he said.

Forman told about 500 federal officials and commercial security experts at a symposium last month that PKI will be the enabler of OMB’s 23 endorsed e-gov projects. He also warned that agencies that don’t implement security measures in their e-gov initiatives’ business cases would not get funding.

Even though OMB has been working with the Federal PKI Steering Committee for five years, “I think 9/11 really galvanized things” for PKI security, said Judith Spencer, chairwoman of the CIO Council’s PKI Steering Committee.

Tim Polk, PKI program manager at the National Institute of Standards and Technology, referred to agencies’ well-known reluctance to trust third parties with their digital certificates [GCN, July 23, Page 7].

“No one wants to be the registration authority, and no one wants to house the certification authority,” Polk said.

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected