GSA will lead e-authentication project

GSA will lead e-authentication project

The General Services Administration will oversee formation of a governmentwide public-key infrastructure through an electronic authentication project endorsed by the Office of Management and Budget.

John Sindelar, deputy associate administrator in GSA’s Office of Governmentwide Policy, said PKI is not mandatory, although it is the preferred security measure for e-government projects.

“We don’t have to create another centrifugal force,” Sindelar said. He said agencies should just use existing resources.

The FirstGov.gov portal, Sindelar said, will integrate its communication channels to become an official public gateway to a growing number of online federal services and will promote PKI services under GSA’s Access Certificates for Electronic Services program.

FirstGov will be able to collect information—in a customer relationship management or case management methodology—in a way that will prevent agencies from collecting duplicate information, Sindelar said.

Some initiatives will be fine without a PKI, he said. Others, such as tax filing or other sensitive transactions, probably will need it.

“What we see is a landscape of interconnectivity,” said Mark Forman, OMB associate director for IT and e-government. With government-to-government projects, for example, PKI would ease concerns about sharing information that’s behind a firewall, he said.

Forman told about 500 federal officials and commercial security experts at a symposium last month that PKI will be the enabler of OMB’s 23 endorsed e-gov projects. He also warned that agencies that don’t implement security measures in their e-gov initiatives’ business cases would not get funding.

Even though OMB has been working with the Federal PKI Steering Committee for five years, “I think 9/11 really galvanized things” for PKI security, said Judith Spencer, chairwoman of the CIO Council’s PKI Steering Committee.

Tim Polk, PKI program manager at the National Institute of Standards and Technology, referred to agencies’ well-known reluctance to trust third parties with their digital certificates [GCN, July 23, Page 7].

“No one wants to be the registration authority, and no one wants to house the certification authority,” Polk said.

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.