GSA will lead e-authentication project

GSA will lead e-authentication project

The General Services Administration will oversee formation of a governmentwide public-key infrastructure through an electronic authentication project endorsed by the Office of Management and Budget.

John Sindelar, deputy associate administrator in GSA’s Office of Governmentwide Policy, said PKI is not mandatory, although it is the preferred security measure for e-government projects.

“We don’t have to create another centrifugal force,” Sindelar said. He said agencies should just use existing resources.

The FirstGov.gov portal, Sindelar said, will integrate its communication channels to become an official public gateway to a growing number of online federal services and will promote PKI services under GSA’s Access Certificates for Electronic Services program.

FirstGov will be able to collect information—in a customer relationship management or case management methodology—in a way that will prevent agencies from collecting duplicate information, Sindelar said.

Some initiatives will be fine without a PKI, he said. Others, such as tax filing or other sensitive transactions, probably will need it.

“What we see is a landscape of interconnectivity,” said Mark Forman, OMB associate director for IT and e-government. With government-to-government projects, for example, PKI would ease concerns about sharing information that’s behind a firewall, he said.

Forman told about 500 federal officials and commercial security experts at a symposium last month that PKI will be the enabler of OMB’s 23 endorsed e-gov projects. He also warned that agencies that don’t implement security measures in their e-gov initiatives’ business cases would not get funding.

Even though OMB has been working with the Federal PKI Steering Committee for five years, “I think 9/11 really galvanized things” for PKI security, said Judith Spencer, chairwoman of the CIO Council’s PKI Steering Committee.

Tim Polk, PKI program manager at the National Institute of Standards and Technology, referred to agencies’ well-known reluctance to trust third parties with their digital certificates [GCN, July 23, Page 7].

“No one wants to be the registration authority, and no one wants to house the certification authority,” Polk said.

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Featured

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected