E-gov security gateway in works

E-Authentication GSA presentation

The General Services Administration this fall plans to take bids on the development of one of the linchpins of the Bush administration's vision for e-government: a security gateway that would provide a single point at which users can sign on to access services that require passwords or other means of authentication.

GSA is the lead agency on the e-Authentication initiative, one of two crosscutting initiatives under the administration's e-government strategy.

The initiative aims to provide whatever level of authentication is deemed appropriate — a password, online digital certificate or smart card — for services offered as part of the other 22 e-government initiatives. The other initiatives include services such as online grant applications and electronic disaster benefits payments.

Not everyone or every service will require authentication. Many people visit Web sites only to search for information and others may choose to authenticate themselves only when they get to the site where the application resides, said Sallie McDonald, GSA's assistant commissioner for information assurance and critical infrastructure protection.

"But if you want to engage in a transaction with government, and you want to authenticate at the gateway, then you can do that and only authenticate yourself once," she said.

Most of the initiative services will be accessed through the FirstGov Web portal, and GSA plans to release a request for proposals (RFP) in September for an authentication gateway that will be attached to FirstGov, according to McDonald, speaking last week at the E-Security and Homeland Defense conference in New York City.

Before GSA issues the RFP, Mitretek Systems Inc. will define the requirements and start developing a pilot program, said Steve Timchak, program manager for the e-Authentication initiative.

Citizens, vendors and government employees will provide their authentication when they sign on through FirstGov. A password will provide access to services with relatively low security requirements. For every higher level of authentication, a broader range of services will be available, McDonald said.

The gateway takes authentication technology to a height that few have tried to reach before, said Alan Paller, director of research at the SANS Institute, a security education and consulting organization.

"This is an example of the government leading by example," Paller said. "The best part of this is it's a demo [of authentication technology] and it's a wonderful use of FirstGov."

For the gateway, GSA will analyze the security risks associated with four of the initiatives that are the farthest along to identify what authentication might be needed, Timchak said.

GSA will perform the analysis using the Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE) tool developed by the CERT Coordination Center at Carnegie Mellon University in Pennsylvania.

OCTAVE is intended for use on mature systems, so GSA is waiting for the center to modify the tool for use on systems during the requirements-development phase, Timchak said. The modifications should be completed within the next month.

***

E-Authentication timeline

Now: Mitretek Systems Inc. is determining technical options.

June 18: General Services Administration briefs vendors.

Summer: Request for information released.

September: Request for proposals released.

Sept. 30: Mitretek gateway pilot project reaches initial operating capability.

Sept. 30, 2003: Vendor prototype gateway reaches final operating capability.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected