PKI bridge milestone approaches

Later this month, the General Services Administration will announce the first government agencies to be cross-certified with the federal public-key infrastructure bridge, making it easier for agency users to exchange data securely.

The PKI bridge is designed as a way to link agencies' certificate authorities (CAs), which is the server used to generate and manage digital certificates to identify users and secure their transactions.

The bridge acts as a trusted third party that enables an agency involved in a transaction to objectively verify that a certificate issued by another agency meets a baseline level of trust. It does this by mapping one agency's trust levels — such as high, medium or low — to another agency's.

On Sept. 18, GSA plans to hold a cross-signing ceremony that will show that certificates from the Defense Department, the Agriculture Department's National Finance Center, NASA and the Treasury Department can interoperate, said David Temoshok, PKI policy manager at GSA's Office of Governmentwide Policy.

GSA officials hope to add Illinois and Canada in 2003, with others to follow soon after. Temoshok spoke at the Interagency Resources Management Conference in Hershey, Pa., last week.

But there is still much work to be done, because few agencies have fully deployed PKIs to support their applications, such as e-mail, said John Pescatore, a research director at Gartner Inc. However, "it potentially eliminates one of the two largest barriers to interoperable communications between agencies." The other barrier, he said, is lack of e-mail directories.


  • Comment
    Diverse Workforce (Image: Shutterstock)

    Who cares if you wear a hoodie or a suit? It’s the mission that matters most

    Responding to Steve Kelman's recent blog post, Alan Thomas shares the inside story on 18F's evolution.

  • Cybersecurity
    enterprise security (Omelchenko/

    Does Einstein need a post-SolarWinds makeover?

    A marquee program designed to protect the government against cybersecurity threats is facing new scrutiny in the wake of Solar Winds Orion breach, but analysts say the program was unlikely to have ever stopped the hacking campaign.

Stay Connected