PKI bridge open for business

The General Services Administration held a signing ceremony Sept. 18 for the first government agencies to be cross-certified with the federal public-key infrastructure bridge, which makes it easier for agency users to exchange data securely.

The PKI bridge links agencies' certificate authorities (CAs), the services that generate and manage digital certificates to identify users and secure their transactions. The bridge -- a partnership between the Federal PKI Steering Committee and the Federal PKI Policy Authority -- is a collection of hardware, software and policies that let federal agencies and other entities validate digital signatures issued by participating PKI certificates.

Powered by Entrust Inc's PKI technology, the bridge allows users at the Defense Department, the Agriculture Department's National Finance Center, NASA and the Treasury Department as well as other government users to securely share information.

The cross-certification marks a milestone in the government's e-Authentication project, one of the 24 cross-agency e-government initiatives, said Mark Forman, associate director for information technology and e-government at the Office of Management and Budget. The federal bridge "unifies islands of communities" across the government, he said.

More bridging between the government and private sector will happen in the future, Forman added.

Other agencies and governments plan to tie into the federal bridge, including the Canadian government, the state of Illinois, and the U.S. State Department, said Judith Spencer, chairwoman of the Federal PKI Steering Committee.

Before they can do that, however, they must map out policies, undergo compatibility testing, certification and accreditation as well as compliance auditing, Spencer said.

More agencies could be ready for cross-certification within the next three months, Spencer said.

The GSA's Federal Technology Service operates the federal bridge for the government. FTS also is testing other PKI technology from Baltimore Technologies PLC, Microsoft Corp. and RSA Security Inc.

Although VeriSign Inc., a provider of managed PKI services, is not being tested as part of the bridge architecture, the company is testing its products to ensure interoperability with the bridge, Spencer added.

Featured

  • Management
    people standing on keyboard (Who is Danny/Shutterstock.com)

    OPM-GSA merger plan detailed in legislative proposal

    The White House is proposing legislation for a dramatic overhaul of human resources inside government and wants $50 million to execute the plan.

  • Cloud
    cloud applications (chanpipat/Shutterstock.com)

    GSA plans civilian DEOS counterpart

    GSA is developing a cloud email and enterprise services contract inspired by the single-source vehicle the Department of Defense devised for back-office software.

  • Defense
    software (whiteMocca/Shutterstock.com)

    DOD looks to unify software spending for 2020

    Defense Department acquisition head, Ellen Lord, hopes to simplify software buying and improve business systems following the release of the Defense Innovation Board's final software acquisition study.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.