One certificate doesn't work for all

While some organizations are moving toward creating a public-key infrastructure, others are still holding back before jumping in.

Ohio chief information officer Greg Jackson said his organization looked into creating a central PKI authority and asked other agencies to make a business case for applications requiring such a system. He said he could only justify one application — local health boards transmitting infectious disease reports to the Centers for Disease Control and Prevention — that would have required a higher level of authentication. All others would have just needed passwords and user IDs to access them.

"That's a technology looking for a solution," he said.

He was also concerned about the liability of a government, which acted as a certificate authority. He likened it to the issue concerning driver's licenses — originally issued only as legal permission to drive — being used as de facto national identification.

Featured

  • Acquisition
    network monitoring (nmedia/Shutterstock.com)

    How companies should prep for CMMC

    Defense contractors should be getting ready for the Defense Department's impending cybersecurity standard expected to be released this month.

  • Workforce
    Volcanic Tablelands Calif BLM Bishop Field Office employee. April 28, 2010

    BLM begins move out of Washington

    The decision to relocate staff could disrupt key relationships with Congress and OMB and set the stage for a dismantling of the agency, say former employees.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.