Digital certificate clearinghouse needs work

Federal Bridge Certification Authority

The mechanism that allows a digital certificate to be used across government agencies must be upgraded before it will be available for the entire government, a federal information technology official said today.

The Federal Bridge Certification Authority (FBCA) is the central mechanism that handles digital certificates for transactions secured by any participating agency's public-key infrastructure (PKI). Clients of FBCA participants do not need certificates from every agency with which they do business.

Officials have determined that the existing architecture can likely handle cross-certification with about 50 agencies, said Peter Alterman, assistant chief information officer for electronic authentication at the National Institutes of Health and a member of the Federal PKI Steering Committee.

"We do know that, at some point, technology innovation will probably be necessary," said Alterman, speaking at the Federal Information Assurance Conference in College Park, Md.

Eventually, officials hope to create an interlacing system of bridge certification authorities with other communities and countries.

The committee is monitoring the issue. When further resources or infrastructure are needed, the program will expand, but "this version is adequate for our first steps into creating an interoperable PKI universe," he said.

So far, the federal bridge certification has a core of agencies that includes NASA, the Treasury Department and the National Finance Center at the Agriculture Department. Officials expect the authority soon will add the State and Labor departments, the state of Illinois and other organizations.

Featured

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • Comment
    cloud (Phaigraphic/Shutterstock.com)

    A call for visionary investment

    Investing in IT modernization is not an either-or proposition, Rep. Connolly writes. This pandemic has presented Congress a choice: We can put our head in the sand and pretend these failures didn't happen, or we can take action to be prepared for the future.

Stay Connected