SEC to make online authentication more stringent

SEC to make online authentication more stringent

The Securities and Exchange Commission wants to be sure it knows whom it is dealing with when documents are filed through its Electronic Data Gathering, Analysis and Retrieval system.

“We’re looking at implementing a new authentication system to prevent people from fraudulently filing,” SEC chief security officer Chrisan Herrod said.

Thousands of companies must file corporate and financial documents via EDGAR. The agency is considering using digital certificates to strengthen authentication.

“We’re not very far along the path toward a digital certificate solution,” Herrod said. “It’s more a glimmer in the eye at this point.”

Herrod talked about the new authentication scheme today during a Capitol Hill panel discussion on information security hosted by the Business Software Alliance.

One hot issue discussed by the panel of government and industry speakers was difficulty authenticating data and its origin.

Herrod called the EDGAR system SEC’s crown IT jewel. The commission began using the online filing system in 1992, and in 2001 completed a $22.5 million modernization program that included adding a Web interface. The system receives up to 2,500 filings each day.

About five years ago, SEC began standardizing on two-factor authentication for new filers, requiring they use passwords and either personal identification numbers or user names. There usually is one designated person in each organization with authority to make EDGAR filings.

“We do vet that individual, to a certain degree,” Herrod said. Checks are done to ensure that corporations are valid and that the designated users are employees with authority to file documents.

Herrod said SEC wants to use strong encryption with whatever system is chosen, but no decision has been made on whether that will mean a public-key infrastructure.

The commission will probably implement the new system gradually, with digital certificates issued first to new filers. Getting legacy filers to adopt digital certificates will require developing a clear business case for the technology, Herrod said.

“We are going to have to be very clear about why it is important,” she said

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.