SEC to make online authentication more stringent

SEC to make online authentication more stringent

The Securities and Exchange Commission wants to be sure it knows whom it is dealing with when documents are filed through its Electronic Data Gathering, Analysis and Retrieval system.

“We’re looking at implementing a new authentication system to prevent people from fraudulently filing,” SEC chief security officer Chrisan Herrod said.

Thousands of companies must file corporate and financial documents via EDGAR. The agency is considering using digital certificates to strengthen authentication.

“We’re not very far along the path toward a digital certificate solution,” Herrod said. “It’s more a glimmer in the eye at this point.”

Herrod talked about the new authentication scheme today during a Capitol Hill panel discussion on information security hosted by the Business Software Alliance.

One hot issue discussed by the panel of government and industry speakers was difficulty authenticating data and its origin.

Herrod called the EDGAR system SEC’s crown IT jewel. The commission began using the online filing system in 1992, and in 2001 completed a $22.5 million modernization program that included adding a Web interface. The system receives up to 2,500 filings each day.

About five years ago, SEC began standardizing on two-factor authentication for new filers, requiring they use passwords and either personal identification numbers or user names. There usually is one designated person in each organization with authority to make EDGAR filings.

“We do vet that individual, to a certain degree,” Herrod said. Checks are done to ensure that corporations are valid and that the designated users are employees with authority to file documents.

Herrod said SEC wants to use strong encryption with whatever system is chosen, but no decision has been made on whether that will mean a public-key infrastructure.

The commission will probably implement the new system gradually, with digital certificates issued first to new filers. Getting legacy filers to adopt digital certificates will require developing a clear business case for the technology, Herrod said.

“We are going to have to be very clear about why it is important,” she said

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.