HSPD-12 card opens door for digital signatures

The Government Paperwork Elimination Act (GPEA) may have been one of those laws that came too early. The 1998 legislation called for agencies to do many things to eliminate how much paper they process, including using electronic signatures.

Although few agencies instituted electronic signatures, departments are laying the foundation for not only electronic signatures, but digital signatures using public key infrastructure technology through the implementation of Homeland Security Presidential Directive 12.

Electronic signatures serve as a legally-binding counterpart to handwritten signatures when it comes to electronic documents. Digital signatures, on the other hand, provide additional security measures, making it possible to authenticate the identity of the person applying the signature and to ensure that no one has tampered with the data.

Judy Spencer, chairwoman of the Federal Identity Credentialing Committee in the General Services Administration, said every agency she has talked with is adding all four digital credentials on the HSPD-12 card despite being required only to have one.

HSPD-12 requires the Personal Identity Verification credential and leaves three others as optional — digital signature, key management and card management.

And because they are doing that, GPEA, along with about five other governmentwide security mandates, the widespread use of digital signatures is not far off, she said.

“With GPEA, the problem has been that PKI is so hard so few agencies, but ones like DOD, actually implemented, it,” Spencer said today at a conference on ID management in Washington sponsored by the Information Technology Association of America. “With HSPD-12, agencies are recognizing the potential of the card and the credentials and they realize if they don’t put all four credentials on the card now, they may kick themselves later.”

Spencer added that the cost to put four credentials on the card is nearly the same for one.

“There is no excuse not to use digital signatures because everyone will have a card in their pocket,” she said.

Spencer also said the HSPD-12 Executive Steering Committee is reconvening the architecture working group to address four or five new issues, including interagency information interoperability and recommendations for how to ensure interoperability between federal cards and state, local, business and international cards.

The sharing of information between agencies centers on the standards of back-end attribute exchange. The exchange will define the data that agencies will share when federal employees can visit other departments.

“We want to keep the information exchanged as minimal as possible to create the trust model,” she said. “Agencies may need an interagency agreement.”

The working group initially developed consensus around card issuance standards for areas such as the data exchange between the identity management system and the enrollment station.

Spencer said these governance issues are among the steering committee’s highest priority.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.