HSPD-12 card opens door for digital signatures

The Government Paperwork Elimination Act (GPEA) may have been one of those laws that came too early. The 1998 legislation called for agencies to do many things to eliminate how much paper they process, including using electronic signatures.

Although few agencies instituted electronic signatures, departments are laying the foundation for not only electronic signatures, but digital signatures using public key infrastructure technology through the implementation of Homeland Security Presidential Directive 12.

Electronic signatures serve as a legally-binding counterpart to handwritten signatures when it comes to electronic documents. Digital signatures, on the other hand, provide additional security measures, making it possible to authenticate the identity of the person applying the signature and to ensure that no one has tampered with the data.

Judy Spencer, chairwoman of the Federal Identity Credentialing Committee in the General Services Administration, said every agency she has talked with is adding all four digital credentials on the HSPD-12 card despite being required only to have one.

HSPD-12 requires the Personal Identity Verification credential and leaves three others as optional — digital signature, key management and card management.

And because they are doing that, GPEA, along with about five other governmentwide security mandates, the widespread use of digital signatures is not far off, she said.

“With GPEA, the problem has been that PKI is so hard so few agencies, but ones like DOD, actually implemented, it,” Spencer said today at a conference on ID management in Washington sponsored by the Information Technology Association of America. “With HSPD-12, agencies are recognizing the potential of the card and the credentials and they realize if they don’t put all four credentials on the card now, they may kick themselves later.”

Spencer added that the cost to put four credentials on the card is nearly the same for one.

“There is no excuse not to use digital signatures because everyone will have a card in their pocket,” she said.

Spencer also said the HSPD-12 Executive Steering Committee is reconvening the architecture working group to address four or five new issues, including interagency information interoperability and recommendations for how to ensure interoperability between federal cards and state, local, business and international cards.

The sharing of information between agencies centers on the standards of back-end attribute exchange. The exchange will define the data that agencies will share when federal employees can visit other departments.

“We want to keep the information exchanged as minimal as possible to create the trust model,” she said. “Agencies may need an interagency agreement.”

The working group initially developed consensus around card issuance standards for areas such as the data exchange between the identity management system and the enrollment station.

Spencer said these governance issues are among the steering committee’s highest priority.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.