HSPD-12 card opens door for digital signatures

The Government Paperwork Elimination Act (GPEA) may have been one of those laws that came too early. The 1998 legislation called for agencies to do many things to eliminate how much paper they process, including using electronic signatures.

Although few agencies instituted electronic signatures, departments are laying the foundation for not only electronic signatures, but digital signatures using public key infrastructure technology through the implementation of Homeland Security Presidential Directive 12.

Electronic signatures serve as a legally-binding counterpart to handwritten signatures when it comes to electronic documents. Digital signatures, on the other hand, provide additional security measures, making it possible to authenticate the identity of the person applying the signature and to ensure that no one has tampered with the data.

Judy Spencer, chairwoman of the Federal Identity Credentialing Committee in the General Services Administration, said every agency she has talked with is adding all four digital credentials on the HSPD-12 card despite being required only to have one.

HSPD-12 requires the Personal Identity Verification credential and leaves three others as optional — digital signature, key management and card management.

And because they are doing that, GPEA, along with about five other governmentwide security mandates, the widespread use of digital signatures is not far off, she said.

“With GPEA, the problem has been that PKI is so hard so few agencies, but ones like DOD, actually implemented, it,” Spencer said today at a conference on ID management in Washington sponsored by the Information Technology Association of America. “With HSPD-12, agencies are recognizing the potential of the card and the credentials and they realize if they don’t put all four credentials on the card now, they may kick themselves later.”

Spencer added that the cost to put four credentials on the card is nearly the same for one.

“There is no excuse not to use digital signatures because everyone will have a card in their pocket,” she said.

Spencer also said the HSPD-12 Executive Steering Committee is reconvening the architecture working group to address four or five new issues, including interagency information interoperability and recommendations for how to ensure interoperability between federal cards and state, local, business and international cards.

The sharing of information between agencies centers on the standards of back-end attribute exchange. The exchange will define the data that agencies will share when federal employees can visit other departments.

“We want to keep the information exchanged as minimal as possible to create the trust model,” she said. “Agencies may need an interagency agreement.”

The working group initially developed consensus around card issuance standards for areas such as the data exchange between the identity management system and the enrollment station.

Spencer said these governance issues are among the steering committee’s highest priority.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.