HSPD-12 card opens door for digital signatures

The Government Paperwork Elimination Act (GPEA) may have been one of those laws that came too early. The 1998 legislation called for agencies to do many things to eliminate how much paper they process, including using electronic signatures.

Although few agencies instituted electronic signatures, departments are laying the foundation for not only electronic signatures, but digital signatures using public key infrastructure technology through the implementation of Homeland Security Presidential Directive 12.

Electronic signatures serve as a legally-binding counterpart to handwritten signatures when it comes to electronic documents. Digital signatures, on the other hand, provide additional security measures, making it possible to authenticate the identity of the person applying the signature and to ensure that no one has tampered with the data.

Judy Spencer, chairwoman of the Federal Identity Credentialing Committee in the General Services Administration, said every agency she has talked with is adding all four digital credentials on the HSPD-12 card despite being required only to have one.

HSPD-12 requires the Personal Identity Verification credential and leaves three others as optional — digital signature, key management and card management.

And because they are doing that, GPEA, along with about five other governmentwide security mandates, the widespread use of digital signatures is not far off, she said.

“With GPEA, the problem has been that PKI is so hard so few agencies, but ones like DOD, actually implemented, it,” Spencer said today at a conference on ID management in Washington sponsored by the Information Technology Association of America. “With HSPD-12, agencies are recognizing the potential of the card and the credentials and they realize if they don’t put all four credentials on the card now, they may kick themselves later.”

Spencer added that the cost to put four credentials on the card is nearly the same for one.

“There is no excuse not to use digital signatures because everyone will have a card in their pocket,” she said.

Spencer also said the HSPD-12 Executive Steering Committee is reconvening the architecture working group to address four or five new issues, including interagency information interoperability and recommendations for how to ensure interoperability between federal cards and state, local, business and international cards.

The sharing of information between agencies centers on the standards of back-end attribute exchange. The exchange will define the data that agencies will share when federal employees can visit other departments.

“We want to keep the information exchanged as minimal as possible to create the trust model,” she said. “Agencies may need an interagency agreement.”

The working group initially developed consensus around card issuance standards for areas such as the data exchange between the identity management system and the enrollment station.

Spencer said these governance issues are among the steering committee’s highest priority.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.