DOD adopts new policy on third-party PKIs

The Defense Department’s new policy decision to accept third-party public-key infrastructures should have a broad effect on contractors and across defense agencies, according to Paul Grant, special assistant for identification management and external partnering in the office of the Defense Chief Information Officer.

“Absolutely, this will have a major impact on the acceptance of PKI,” Grant told Federal Computer Week in an interview today. “It is going to get momentum now.”

PKI is a system of identification management and information assurance that has been developing during the past decade. Typically, a PKI authority issues digital certificates verifying the identity of individuals.

On July 22, DOD CIO John Grimes distributed a memo that outlined the new policy of accepting PKI certificates issued by external third parties.


Previously, DOD only accepted those certificates that were issued under its own authority. Those certificates currently are issued by DOD-authorized vendors Operational Research Consultants Inc., VeriSign Inc. and IdenTrust Inc.


The new policy opens the door for acceptance of such certificates, along with compliant ID cards, issued by eligible vendors affiliated with the Federal Bridge Certification Authority, which services federal agencies, and by a private bridge certification authority Certipath. Currently, Certipath is the only private-sector bridge authority in existence, but more such organizations may be formed in the future, Grant said.


.
Certipath is a Herndon, Va.-based joint venture formed by several PKI vendors. Its membership includes several major defense contractors. Federal contractors that meet Certipath’s information assurance standards are eligible to apply for membership.
 
To date, Certipath members Boeing Co., Lockheed Martin Corp., Northrop-Grumman Corp. and Raytheon Co. are the only contractors fully eligible to participate in the new policy, Grant said.
 
Certipath spearheaded the drive to be accepted as a PKI provider by DOD, Grant said, because it will provide benefits to the Certipath members and facilitate interactions with DOD.

“This will be a tremendous help for information sharing and collaboration,” Grant said. “Certipath jumped out in front on this. They said, ‘We need this and we will pay for it.’ ” Certipath’s development and alignment with DOD's PKI standards took several years and did not involve government funding, he added.
 
The new policy will become effective after interoperability testing is completed to ensure that the PKI certificates, along with use of identification cards aligned with the Personal Identity Verification federal standard, meet DOD's requirements, Grant said. The tests have already begun, but information was not immediately available on how long they would take to perform.

After testing is completed, participating contractor executives will be able to access DOD files online with an identification card rather than with a password, Grant said.

Grant said the greatest challenge has been in convincing DOD agency heads of the benefits of the complex PKI systems.“This has taken a long time to get into place,” Grant said. “We had to prove what the value of PKI was.”

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.