GSA open to outsourcing federal PKI operation

The General Services is looking for new ideas about how to manage the Federal Public Key Infrastructure (PKI) Trust system, including the possibility of turning it over to a contractor.

At present, GSA is responsible for the system, which maintains links between federal agencies and public and private groups that issue PKI certificates, and systems that connect different government PKI systems. Among other functions, the system is used to support the process for maintaining Personal Identity Verification credentials.

But in a request for information released earlier this month, GSA invited people to suggest alternative solutions for managing federal PKI operations. The RFI asks for comments on two basic approaches: the current model, in which a contractor provides the service using government-furnished systems, and a services-only model, in which a contractor takes over the system as well.

In the case of the current model, GSA also is looking for ideas about to enhance existing services. For example, the agency would like to develop a funding model that would make it possible to recover the costs of operating the PKI infrastructure. The RFI also asks for comments on how to better divide management responsibilities between the government and the contractor.

In the case of the services-only model, GSA would like comments on how to manage the transition.