What is your e-mail address?
My e-mail address is:

Do you have a password?
Forgot your password? Click here
close


    OMB and GITS Board offer pointers on PKI use

    • By Christopher J. Dorobek
    • Feb 08, 1999

    A new report outlines how agencies can use a public-key infrastructure and digital
    certificates to ensure that data transmitted online is legitimate.


    The report, Access With Trust, discusses both internal transactions within agencies and
    external data exchanges with vendors, state and local governments, and citizens.


    The report—from the Office of Management and Budget and the Government Information
    Technology Services Board’s Federal PKI Steering Committee—is based on the
    notion that citizens should be able to do more of their business with government
    electronically, said Andrew J. Boots, champion for privacy and security for the National
    Partnership for Reinventing Government.


    “That simple idea turns out to be pretty complicated,” he said, but PKI is
    the foundation.


    A PKI provides for and sustains secure interactions on open networks such as the
    Internet, Boots said.


    “Properly implemented in concert with other security services, the PKI serves as
    the fundamental building block for a broad spectrum of electronic commerce and government
    communications, all done in a fashion which protects the privacy of citizens and companies
    and gives them the confidence to use this new medium of communication routinely,
    frequently and effectively,” the report said.


    Richard A. Guida, the GITS Board’s security champion and chairman of its PKI
    Steering Committee, said agencies need to “look at this document as a means to an
    end.” That end is a workable, ubiquitous infrastructure that lets agencies do
    business with their various customers in an electronic environment.


    “The end we’re trying to achieve is the appropriate use of PKI,” he
    said.


    The PKI Steering Committee and NPR are encouraging agencies to take the first steps
    that will lead to development of agency PKIs. “It’s never going to get done
    unless there is a forcing function,” Guida said.


    The report came just as the General Services Administration issued its request for
    proposals for the Access Certificates for Electronic Services project.


    Through ACES, GSA wants to establish a mechanism for providing agencies with digital
    authentication certificates. Guida praised ACES as the kind of government move that will
    spur the development of PKIs.


    The new report outlines three governing principles for the federal government’s
    role:


    A PKI needs to develop from the bottom up with pilot projects demonstrating that
    electronic transactions are effective and efficient, officials said. But each PKI also
    must be interoperable with other PKIs.


    The online environment demands a range of security levels, Boots said.


    The report is available online at http://gits.gov.



    Reader Comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Your Name:(optional)
    Your Email:(optional)
    Your Location:(optional)
    Comment:
    Please type the letters/numbers you see above

    GCN eNewsletters

    eSeminar