No risk, no gain

What if they had a procurement and nobody came?


To some extent, that is what is happening at the General Services Administration. It is
trying to launch a national digital certificate project, Access Certificates for
Electronic Services. No vendors are clamoring to bid on ACES even though GSA has made many
revisions to its request for proposals. The haggling dates back nearly a year. The need
for a uniform approach to digital signatures in the government dates back far longer than
that.


Vendors consider ACES risky for many reasons. Would-be bidders said they would prefer
signing on as subcontractors rather than leading a team.


In uncharted waters, such as a national digital certificate service, it’s easy to
see why vendors don’t want to lead with their chins. With ACES, the usual financial
risks, as GSA has acknowledged, are compounded by the liability exposure of vendors
holding citizens’ digital keys.


The result? GSA has had to stall ACES again as it tries to craft an RFP someone will
bid on.


Worse, though, is that vital services agencies want to do online also are on hold.
Notable among these is the Personal Earnings and Benefits Estimates Statements program.
The Social Security Administration urgently wants to issue PEBES online. SSA’s last
attempt fell victim to privacy concerns—some say hysteria—even though the
authentication factors required of a citizen to get a PEBES online matched those of
getting one conventionally. For political, if not technical, acceptance, online services
require encryption such as ACES would supply.


ACES is what the government needs, but vendors have valid objections. Let’s hope
the companies forcing GSA officials to jump through hoops to get the RFP right will reward
the agency with bids.


Thomas R. Temin
Editor
editor@gcn.com

inside gcn

  • security compliance

    Security fundamentals: Policy compliance

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above