OMB and GITS Board offer pointers on PKI use

A new report outlines how agencies can use a public-key infrastructure and digital
certificates to ensure that data transmitted online is legitimate.


The report, Access With Trust, discusses both internal transactions within agencies and
external data exchanges with vendors, state and local governments, and citizens.


The report—from the Office of Management and Budget and the Government Information
Technology Services Board’s Federal PKI Steering Committee—is based on the
notion that citizens should be able to do more of their business with government
electronically, said Andrew J. Boots, champion for privacy and security for the National
Partnership for Reinventing Government.


“That simple idea turns out to be pretty complicated,” he said, but PKI is
the foundation.


A PKI provides for and sustains secure interactions on open networks such as the
Internet, Boots said.


“Properly implemented in concert with other security services, the PKI serves as
the fundamental building block for a broad spectrum of electronic commerce and government
communications, all done in a fashion which protects the privacy of citizens and companies
and gives them the confidence to use this new medium of communication routinely,
frequently and effectively,” the report said.


Richard A. Guida, the GITS Board’s security champion and chairman of its PKI
Steering Committee, said agencies need to “look at this document as a means to an
end.” That end is a workable, ubiquitous infrastructure that lets agencies do
business with their various customers in an electronic environment.


“The end we’re trying to achieve is the appropriate use of PKI,” he
said.


The PKI Steering Committee and NPR are encouraging agencies to take the first steps
that will lead to development of agency PKIs. “It’s never going to get done
unless there is a forcing function,” Guida said.


The report came just as the General Services Administration issued its request for
proposals for the Access Certificates for Electronic Services project.


Through ACES, GSA wants to establish a mechanism for providing agencies with digital
authentication certificates. Guida praised ACES as the kind of government move that will
spur the development of PKIs.


The new report outlines three governing principles for the federal government’s
role:


A PKI needs to develop from the bottom up with pilot projects demonstrating that
electronic transactions are effective and efficient, officials said. But each PKI also
must be interoperable with other PKIs.


The online environment demands a range of security levels, Boots said.


The report is available online at http://gits.gov.



inside gcn

  • high performance computing (Gorodenkoff/Shutterstock.com)

    Does AI require high-end infrastructure?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above