ACES contract spurs feds' online interests

ACES contract spurs feds' online interests

ACES focuses on the government-to-
citizen link, PKI advocate Richard Guida says.

By Christopher J. Dorobek

GCN Staff

Online transactions between agencies and citizens moved a step closer to reality this month when the General Services Administration awarded the first governmentwide digital certificate services contract.

In what experts say is a step toward helping agencies increase online transactions, the Federal Technology Service's Office of Information Security selected Digital Signature Trust Co. of Salt Lake City as the initial vendor for its Access Certificates for Electronic Services.

Price factor

At least two other vendors submitted bids. GSA expects that it will award more contracts this week. Any would-be ACES vendors must decide whether they want to meet Digital Signature Trust's prices, said Judith A. Spencer, ACES project manager and director of FTS' Center for Governmentwide Security.

The price per certificate drops based on volume. Digital Signature Trust offers prices ranging from 40 cents to $1.20 per certificate.

The goal was to set a price comparable to that of a postage stamp, Spencer said.

Now the question is: Which agency will be the first to use ACES and digital signatures to do business online?

The Education Department's Office of Student Financial Assistance and the Social Security Administration have expressed interest in ACES, and officials said those two agencies are the most prepared to conduct at least some business online.


Digital certificates authenticate and validate the participants and the data in an electronic transaction. ACES is significant because it is the first large-scale attempt to deploy certificates for use by citizens and trading partners with the government, said Richard Guida, chairman of the Federal Public-Key Infrastructure Steering Committee.

'ACES fills a large and critically important niche that has to be filled for all the goals that are expressed in Access America to be realized, and it fills that niche extremely well,' Guida said.

Most government PKI efforts have been either intra- or intergovernmental, Guida said, and ACES focuses on the government-to-citizen connection.

The Defense Department, for example, recently awarded certificate authority contracts (see story, Page 3). The contracts require in-person identification and verification before the issuance of each certificate, Guida said.

ACES, however, focuses on transactions with citizens and with vendors.

'The ACES award represents a critical step in the government's ability to provide secure electronic services to citizens,' said G. Martin Wagner, associate administrator of GSA's Office of Governmentwide Policy.

Karen Cummins, vice president of government services at Digital Signature Trust, said the contract will use a transaction model so agencies pay for what they use.

'As opposed to having every agency set up its own PKI and issue its own certificates, the concept is to share the costs of PKI across a large number of agencies,' she said.

Several agencies have been waiting for the contract award so they could judge the prices, said Thomas R. Burke, assistant commissioner for FTS' Office of Information Security.

'Agencies will see that they're good prices and that there's good value there,' he said.

First in line

Education's Office of Student Financial Assistance is expected to be the first organization to use the ACES contract. OSFA mentioned ACES specifically in its systems modernization blueprint as a way to allow remote authentication for students who receive loans from the department.

OSFA is also spearheading the Access America for Students program that aims to give students access to government and commercial services online [GCN, March 29, Page 9].

The OSFA blueprint noted that the certificates would authenticate users and data, protect the integrity of the data transmitted, ensure nonrepudiation, and ensure confidentiality and privacy.

SSA is also considering using ACES to let citizens do business online.

Tony Trenkle, director of electronic services at the Social Security Administration, said his office has not been debriefed by GSA since the contract was awarded but that the prices under the ACES contract seem reasonable.

'We intend to keep working closely with GSA,' he said.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above