PKI needs governmentwide guidelines to work, GAO says

PKI needs governmentwide guidelines to work, GAO says


The Office of Management and Budget should establish governmentwide standards to guide agencies in implementing public-key infrastructure technologies, the General Accounting Office reported last week.

In its report, Advances and Remaining Challenges to Adoption of Public Key Infrastructure Technology, GAO noted that the lack of governmentwide PKI standards could result in agencies developing incompatible systems.

align="right" width="86">

size="2" color="#FF0000">G. Martin Wagner

Although the Federal PKI Steering Committee has acknowledged the need for standards, it has not provided top-down policy guidance, the report said.

That committee, under the Chief Information Officers Council, was established in 1996 to centralize coordination and oversight of federal PKI activities.

To overcome the substantial challenges of deploying PKI technology, agency products must work together seamlessly, the report said.
Among the numerous challenges agencies face is the high cost of building a PKI and deploying necessary software.

Interoperability is also key, GAO said.

For an effective PKI, agencies must ensure that an appropriate level of security is maintained.

They must also train users and system administrators to successfully implement PKI, the report said.

GAO asked OMB to work with federal organizations such as the CIO Council, its PKI committee and the National Institute of Standards and Technology on constructing a framework.

Wrong approach

G. Martin Wagner, the General Services Administration's associate administrator for governmentwide policy, disagreed with GAO's conclusion.

'We do not believe there can be a one-size-fits-all approach to PKI technical solutions, architecture or policy,' he wrote in a Jan. 17 response to GAO officials. 'Rather, we endorse implementation of a broad range of solutions to meet individual agency e-business needs.'

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.