Ag certified to provide PKI services
- By Mary Mosquera
- Aug 11, 2004
The Agriculture Department's National Finance Center has obtained official designation as a certified provider of public-key infrastructure services for the federal government by the Federal Identity Credentialing Committee and Shared Service Provider Subcommittee.
"We are well positioned to provide a host of innovative new PKI services to other agencies throughout the federal government,' said Randy Speed, PKI program manager in the National Finance Center, which also provides government agencies other services, such as financial and payroll provisioning.
The credentialing committee selected NFC as a certified provider for PKI services in July, but it became official today for purposes of marketing the services once it had completed the final condition of rekeying its certificate authority to 2,048 bits.
NFC is one of only two organizations that the credentialing committee has certified so far. The other is commercial vendor VeriSign Inc. of Mountain View, Calif.
Under the Electronic Government Act of 2002, the OMB said that agencies must buy PKI services from qualified service providers operating under the Federal Common Policy Framework beginning in fiscal 2006.
Agencies with PKI operations that are cross-certified with the Federal Bridge Certification Authority will not be required to migrate to new service providers. The Bridge is a multi-agency information sharing infrastructure. Six of the eight cross-certified agencies, including NFC, which share information via the Bridge, use identity and access management technology from Entrust Inc. of Addison, Texas. The other agencies are the Energy, State and Treasury Departments, the state of Illinois and NASA. (GCN story)
Cross-certification with the Bridge enables each agency's PKI to recognize and trust digital certificates and signatures sent from and between participating government organizations. It also allows all organizations to make one security agreement with the Bridge instead of individual security agreements with each of the cross-certified organizations with which they need to interact.
Mary Mosquera is a reporter for Federal Computer Week.