GAO warns to look before you leap into PKI

The Government Accountability Office figures that managed public-key infrastructure services might be more trouble than they're worth to agencies in some instances.

Chief technologist Keith Rhodes conveyed GAO's findings in a recent letter to Rep. Tom Davis (R-Va.), chairman of the House Committee on Government Reform. Rhodes noted that several agencies had asked GAO informally for advice on managed PKI services.

GAO's position is that agencies might face a greater burden in using managed services, specifically contract certification authorities, than if they implemented the technology themselves, Rhodes said.

GAO is especially concerned about managed services when it comes to using PKI for financial transactions.

'If the certification authority is compromised, the impacts can be catastrophic to an agency's operations,' Rhodes said.

GAO made several suggestions for implementing PKI, such as exercising strict physical control over the necessary hardware and software so it can't be compromised.

According to GAO, agencies should study managed PKI services to ensure they use proper controls.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected