SEC to make online authentication more stringent

The Securities and Exchange Commission wants to be sure of who is using its Electronic Data Gathering, Analysis and Retrieval system. So it's looking to implement a new authentication system to prevent fraudulently filed documents, according to the agency's security chief.

Chrisan Herrod, SEC chief security officer, talked about the new authentication scheme today during a Capitol Hill panel discussion on information security hosted by the Business Software Alliance.

Thousands of companies must file corporate and financial documents via Edgar. The agency is considering using digital certificates to strengthen authentication.

"We're not very far along the path toward a digital certificate solution," he said. "It's more a glimmer in the eye at this point."

One hot issue discussed by the panel of government and industry speakers was the difficulty of authenticating data and its origin.

Herrod said the Edgar system is SEC's IT crown jewel. The commission began using the online filing system in 1992, and in 2001 it completed a $22.5 million modernization program that added a Web interface among other updates. The system receives up to 2,500 filings each day.

About five years ago, SEC began standardizing on two-factor authentication for new filers, requiring they use passwords and either personal identification numbers or user names. There usually is one designated person in each organization with authority to make Edgar filings.

"We do vet that individual, to a certain degree," Herrod said. Checks are done to ensure that corporations are valid and that the designated users are employees with authority to file documents.

Herrod said SEC wants to use strong encryption with whatever system is chosen, but no decision has been made on whether that will mean a public-key infrastructure.

The commission will implement the new system gradually, with digital certificates issued first to new filers. Getting legacy filers to adopt digital certificates will require developing a clear business case for the technology, Herrod said.

"We are going to have to be very clear about why it is important," she said

About the Author

William Jackson is a Maryland-based freelance writer.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.