OMB mandates agency use of approved PKI providers

The Office of Management and Budget is requiring agencies to use one of three approved shared-service providers for public-key infrastructure and electronic-signature services.

These three service providers?the Agriculture Department's National Finance Center, Verisign Inc. of Mountain View, Calif., and Betrusted U.S. Inc. of New York?meet the level-four certification outlined in OMB's December 2003 memo.

In the memo, Karen Evans, OMB's administrator for IT and e-government, and David Safavian, administrator of the Office of Federal Procurement Policy, said agencies must use these shared-service providers to mitigate security risks.

"Strong government oversight and internal controls mitigate the risk of using a commercial service," the memo noted.

The memo comes after some agencies were concerned whether commercial providers of PKI or e-signatures would meet the Government Accountability Office's criteria for assessing these systems.

GAO sent a letter to Rep. Tom Davis (R-Va.), chairman of the Government Reform Committee, in August detailing what agencies should consider when choosing a PKI system, no matter if the provider is from the public or private sector.

"Our report said these are the types of controls needed to have adequate security," said Chris Martin, a senior-level technologist with GAO, who worked on the letter. "We outlined our views on the subject based on our experience in reviewing these systems for agencies."

To qualify as a shared-service provider, vendors or agencies must:

* Operate their certification authorities under the certificate policy developed and controlled by the federal government

* Demonstrate compliance with this policy annually with a third-party audit

* Receive approval from the General Services Administration

* Comply with existing security laws, including certification and accreditation.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

I agree to this site's Privacy Policy.