1 / 16

U.S. General Services Administration Federal Technology Service November 9, 1999

Judith Spencer Director, Center for Governmentwide Security Office of Information Security. U.S. General Services Administration Federal Technology Service November 9, 1999. Mandates for On-Line Access. Paperwork Reduction Act National Performance Review’s Access America

simone-strong
Download Presentation

U.S. General Services Administration Federal Technology Service November 9, 1999

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Judith Spencer Director, Center for Governmentwide Security Office of Information Security U.S. General Services Administration Federal Technology Service November 9, 1999

  2. Mandates for On-Line Access • Paperwork Reduction Act • National Performance Review’s Access America • FPKISC Access With Trust • Government Paperwork Elimination Act

  3. The ACES Concept Facilitates secure on-line access to Government information and services by the Public through the use of public key technology.

  4. ACES Features • Provides a Government-wide Public Key Infrastructure. • Provides auxiliary services that participating agencies may need to make use of the Infrastructure. • Reduces overall costs by aggregating Government requirements.

  5. The ACES PKI • Identity Proofing • Certificate Issuance • On-line Validation • Access to Information • Compliance with Federal Requirements • Validation Pricing Options

  6. Getting Services Access Federal System with ACES Any Web-based Government Application Secure Web Return Personalized Government Benefits/Information Validate Electronic ID (ACES) Citizen

  7. Access to Information • Controlled by the application • Application binds certificate identity to specific record data through second level proofing • Application determines access based on certificate status and identity • Application retains the right to deny access at any time

  8. Compliance with Federal Requirements • Procurement Integrity Act • OMB Circular A-130 • Paperwork Reduction Act • Computer Security Act • Privacy Act • OMB Circular A-123 • Federal Managers Financial Integrity Act • Cryptographic and Digital Signature Standards (FIPS 140-1 and 186)

  9. ACES Pricing Scheme • Task Order Based Competition • Certificate Issuance for users • Industry Partner provided Identity Proofing • Government provided Identity Proofing • Certificate Issuance for agency applications • Transaction-based validation pricing • Set by Contract. Common across all awardees. • Transaction Costs are Volume Banded. • Higher use, lower rates • $1.20 to $0.40 per transaction

  10. Auxiliary Services Agency Application Certificate Certificates issued to and renewed by Agencies for applications participating in ACES. Hardware Tokens Optional hardware token for generation of key pairs and storage of private key. Task Order Based Ad Hoc Data Ad hoc data collection, analysis, and/or dissemination services related to ACES infrastructure services. Supplemental PKI Services Support for other system integration and PKI requirements such as: products, services, programming, and other systems integration support as may be required to enable Agency applications to implement PKI solutions that meet unique requirements (e.g. encryption Technology Updates Incorporation of new algorithms, formats, technologies, mechanisms, and media

  11. Industry Partners ABAecom, America Online, Baltimore Technologies, Booz-Allen Hamilton, Computer Sciences Corp. (CSC), Cygnacom Solutions, Entrust, Microsoft, Netscape National Computer Systems, Price Waterhouse Coopers, Valicert Inc., Xcert International Inc. Cygnacom Solutions, DataKey, Litronics, nCipher, Netscape Verisign, Inc

  12. Defining Need • ACES provides strong authentication using identity-based digital signature certificates. • Agencies should consider the need for such strong authentication when deciding which on line applications need ACES protection. • Five categories of Government to Public communications have been identified by OMB that could require this strong authentication.

  13. Five Communication Categories • Benefits • Grants • Filings • Personal/Private/Proprietary Information • Procurement

  14. Getting ACES Services Agency Recognizes a Need Contacts OIS PKI Needs Analysis Sign MOU w/OIS ACES PKI Services Auxiliary PKI Services Sign Relying Party Agreement Finalize SOW Develop Task Order Conduct Evaluation Award Task Order OIS Contacts Partners to Activate Partners Provide Billing to FTS FTS aggregates charges, Bills Agency, and pays Partners Notifies FEDCAC

  15. Program Timeframes Initial ACES Award 9/10/99 Source Selection Ends 10/27/99 Certification & Accreditation 9/20/99 - 1/27/00 Certificate Issuance begins 12/20/99 Task Order CLINS Available NOW

  16. Contact Information ACES Program Manager Stanley Choffrey 202-708-7943 stanley.choffrey@gsa.gov ACES Contracting Officer Jeanne Davis 781-860-7138 jeanne.davis@gsa.gov Center for Governmentwide Security Judith Spencer 202-708-5600 judith.spencer@gsa.gov www.gsa.gov/aces

More Related