1 / 17

The Federal PKI - Looking Forward

The Federal PKI - Looking Forward. A Perspective on the Federal Government Secure Infrastructure Judith Spencer Chair, Federal PKI Steering Committee. www.cio.gov/fpkisc. Goals. A cross-governmental, ubiquitous, interoperable Public Key Infrastructure.

jmcmullen
Download Presentation

The Federal PKI - Looking Forward

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Federal PKI - Looking Forward A Perspective on the Federal Government Secure Infrastructure Judith Spencer Chair, Federal PKI Steering Committee www.cio.gov/fpkisc

  2. Goals • A cross-governmental, ubiquitous, interoperable Public Key Infrastructure. • The development and use of applications which employ that PKI in support of Agency business processes.

  3. Mandates • Long-term Cost Savings • Trading Partner Practices • Public Expectations • International Competition • Government Paperwork Elimination Act

  4. Legislative Mandate • Government Paperwork Elimination Act, October 1998 • Commitment to on-line government • Public electronic access by October 2003 • Electronic Signatures in Global and National Commerce Act, June 2000 • “A signature may not be denied legal effect simply because it is electronic”

  5. E-Transaction Landscape • Intra-agency • personnel matters, agency management • Interagency • payments, account reconciliation, litigation • Agency to trading partner • procurement, regulation • Agency to the public

  6. Challenges All Applications Face • Authentication of Users • Non-repudiation for transactions • Confidentiality (privacy) • Interoperability • Liability • Scalability/extensibility

  7. Organization Federal Chief Information Officer Council Enterprise Interoperability Committee Security, Privacy, Critical Infrastructure Committee Federal PKI Steering Committee Federal PKI Policy Authority Legal/Policy WG Business WG Technical WG Health Care WG

  8. Federal Approach • Develop agency PKIs from the bottom up • Implement the Federal Bridge CA using COTS products • Establish the Federal PKI Policy Authority • Ensure directory compatibility • Use ACES for transactions with the public

  9. FBCA Overview • Designed for the purpose of creating trust paths between disparate PKI domains • Employs a distributed NOT a hierarchical model • Commercial products participate within the membrane of the Bridge • Develops cross certificates within the membrane to bridge the gap between dissimilar products

  10. Federal PKI Policy Authority • Voluntary interagency group - NOT “agency” • Governing body for FBCA interoperability • Oversees operation of FBCA, authorizes issuance of FBCA certificates • Under Federal CIO Council • Six Charter Members: • GSA, Justice, DoC, NSA, OMB, Treasury

  11. FBCA Operation • FPKISC oversees FBCA development and operations • Bridge Documentation • Enhancements • FPKI Policy Authority determines participants and levels of cross- certification • Administers Certificate Policy • Enforces compliance by member organizations • GSA named Operational Authority • Operates in accordance with Policy Authority and FPKISC direction

  12. Current Bridge Status • April 2000 - Successfully demonstrated Trust Path Creation during EMA Challenge, Boston, MA • Two CA Products operational within the Membrane • Baltimore Technologies Unicert • Entrust/Authority • Production bridge operational April 30, 2001

  13. Access Certificates for Electronic Services • Provides the American Public secure electronic access to privacy related Federal Government information and services through the use of public key technology. • Fosters cross-agency cooperation • Uses the Certificate Arbitrator Module for processing PKI Certificates

  14. Looking Forward • Federal Bridge Certification Authority (FBCA) • Production model Operational - April 2001 • Policy Framework For Agency PKI Interoperability • Key Industry Relationships And Technical Issues • Federal And State Entity Cooperation On PKI Initiatives • International Liaison

  15. FPKI Lessons Learned • Creation of Concept of Operations, Certificate Policy, Certificate Practices Statement is critical before deployment of PKI • Documents are time-consuming to create, but not impossible • Who’s responsible for what? • Requires independent Audit – the CA must be above suspicion • The InfoSec Policy group and the Implementers must be like Chang and Eng

  16. Educational Challenges • Executive Level Buy In • Needed for Funding, Implementation and Use • System Administrators • Involvement from Conception Phase • Users • Culture Change • Touches all aspects of the user’s work environment • Cross organizational Cooperation

  17. And Then . . . • A cross-governmental, interoperable, ubiquitous, Federal Public Key Infrastructure • Federal Bridge interoperability with other Bridges • International Cooperation and Interoperability

More Related