Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Security bridge nears opening

From: InfoSec News <isn () C4I ORG>
Date: Thu, 15 Feb 2001 22:29:26 -0600
http://www.fcw.com/fcw/articles/2001/0212/web-pki-02-15-01.asp

BY Diane Frank
02/15/2001

The federal government will soon put online its central mechanism for
enabling agencies security authentication systems to interact, and
officials are working to extend it to nonfederal partners.

The Federal Bridge Certification Authority (FBCA), hosted by the
General Services Administration, will enable agencies to recognize the
assurance levels of digital certificates from other agencies.

A digital certificate, used within a public-key infrastructure, can
store identification, authentication and authorization information as
well as provide encryption for electronic transactions.

GSA and five other organizations tested the FBCA last year, and now
that the fiscal 2001 funding has come through, it should become
operational by early April, said Judith Spencer, chairwoman of the
Federal PKI Steering Committee, speaking Wednesday at the Securing
Electronic Government conference in Washington, D.C.

So that the policy and technical aspects are ready at the same time,
the Federal PKI Policy Authority is in the final stages of reviewing
the agreements that agencies must sign to interoperate with the
bridge, said Michelle Moldenhauer, chairwoman of the policy authority.
The documents will be available for agencies on the policy authoritys
Web site, which should be going online in the next month, she said.

The steering committee and the policy authority function under the
federal CIO Council.

Once the bridge is running, the steering committee will act to allow
state and local governments, as well as private-sector organizations,
to interoperate with the bridge, Spencer said. GSA officials are
talking with some states and market sectors, including health care and
education, that are forming their own bridges and want to be able to
cross-certify with the federal bridge.

The steering committees Legal and Policy Working Group is looking at
what actions must be taken to allow this kind of cross-certification,
Spencer said. The cross-certification would mean, for example, that a
federal certificate from the Environmental Protection Agency could be
accepted by a state agency that is involved in environmental
regulation.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: