RCAS Authentication

AFMD-93-70R Published: May 04, 1993. Publicly Released: May 04, 1993.

Highlights

Pursuant to an Army request, GAO reviewed the electronic authentication system used in the Army's Reserve Component Automation System (RCAS). GAO noted that: (1) the electronic signatures generated by the authentication system do not provide the same quality of evidence as handwritten signatures; (2) the system's cryptographic algorithms and techniques have not received required approval from the National Institute of Standards and Technology or the National Security Agency; (3) RCAS, as designed, is too dependent on the secrecy of its algorithms and is too susceptible to unauthorized disclosure; and (4) the RCAS contractor needs to adopt and properly implement government approved standards and techniques to overcome the system's shortcomings.

Full Report

Full Report (3 pages)

Office of Public Affairs

Chuck Young

Managing Director

youngc1@gao.gov

(202) 512-4800

Topics

Information Security

AuthenticationArmy procurementComputer securityData encryptionInformation leakingInformation systemsSystems designElectronic data processingElectronic signaturesMilitary forces