Information Security: Status of Federal Public Key Infrastructure Activities at Major Federal Departments and Agencies
Highlights
The federal government is increasingly using online applications to provide access to information and services and to conduct internal business operations. In light of this trend, strong security assurances are needed to properly safeguard sensitive, personal, and financial data, in part by ensuring that the identities of those who use such applications are appropriately authenticated. When fully and properly implemented, public key infrastructure (PKI) offers many of these assurances. In 2001, GAO reported that the federal government faces a number of challenges in deploying PKI technology (GAO-01-277). GAO was requested to follow up this work by (1) determining the status of federal PKI activities, including initiatives planned or under way at 24 major federal departments and agencies, as well as the status and planned activities of the Federal Bridge Certification Authority (FBCA) and Access Certificates for Electronic Services (ACES) programs, and (2) identifying challenges encountered by the 24 agencies in implementing PKI initiatives since the 2001 report was issued. In commenting on a draft of this report, GSA and OMB officials generally agreed with its content and conclusions. Technical comments provided by OMB have been addressed as appropriate.