Commerce looks outside for security
The Commerce Department released a solicitation this month for commercial authentication technologies to support its new Webbased time and attendance system.
The Commerce Department released a solicitation this month for commercial
authentication technologies to support its new Web-based time and attendance
system.
Commerce wants to outsource public-key infrastructure (PKI) and certificate
authority (CA) capabilities for the system because the department lacks
the resources for them in-house.
PKI is a system for encrypting, decrypting, signing and verifying information
transmitted via the Internet. A CA issues and manages digital certificates,
which store digital signatures used during electronic transactions.
Commerce expects the vendor to provide up to 1,000 digital certificates
to employees in the Office of the Secretary, said Karen Hogan, Commerce's
acting deputy chief information officer and director of its digital department
program. Those supervisors will use digital signatures in conjunction with
a new time and attendance system to certify that an em-ployee's time sheet
is accurate.
Commerce is piloting the Web-based time and attendance system with the
digital signature capability before it rolls out the system departmentwide
early next year. It will replace a system that stores employee time sheet
information on floppy disks, which are manually combined for payroll, Hogan
said. Commerce is also piloting a "few different digital signature" capabilities
in other offices before taking a departmentwide approach, Hogan said.
Commerce's approach is not unusual, said Richard Guida, chairman of
the Federal PKI Steering Committee. But he said it is important that there
is "the proper level of oversight and control over the contractor so that
the function can be transitioned to a different contractor if the need should
arise."
NEXT STORY: Boston to integrate health data