Feds limited on digital signatures
OMB says agencies should stick to government-approved digital signature providers.
Office of Management and Budget memo on digital signatures
Federal officials received a reminder this week not to deviate from a list of acceptable vendors when buying digital signature services.
In a Dec. 20 memo, Office of Management and Budget officials asked federal officials to use a government-approved list of digital signature providers. Using commercial providers not on the approved list poses a security risk, according to the memo. The listed providers have been certified as complying with the federal government's certificate authority policies and security laws.
General Services Administration officials created the certification program to ensure government oversight of digital signature providers. But the issuance of the memo suggests that some agency officials are bypassing the approved providers when they buy digital signature services.
Only three providers are on the approved list. They are the Agriculture Department's National Finance Center, VeriSign and Betrusted U.S.
NEXT STORY: Military taps NSA for security help