DOD awards interim contracts

The Defense Department last week selected two vendors to supply and manage digital certificates that will provide the security underpinnings for transactions between DOD and its vendors on three key department applications.

Operational Research Consultants Inc. and Digital Signature Trust Co., the first two interim external certificate authorities (IECA), will support DOD public-key infrastructure by providing digital certificates that will verify the identities of parties participating in transactions. DOD officials say they may select additional contractors during the next two or three weeks.

Although DOD anticipates using PKIs broadly across the department, the certificate authorities will issue digital certificates for transactions between DOD and external parties only, not for transactions within the department. Also, when DOD completes the development of its PKI architecture—around March 2000—it will take bids for permanent external certificate authorities.

DOD picked the interim contractors for three important applications: the Defense Travel System, which provides a single, electronic point of access for all defense travel services; Electronic Document Access, which will enable vendors to access DOD solicitations and modifications via the Internet; and the Wide-Area Work Flow, which will collect documents and forms from vendors and DOD sources.

"This was a major milestone, really a step towards the paperless contracting that [Deputy Secretary of Defense John] Hamre has emphasized," said Michael Green, director of the DOD PKI Program Management Office at the National Security Agency, which works with the Defense Information Systems Agency on the project.

"This action really impels movement in the civilian agencies," said Richard Guida, security champion on the Government Information Technology Services Board and chairman of the Federal PKI Steering Committee. "Just the fact that DOD is making such a large commitment and putting so much money behind it may impel some civilian agencies to take a look at [PKI]."

The number of non-DOD users for the three applications could top 300,000 in the next year, according to the program office. But there probably will be a rush in the next few weeks as employees within the application program offices notify their vendor partners that the certificates are available, Green said.

The department's PKI road map aims to have certificate authorities provide and manage digital certificates for use by any external user on all Defense World Wide Web servers by June 2000.

The DOD award comes more than a week after the General Services Administration made the first award under its Access Certificates for Electronic Services contract. That contract is intended to provide an easy and inexpensive way for federal agencies to procure PKI systems and solutions with digital certificates that can be used by anyone at any agency. The first award under ACES also went to Digital Signature Trust.

DOD's awards also could provide large discounts to agencies that use the ACES contract, because vendors, especially Digital Signature Trust, now are assured of business, Guida said.

DST, which is moving into the government security market after a long history with the financial and banking community, sees similarities between the two contracts, said Keren Cummins, vice president of governmental services at the company.

"We really see both of these opportunities as groundbreaking efforts on the part of the government because they're both efforts to establish common operating rules for a wide variety of entities," she said.

Operational Research Consultants could not be reached for comment.