FEDERAL CIO COUNCIL
Information technology that makes Government services more accessible, and easier to use requires privacy and security to protect the systems and the information these systems process. Electronic commerce, electronic mail, and other applications are used to share information within the Government, between the Government and the private sector, between the Government and private citizens, and between the U.S. Government and other Governments (State, local, and international). These applications are likely to use cryptographic mechanisms to provide integrity, authentication, confidentiality and non-repudiation services. The enabling technology that makes these ubiquitous security services available is public key cryptography, which, in combination with a public key infrastructure, or PKI, makes these services available on a large scale.
The Federal PKI Steering Committee will provide guidance to federal agencies, executive agents, and to the GITS Board regarding the establishment of a Federal PKI and the associated services (e.g., certificate management, key recovery, etc.). However, the GITS Board will oversee the activities of the Steering Committee. This guidance will identify and resolve Federal PKI technical and business issues and recommend solutions to policy and interoperability issues. Where appropriate, the Steering Committee will establish and maintain liaison with other organizations interested in PKI activities. These organizations include State and local governments, Federal agencies, the Interagency Working Group for Cryptography Policy, the Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure, the American Bar Association, the American National Standards Institute, the International Standards Organization, North American, European, and Pacific Rim communities, industry consortium such as CommerceNet, academia, and industry.
The mission of the Federal PKI Steering Committee is to provide clear, strong leadership within the U.S. Federal Government during the development and implementation phases of the Federal PKI. The Federal PKI Steering Committee will provide guidance and assist in the development of an interoperable public key infrastructure that utilizes commercial-off-the-shelf, standards-based products and services for a myriad of applications with a goal toward ensuring standards-based approval. However, it is recognized that certain unique applications may require that modifications be made to commercial products. The Steering Committee will: Identify Federal Government PKI requirements, recommend policies, procedures and standards development activities that support a Federal PKI, provide oversight of PKI activities in Federal PKI pilot projects, provide oversight and guidance on the establishment of key recovery techniques, Specify technologies needed for a Federal PKI, establish and maintain liaison with appropriate communities of interest, establish interoperability and security requirements of products and protocols related to the Federal PKI, and make recommendations regarding establishment, demonstration, and operation of a Federal PKI.
The Federal PKI Steering Committee has representation from: GITS Board, National Aeronautics and Space Administration, National Institute of Standards and Technology, National Security Agency, General Services Administration, Department of Defense, Department of Transportation, Social Security Administration, Department of Treasury (Financial Management Service), Department of Treasury (Internal Revenue Service), National Technical Information Service, Small Business Administration, Department of Energy, Department of Interior, Department of Agriculture (Food and Consumer Services) Department of Agriculture (National Finance Center), U.S. Customs Service, Bureau of Labor Statistics, Patent and Trade Office, and Federal Networking Council. The Office of Management Budget will have an ex officio membership status. Representation from other agencies and stakeholders will be included as required to meet specific objectives. Industry participation will be provided through the use of cooperative agreements and participation/contributions to the Technical Working Group that operates at the pleasure of the Steering Committee as described in the Procedures section below.
V. Roles and Responsibilities
The Champion for Security and Privacy of the GITS Board or his/her designee shall serve as the chair to the Federal PKI Steering Committee and will provide administrative support. The National Institute of Standards and Technology (NIST) is identified in the GITS Action Plan that implements National Performance Review recommendations as the Office of Primary Responsibility for development of standard encryption capabilities and digital signatures for sensitive, unclassified data. NIST shall coordinate all technical work identified to ensure its completion.
Federal agencies will share in the personnel requirements necessary to staff the Federal PKI Steering Committee and its working groups.
The chair may call, at either his/her request or at the request of a Steering Committee member, for a vote on specific actions when conditions warrant. Each agency will have one vote with a simple majority rule. Each voting item shall be provided in writing to the membership prior to vote. Minority reports may be submitted on any actions made by the Steering Committee or its working groups. Additional procedures may be proposed by the chair and adopted with the concurrence of the members. Special working groups will operate under the Steering Committee. Each group will develop a charter approved by the Steering Committee. Three groups are currently established:
Additional working groups may be formed by the Steering Committee. The Steering Committee, Policy and Legal Working Group, and Business Working Group will have participation from Government agencies only. However, the Technical Working Group will have participation from government and industry. The Chair of the Technical Working Group will be a Government entity recommended by NIST in accordance with Section V. However, the FPKI Steering Committee, by vote, will select each working group chair or co-chair.
The Federal PKI Steering Committee will hold meetings monthly. Working group meetings will be held at a minimum once per month.
Patricia N. Edfors
Patricia N. Edfors
James J. Flycik