U.S. General Services Administration

Federal Technology ServiceNovember 9, 1999

Judith SpencerDirector, Center for Governmentwide SecurityOffice of Information Security

• Paperwork Reduction Act

• National Performance Review’s Access America

• FPKISC Access With Trust

• Government Paperwork Elimination Act

Mandates for On-Line Access

Facilitates secure on-line access to

Government information and services by

the Public through the use of public key

technology.

The ACES Concept

• Provides a Government-wide Public Key Infrastructure.

• Provides auxiliary services that participating agencies may need to make use of the Infrastructure.

• Reduces overall costs by aggregating Government requirements.

ACES Features

• Identity Proofing

• Certificate Issuance

• On-line Validation

• Access to Information

• Compliance with Federal Requirements

• Validation Pricing Options

The ACES PKI

Any Web-basedGovernmentApplication

Access FederalSystem with ACES

Return PersonalizedGovernment Benefits/Information

Validate ElectronicID (ACES)

Secure Web

Citizen

Getting Services

• Controlled by the application

• Application binds certificate identity to specific record data through second level proofing

• Application determines access based on certificate status and identity

• Application retains the right to deny access at any time

Access to Information

• Procurement Integrity Act

• OMB Circular A-130– Paperwork Reduction Act

– Computer Security Act

– Privacy Act

• OMB Circular A-123– Federal Managers Financial Integrity Act

• Cryptographic and Digital Signature Standards (FIPS 140-1 and 186)

Compliance with Federal Requirements

• Task Order Based Competition– Certificate Issuance for users

• Industry Partner provided Identity Proofing• Government provided Identity Proofing

– Certificate Issuance for agency applications

• Transaction-based validation pricing– Set by Contract. Common across all awardees.

– Transaction Costs are Volume Banded. • Higher use, lower rates• $1.20 to $0.40 per transaction

ACES Pricing Scheme

Agency Application CertificateCertificates issued to and renewed by Agencies for applications participatingin ACES.

Supplemental PKI ServicesSupport for other system integrationand PKI requirements such as:products, services, programming, andother systems integration support asmay be required to enable Agencyapplications to implement PKI solutionsthat meet unique requirements(e.g. encryption

Technology UpdatesIncorporation of newalgorithms, formats, technologies,mechanisms, and media

Ad Hoc DataAd hoc data collection,analysis, and/or dissemination services related to ACES infrastructure services.

Hardware TokensOptional hardware tokenfor generation of key pairsand storage of private key.

Auxiliary Services

Task Order Based

ABAecom, America Online, Baltimore Technologies, Booz-Allen Hamilton, Computer Sciences Corp. (CSC), Cygnacom Solutions, Entrust, Microsoft, NetscapeNational Computer Systems, Price Waterhouse Coopers, Valicert Inc., Xcert International Inc.

Cygnacom Solutions, DataKey, Litronics, nCipher, Netscape Verisign, Inc

Industry Partners

• ACES provides strong authentication using identity-based digital signature certificates.

• Agencies should consider the need for such strong authentication when deciding which on line applications need ACES protection.

• Five categories of Government to Public communications have been identified by OMB that could require this strong authentication.

Defining Need

• Benefits

• Grants

• Filings

• Personal/Private/Proprietary Information

• Procurement

Five Communication Categories

Agency Recognizes a

Need

ACES PKI Services Auxiliary PKI

Services

PKI Needs Analysis

Sign Relying Party Agreement

Contacts OIS

Sign MOU w/OIS

OIS Contacts

Partners to Activate

Notifies FEDCAC

Partners Provide Billing to

FTS

FTS aggregates

charges, Bills Agency, and

pays Partners

Finalize SOWDevelop Task OrderConduct EvaluationAward Task Order

Getting ACES Services

Initial ACES Award 9/10/99

Source Selection Ends 10/27/99

Certification & Accreditation 9/20/99 - 1/27/00

Certificate Issuance begins 12/20/99

Task Order CLINS Available NOW

Program Timeframes

ACES Program Manager

Stanley Choffrey 202-708-7943 stanley.choffrey@gsa.gov

ACES Contracting OfficerJeanne Davis 781-860-7138 jeanne.davis@gsa.gov

Center for Governmentwide SecurityJudith Spencer 202-708-5600 judith.spencer@gsa.gov

Contact Information