290 likes | 461 Views
Federal Public Key Infrastructure Management Authority Program Overview. Name of presenter goes on this line-TBD Title of presenter goes on this line-TBD GSA-Federal Acquisition Services. May 17-19, 2012. Value to the Customer.
E N D
Federal Public Key Infrastructure Management Authority Program Overview Name of presenter goes on this line-TBDTitle of presenter goes on this line-TBDGSA-Federal Acquisition Services May 17-19, 2012
Value to the Customer • Value: Authentication—The assurance to one entity that another entity is who he/she/it claims to be. • Value: Integrity—The assurance to an entity that data has not been altered in any way. • Value: Confidentiality—The assurance to an entity that no one can read a particular piece of data except the one intended.
ITS Mission, Vision, and Value • Our Mission • To excel at providing customers easy access to IT solutions through quality industry partners to fulfill government mission requirements • Our Vision • Great Government through Technology • Our Value • To reduce total acquisition time, cost, and risk, • allowing our customers to focus on their mission
ITS Program Offices • ITS Program Offices administer contract vehicles and deliver acquisition services to customer agencies to buy IT and telecommunications offerings and strategic solutions • Assisted Acquisition Services (AAS) provides complete acquisition lifecycle support to government agencies Network Services ProgramsYour one-stop shop for telecommunications solutions IT Schedule 70Fair and reasonable prices for IT products and services Governmentwide Acquisition ContractsComprehensive and flexible contracts that provide virtually any IT service IT Commodity Program IT commodities and ancillary services through innovative ordering ITS Center for Strategic Solutions and Security Services Good for Government Programs Services Assisted Acquisition
ITS Offerings and Solutions • ITS offers government customers access to IT products, services, and strategic solutions Communications and Network Services Offerings ITS “Great Government through Technology” Professional Services Hardware Products and Services Security Software Products and Services Strategic Solutions
Security ITS Offerings and Solutions… • One of ITS’ offerings is security. ITS offers cyber security for the Federal Government through the management of the Federal Public Key Infrastructure Management Authority (FPKIMA) program.
Overview of the Federal Public Key Infrastructure Management Authority (FPKIMA)… • Basic PKI • Value to the Customer • Principles • Concepts • Answers to Basic PKI Questions • FPKI • What • How • Why • HSPD 12 • M-11-11 & M-04-04 • FPKIMA • GSA & The FPKIMA • Services • Focus • Criticality • Mission
Key Business Questions How do I know that an electronic message I send or receive has not been altered in transition? When receiving electronic mail, how do I know for sure who the sender is? Who verifies that the sender is who they really say they are?
What is PKI? • Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.* • Provides a digital certificate that can identify an individual or an organization. A certificate binds identifying information to a public key. Diagram of a public key infrastructure
PKI Basic Principles • In PKI, users will have two keys known as a "pair of keys". • One key is known as a private key and the other is known as a public key. • When one key encrypts, the other decrypts The private key has only private information. • The public key and who it belongs to is made available and open to the public
Basic PKI Concepts: Digital Certificates • Credentials need to be trusted when using various resources… …when you log into your computer …when you use your badge to access a building • A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. Examples of digital certificates in use
Basic PKI Question: How does the resource know the user’s credentials are trustworthy? • Digital Certificates are issued by a trusted issuer, a Certificate Authority (CA) Trusted Issuer (CA) Is the user Trustworthy? Resource Certificate User
Basic PKI Question: How do you know you can trust the Issuer or CA? The Federal PKI Management Authority is the Trust Anchor under GSA’s leadership • The line of trust starts with a Trust Anchor. The decision to trust a credential depends on whether a line can be drawn from the anchor to the credential. Trust Anchor Trusted Issuer (CA) Certificate User
What is a Certificate Authority’s Role in the PKI… • The primary role of the Certificate Authority (CA) is to digitally sign and publish the public key bound to a given user. This is done using the CA's own private key. • Federal PKI CA’s are managed by GSA through the Federal PKI Management Authority
Overview of the Federal Public Key Infrastructure Management Authority (FPKIMA)… • Basic PKI • Value to the Customer • Principles • Concepts • Answers to Basic PKI Questions • FPKI • What • How • Why • HSPD 12 • M-11-11 & M-04-04 • FPKIMA • GSA & The FPKIMA • Services • Focus • Criticality • Mission
What is the FPKI? The FPKI is a security infrastructure… • The FPKI is federal-wide. It is not a department or agency system. It is an infrastructure for the entire Federal Government and industry partners. • Any department or agency can leverage the FPKI as part of its overall identity management. • Just as the Internet is the infrastructure (backbone) for things like electronic commerce, the FPKI is the backbone for identity management throughout the Federal Government.
How Does the FPKI Operate? • Much like the U.S. State Department issues Passports, or a U.S. state issues driver’s licenses… • The FPKI issues digital identity credentials, in the form of PKI certificates, to Federal employees, contractors, enterprise devices, and external entities that need to electronically interact with the Federal Government.
Why The Need For A Federal PKI? • Statutory mandates for e-government and implementing electronic signature technology: • Homeland Security Presidential Directive (HSPD 12) • OMB Memorandum 11-11 • OMB Memorandum 04-04
HSPD-12 • HSPD-12 is a strategic initiative intended to enhance security, increase Government efficiency, reduce identity fraud, and protect personal privacy*. • Additional benefits include: • Protecting U.S. infrastructures, ensuring secure access to federal facilities and disaster response sites • Digital signature and encryption capabilities.
OMB Memorandums M11-11 AND M04-04 • M11-11: Continued Implementation of HSPD-12 Policy for a Common Identification Standard for Federal Employees and Contractors • Directive requiring all Federal Executive Departments and Agencies to implement a government-wide standard for secure and reliable forms of identification for employees and contractors. • The DHS partnered with the General Services Administration (GSA) on implementation activities. • M 04-04: E-Authentication Guidance for Federal Agencies • Provides agencies with the criteria for determining the level of e-authentication (Process of establishing confidence in user identities electronically presented to an information system).
Overview of the Federal Public Key Infrastructure Management Authority (FPKIMA)… • Basic PKI • Value to the Customer • Principles • Concepts • Answers to Basic PKI Questions • FPKI • What • How • Why • HSPD 12 • M-11-11 & M-04-04 • FPKIMA • GSA & The FPKIMA • Services • Focus • Criticality • Mission
GSA and The FPKIMA: Background • The Office of Management and Budget designated the General Services Administration (GSA) as the Federal Executive Agent for government-wide acquisitions of products and services required to implement HSPD-12. Personal Identity Verification (PIV) card
GSA and the FPKIMA: Managing Trust • GSA has been appointed as the Federal PKI Management Authority (FPKIMA), to manage the design and development, implement and operate the Production FPKI Trust Infrastructure*.
What Services does GSA Provide through the FPKIMA? • Through the FPKIMA, GSA ensures that common identity and access management policies are realized through the execution and management of digital certificate policies and standards for: • Secure physical and logical access • Document sharing & communications across Federal agencies and between external business partners
FPKIMA’s Focus • The FPKIMA’s primary focus is: • To provide a secure and reliable architecture that provides public key technology services to the Federal community. • To operate, maintain and advance the Federal PKI trust infrastructure ensuring the delivery of secure and highly available identity credential services across the Federal government and between the government and its industry partners. • To support the GSA and Federal PKI stakeholders in the implementation of efficient and practical approaches to addressing governing policies, procedures and standards.
FPKIMA’s Criticality • Imagine If You Did Not Know Who To Trust? • Threats to cyberspace pose one of the most serious economic and national security challenges of the 21st Century for the United States and our allies. A growing array of state and non-state actors such as terrorists and international criminal groups are targeting U.S. citizens, commerce, critical infrastructure, and government*. • GSA, as the managing partner, provides the best and most cost-effective trust infrastructure services in support of organizations meeting their identity management and data security goals.
FPKIMA’s Mission… • The General Services Administration is designated by the Federal PKI Policy Authority as the Management Authority. GSA, as the managing partner, provides the best and most cost-effective Trust Infrastructure services in support of organizations meeting their identity management and data security goals.