Judith Spencer
Director, Center for Governmentwide Security
Office of Information Security
U.S. General Services Administration
Federal Technology Service
November 9, 1999
Mandates for
On-Line Access
• Paperwork Reduction Act
• National Performance Review’s Access
America
• FPKISC Access With Trust
• Government Paperwork Elimination Act
The ACES Concept
Facilitates secure on-line access to
Government information and services by
the Public through the use of public key
technology.
ACES Features
• Provides a Government-wide Public Key
Infrastructure.
• Provides auxiliary services that
participating agencies may need to make
use of the Infrastructure.
• Reduces overall costs by aggregating
Government requirements.
The ACES PKI
• Identity Proofing
• Certificate Issuance
• On-line Validation
• Access to Information
• Compliance with Federal Requirements
• Validation Pricing Options
Getting Services
Access Federal
System with ACES
Secure Web
Citizen
Return Personalized
Government
Benefits/Information
Any Web-based
Government
Application
Validate Electronic
ID (ACES)
Access to
Information
• Controlled by the application
• Application binds certificate identity to specific
record data through second level proofing
• Application determines access based on
certificate status and identity
• Application retains the right to deny access at
any time
Compliance with
Federal Requirements
• Procurement Integrity Act
• OMB Circular A-130
– Paperwork Reduction Act
– Computer Security Act
– Privacy Act
• OMB Circular A-123
– Federal Managers Financial Integrity Act
• Cryptographic and Digital Signature
Standards (FIPS 140-1 and 186)
ACES Pricing Scheme
• Task Order Based Competition
– Certificate Issuance for users
• Industry Partner provided Identity Proofing
• Government provided Identity Proofing
– Certificate Issuance for agency applications
• Transaction-based validation pricing
– Set by Contract. Common across all awardees.
– Transaction Costs are Volume Banded.
• Higher use, lower rates
• $1.20 to $0.40 per transaction
Auxiliary Services
Agency Application Certificate
Hardware Tokens
Optional hardware token
for generation of key pairs
and storage of private key.
Certificates issued to and renewed by
Agencies for applications participating
in ACES.
Task Order
Based
Supplemental PKI Services
Support for other system integration
and PKI requirements such as:
products, services, programming, and
other systems integration support as
may be required to enable Agency
applications to implement PKI solutions
that meet unique requirements
(e.g. encryption
Ad Hoc Data
Ad hoc data collection,
analysis, and/or dissemination
services related to ACES
infrastructure services.
Technology Updates
Incorporation of new
algorithms, formats, technologies,
mechanisms, and media
Industry Partners
ABAecom, America Online, Baltimore Technologies,
Booz-Allen Hamilton, Computer Sciences Corp. (CSC),
Cygnacom Solutions, Entrust, Microsoft, Netscape
National Computer Systems, Price Waterhouse Coopers,
Valicert Inc., Xcert International Inc.
Verisign, Inc
Cygnacom Solutions, DataKey, Litronics,
nCipher, Netscape
Defining Need
• ACES provides strong authentication using
identity-based digital signature certificates.
• Agencies should consider the need for such
strong authentication when deciding which on
line applications need ACES protection.
• Five categories of Government to Public
communications have been identified by OMB
that could require this strong authentication.
Five Communication
Categories
• Benefits
• Grants
• Filings
• Personal/Private/Proprietary Information
• Procurement
Getting ACES
Services
Agency
Recognizes a
Need
Contacts
OIS
Sign MOU w/OIS
ACES PKI
Services
Auxiliary PKI
Services
Sign Relying
Party Agreement
OIS
Contacts
Partners to
Activate
Notifies
FEDCAC
PKI Needs
Analysis
Partners
Provide
Billing to
FTS
Finalize SOW
Develop Task Order
Conduct Evaluation
Award Task Order
FTS
aggregates
charges, Bills
Agency, and
pays Partners
Program Timeframes
Initial ACES Award
Source Selection Ends
9/10/99
10/27/99
Certification & Accreditation
9/20/99 - 1/27/00
Certificate Issuance begins
12/20/99
Task Order CLINS Available
NOW
Contact Information
ACES Program Manager
Stanley Choffrey
202-708-7943 stanley.choffrey@gsa.gov
ACES Contracting Officer
Jeanne Davis
781-860-7138 jeanne.davis@gsa.gov
Center for Governmentwide Security
Judith Spencer
202-708-5600 judith.spencer@gsa.gov