Public Key Infrastructure: Examples of Risks and Internal Control Objectives Associated with Certification Authorities

PDF Version Also Available for Download.

Description

Correspondence issued by the Government Accountability Office with an abstract that begins "This letter is in response to a Congressional request that we examine our advice to executive branch agencies regarding commercial managed service public key infrastructure (PKI) solutions to see if the advice is consistent with current federal policy and private sector best practices. Specifically, over the past several years, staff from various agencies has asked for informal advice on these matters. Our informal advice was based on the control environment described to us by the agencies. This control environment, which is discussed later in this letter, resulted in ... continued below

Creation Information

United States. Government Accountability Office. August 10, 2004.

Context

This text is part of the collection entitled: Government Accountability Office Reports and was provided by UNT Libraries Government Documents Department to Digital Library, a digital repository hosted by the UNT Libraries. More information about this text can be viewed below.

Who

People and organizations associated with either the creation of this text or its content.

Provided By

UNT Libraries Government Documents Department

Serving as both a federal and a state depository library, the UNT Libraries Government Documents Department maintains millions of items in a variety of formats. The department is a member of the FDLP Content Partnerships Program and an Affiliated Archive of the National Archives.

Contact Us

What

Descriptive information to help identify this text. Follow the links below to find similar items on the Digital Library.

Description

Correspondence issued by the Government Accountability Office with an abstract that begins "This letter is in response to a Congressional request that we examine our advice to executive branch agencies regarding commercial managed service public key infrastructure (PKI) solutions to see if the advice is consistent with current federal policy and private sector best practices. Specifically, over the past several years, staff from various agencies has asked for informal advice on these matters. Our informal advice was based on the control environment described to us by the agencies. This control environment, which is discussed later in this letter, resulted in the informal advice that the agencies may incur a greater burden in ensuring that a contract certification authority whose certificates are used in financial management applications has implemented an adequate system of internal controls than would be necessary if the certification authority were implemented internally. However, if agencies are willing to accept this potential increased burden by accepting and mitigating the potential risks (not all of which may be known and understood at this time) associated with commercial certification authorities contracting out, a certification authority may be able to provide the same level of security assurances as an internal certification authority. One key aspect of mitigating the risk will be the close involvement of agency personnel in the commercial implementation. We also told the agencies that until we were formally requested by an agency to review a commercial service provider's system, we could not express a formal position. To date, we have not received such a request."

Language

Item Type

Identifier

Unique identifying numbers for this text in the Digital Library or other systems.

Collections

This text is part of the following collection of related materials.

Government Accountability Office Reports

The U.S. Government Accountability Office (GAO) is an independent, nonpartisan agency that works for the U.S. Congress investigating how the federal government spends taxpayers' money. Its goal is to increase accountability and improve the performance of the federal government. The Government Accountability Office Reports Collection consists of over 13,000 documents on a variety of topics ranging from fiscal issues to international affairs.

What responsibilities do I have when using this text?

When

Dates and time periods associated with this text.

Creation Date

  • August 10, 2004

Added to The UNT Digital Library

  • June 12, 2014, 7:50 p.m.

Usage Statistics

When was this text last used?

Yesterday: 0
Past 30 days: 0
Total Uses: 8

Where

Geographical information about where this text originated or about its content.

Place Name

Publication Place

Map Information

  • map marker Automatically generated Place Name coordinates.
  • map marker Automatically generated Publication Place coordinates.
  • Repositioning map may be required for optimal printing.

Mapped Locations

Interact With This Text

Here are some suggestions for what to do next.

Start Reading

PDF Version Also Available for Download.

Citations, Rights, Re-Use

United States. Government Accountability Office. Public Key Infrastructure: Examples of Risks and Internal Control Objectives Associated with Certification Authorities, text, August 10, 2004; Washington D.C.. (digital.library.unt.edu/ark:/67531/metadc298562/: accessed April 20, 2018), University of North Texas Libraries, Digital Library, digital.library.unt.edu; crediting UNT Libraries Government Documents Department.