[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: GAO study
All,
The results of this GAO study (http://www.gao.gov/new.items/d04157.pdf) seem
to echo the OASIS survey results.
Challenges to Implementation of PKI
* Policy and guidance - These are lacking or ill-defined in a number of
areas, including both technical standards and legal issues.
* Funding - Besides the high costs associated with the technology, cost
models are lacking that would aid budgeting, and cost is increased when
systems must be designed to accommodate the uncertainty associated with
undefined standards.
* Interoperability - Integrating PKI systems with other systems (such as
network, security, and operating systems) often requires significant changes
or even replacement of existing systems.
* Training and administration - Training is required for personnel to use
and manage PKI, and basic PKI requirements and processes impose significant
administrative burdens.
--Budget and Interoperability Problems Contribute to Stagnating PKI
Implementation at Government Agencies
(15 January 2004)
A General Accounting Office (GAO) study of government agency Public Key
Infrastructure (PKI) implementation found that the level of
participation in the Federal Bridge Certification Authority is the same
as in 2001. Of 89 PKI projects undertaken, just 35 are operational; 6
were terminated due largely to funding problems. Other problems that
dog PKI implementation include a lack of government-wide policy and
guidance, interoperability issues and training and administration
problems.
http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcndaily2&stor
y.id=24644
http://www.govexec.com/dailyfed/0104/011504tdpm1.htm
http://www.informationweek.com/story/showArticle.jhtml?articleID=17301563
GAO Report: http://www.gao.gov/new.items/d04157.pdf
[Editor's Note (Schneier): The only surprise is that it's taken so long
for the problems to surface, or at least become public. Even under the
best of circumstances, there's no real way to have working PKI in bits
and pieces.]
Mark
Mark A. Lundin
Senior Manager
KPMG LLP, Risk Advisory Services
Three Embarcadero Center
San Francisco, CA 94111
Office: +1 415-743-5493
Cellular: +1 925-864-1054
Fax: +1 415-296-9417
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]