[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: GAO study
All, The results of this GAO study (http://www.gao.gov/new.items/d04157.pdf) seem to echo the OASIS survey results. Challenges to Implementation of PKI * Policy and guidance - These are lacking or ill-defined in a number of areas, including both technical standards and legal issues. * Funding - Besides the high costs associated with the technology, cost models are lacking that would aid budgeting, and cost is increased when systems must be designed to accommodate the uncertainty associated with undefined standards. * Interoperability - Integrating PKI systems with other systems (such as network, security, and operating systems) often requires significant changes or even replacement of existing systems. * Training and administration - Training is required for personnel to use and manage PKI, and basic PKI requirements and processes impose significant administrative burdens. --Budget and Interoperability Problems Contribute to Stagnating PKI Implementation at Government Agencies (15 January 2004) A General Accounting Office (GAO) study of government agency Public Key Infrastructure (PKI) implementation found that the level of participation in the Federal Bridge Certification Authority is the same as in 2001. Of 89 PKI projects undertaken, just 35 are operational; 6 were terminated due largely to funding problems. Other problems that dog PKI implementation include a lack of government-wide policy and guidance, interoperability issues and training and administration problems. http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcndaily2&stor y.id=24644 http://www.govexec.com/dailyfed/0104/011504tdpm1.htm http://www.informationweek.com/story/showArticle.jhtml?articleID=17301563 GAO Report: http://www.gao.gov/new.items/d04157.pdf [Editor's Note (Schneier): The only surprise is that it's taken so long for the problems to surface, or at least become public. Even under the best of circumstances, there's no real way to have working PKI in bits and pieces.] Mark Mark A. Lundin Senior Manager KPMG LLP, Risk Advisory Services Three Embarcadero Center San Francisco, CA 94111 Office: +1 415-743-5493 Cellular: +1 925-864-1054 Fax: +1 415-296-9417 ***************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. *****************************************************************************
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]