About Us
Contact Us
Current Events
Career Opportunities
Case Studies
Newsletters
Strategic Partners
Site Map
Home Commercial Solutions Government Solutions

CASE  STUDIES

   Cabinet Level Government PKI Project Case Study

Project Description

The Cabinet level Government Agency Information Technology Center (Government Agency) managed and operated the core communications infrastructure that supported the application services, information processing and management needs of 18,000 employees located throughout the U.S. In March of 2003 Project Masters was requested to intercede on behalf of Cabinet level Government Agency to review and rescue the, then failing, PKI project.

Agency Challenge:

This project was in existence for approximately 2 years with no progress toward completion when Project Masters was requested to intercede and bring the project to fruition.

The PKI project required establishing an enterprise-wide operational subsystem integrated into the core network infrastructure to respond to requests to register subscribers; generate new, renewed or re-keyed certificates; process revocation requests; generate Certificate Revocation Lists (CRLs); provide certificate status checking; and respond to key recovery requests.

Operational requirements also included the establishment of standard operating procedures to perform weekly analysis of the logs provided by the Government to determine appropriate settings, product configurations and/or patches required to improve system performance.

Challenges:

Project Masters addressed the following challenges in managing the PKI system for the Cabinet level Government Agency:

  • No implementation plan in place for project completion
  • Involvement of well known consulting firm that was not performing per requirements
  • No documents were in place to manage the project such as:project plan, schedule, budget and risk analysis

One of our key IT teaming partners addressed the following challenges in developing a PKI system for the Cabinet level Government Agency:

  • Seamlessly integrate a PKI solution with biometric authentication into the computing environment while maintaining an infrastructure secure from hostile and non-hostile intrusion and activity, yet providing rapid remote access for authorized users;
  • Deploy a system that ensured data integrity as it flowed through the system with required authentication and non-repudiation;
  • Protect the system from the introduction and dissemination of malicious code from external or internal users; and the rapid eradication of malicious code in the event they were introduced
  • Enforce access control to agency databases, and
  • Further extend the functionality of PKI by achieving cross-certification of x.509 v.3 certificates for authentication, validation, and confidentiality with other Federal Government and State departmental PKI systems and credentials by interoperations with the Federal Bridge Certificate Authority (FBCA).
  • Complete the GAO sanctioning process to enable the PKI to support financial systems operations

Solution(s) Provided:

For three weeks the Project Masters' Program Manager investigated and reviewed the current status of the project.  It was ascertained that except for the software being procured, and the technical contractor completing their assigned engineering effort, there was no implementation plan in place for project completion. At this time a full project plan, schedule, budget, and risk analysis was produced and presented to the Cabinet level Government Agency.  It was accepted by the Cabinet level Government Agency management with a project completion date of May 2003. The Cabinet level Government Agency management replaced the well-known consulting firm with Project Masters and continued with the technical contractor.  This would not be met because of a Continuing Resolution that precluded funding for a period of 2 months.

During the project time frame all necessary contracts were established and put in place with numerous subcontractors to build a secure secret facility within the Cabinet level Government Agency computer room, purchase necessary hardware, software updates, get approval of all necessary public and secure documents, establish an administration team, record the Key Generation Ceremony, and get the PKI System approved by the Federal Bridge Certificate Authority, and sanctioned by GAO.

Our key IT teaming partner implemented and integrated with an external PKI to support business to government (B2G) interactions and to support limited inter-agency transactions. The external PKI utilizes ACES certificates and two centralized CAM systems located in the infrastructure support division of OASAM. The operational testing of the CAM systems was completed on March 6, 2001 and they became fully operational in the Departmental Enterprise.

Our key IT teaming partner designed the Internal PKI systems and is implementing and supporting 3,500 class 2, individual certificates for use in e-mail and file level digital signing and encryption as well as identity credential presentation and validation. The certificate hierarchy utilizes Verisign Public Domain Root Class 2 Certificate Authority, a “co-branded” the Cabinet level Government Agency level Certificate Authority in the form of Verisign’s Onsite Administrator, Key Management Server (KMS), and the “Go Secure” product for Microsoft Exchange to facilitate directory population to e-mail clients. Our key IT teaming partner has designed the Cabinet level Government Agency X.500 Directory Service Agent (DSA) around the PeerLogic/Critical Path Live Content Directory, X.500 Directory Service Agent (DSA) software. Our key IT teaming partner will integrate the DSA software with the Exchange iGateway product to facilitate the cross-population of certificates and information between Exchange and the DSA.

Our key IT teaming partner designed and developed a plan for implementing a biometric authentication system, U.are.U Pro from Digital Persona, Inc. into the Cabinet level Government Agency Windows NT domain. The biometric authentication system employs optical fingerprint scan technology to protect the digital certificate PIN as well as a more protected NT domain logon credential. The biometric solution supports BioAPI version 1.0 and 1.1 to ensure compatibility and supportability with ongoing and future biometric initiatives.

The system was turned on 2 months late, July of 2003, because of the government’s postponement due to lack of funding. If the funding had been available the project would have completed on time, at budget, and been fully operational. Even with the lack of funding the project, though not on time, was at budget.

Benefit:

Project Masters, working together with the Cabinet level Government Agency and our key IT teaming partner, managed a PKI program that:

  • Received approval by the Federal Bridge Certification Authority and obtainment of GAO’s sanction for operation of the PKI to support financial systems
  • Managed and implemented a security and PKI infrastructure
  • Managed development of clear understanding of the Cabinet level Government Agency security using standard components
  • Managed the selection and acquisition support for a secure LAN/WAN infrastructure (servers, bridges, routers, Gateways, modems, Ethernet Cards, Cabling)

Back to top

Home  |  Commercial Solutions  |  Government Solutions

About Us  |  Contact Us  |  Current Events  |  Career Opportunities  |  Case Studies

Newsletters  |  Strategic Partners  |  Site Map