A Government Agency Information Tech Center managed and operated core communications infrastructure that supported: application services, information processing and management of 18,000 employees throughout the U.S. In March 2003, Project Masters was requested to review and rescue the, then failing, PKI project.
This project existed for 2 years with no progress when Project Masters was called in.
The PKI project required establishing an enterprise-wide operational subsystem integrated into the core network infrastructure to respond to requests to register subscribers; generate new, renewed or re-keyed certificates; process revocation requests; generate Certificate Revocation Lists (CRLs); provide certificate status checking; and respond to key recovery requests.
Set-up standard operating procedures for weekly analysis of logs provided by the Government determining appropriate settings, product configurations and/or software patches required.
Project Masters addressed the following challenges in managing the PKI system:
- No plan was in place for project completion
- Involvement of well known consulting firm that was not performing per requirements
- No project, schedule, budget or risk analysis plan was in place
One of our key IT teaming partners faced the following challenges in developing the PKI system:
- Seamlessly integrate a PKI solution with biometric authentication into the computing environment while protecting from hostile and non-hostile activity, yet providing rapid remote access for authorized users
- Deploy a system that ensured data integrity as it flowed through the network (which required authentication and non-repudiation)
- Protect the system from malicious code external/ internal users. Rapid removal of malicious code if detected
- Enforce access control to agency databases.
- Further extend the functionality of PKI by achieving cross-certification of x.509 v.3 certificates for authentication, validation, and confidentiality with other Federal Government and State departmental PKI systems and credentials by interoperations with the Federal Bridge Certificate Authority (FBCA)
- Complete the GAO sanctioning process to enable PKI support of financial systems operations
For three weeks Project Masters’ Program Manager investigated and reviewed current status of the project. It was determined there was no plan in place for project completion. A full project plan, schedule, budget, and risk analysis was produced and presented to the Agency. It was accepted by the Agency. The Government Agency replaced a well-known consulting firm with Project Masters and continued with the technical contractor.
- Established necessary contracts
- Managed build out of secure/secret facility
- Managed hardware/software updates
- Handled approval of public and secure documents
- Established administration team
- Gained approval of fed bridge cert. authority
Our key IT teaming partner implemented and integrated with an external PKI to support business to government (B2G) interactions and inter-agency transactions. The external PKI utilized ACES certificates and two centralized CAM systems located in the infrastructure support division of OASAM.
Our key IT teaming partner designed and developed a plan for implementing a biometric authentication system into the Cabinet level Government Agency domain. The biometric solution supports BioAPI version 1.0 and 1.1 to ensure compatibility and supportability with ongoing and future biometric initiatives.
- Project Masters, working together with the Cabinet level Government Agency and our key IT teaming partner, managed a PKI program that:
- Received approval by the Federal Bridge Certification Authority and obtainment of GAO’s sanction for operation of the PKI to support financial systems
- Managed and implemented a security and PKI infrastructure
- Managed development of clear understanding of the Cabinet level Government Agency security using standard components
- Managed the selection and acquisition support for a secure LAN/WAN infrastructure (servers, bridges, routers, Gateways, modems, Ethernet Cards, Cabling)