VeriSign, Inc. (NASDAQ:VRSN) , the leading provider of intelligent infrastructure services for the Internet and telecommunications networks, today announced that it is the first commercial vendor to be certified by the Federal Identity Credentialing Committee (FICC) to provide managed public key infrastructure (PKI) and smart-card issuing services for Federal departments and agencies.
In March 2004, the FICC established the Shared Service Provider (SSP) program and published the requirements and processes by which managed service providers can qualify to be Federal PKI Shared Service Providers. In June, VeriSign qualified as the first and only commercial vendor to pass the rigorous SSP qualification process.
"We are thrilled to be the first certified PKI Shared Service Provider," said George Schu, vice president, VeriSign public sector. "VeriSign's Managed PKI can be deployed across an enterprise or agency in a matter of days, as opposed to the months spent implementing a proprietary system. The Federal government has raised the bar for meeting rigorous security standards, and this program recognizes that buying proven security solutions - not building them - is the preferred way to acquire and deploy PKI."
The OMB has determined that, after FY 2005, Federal agencies intending to use PKI must buy services from qualified managed service providers operating under the Federal Common Policy Framework, rather than establishing their own internal PKI. Qualified SSPs must deliver PKI certificates on smart cards that meet the X.509 Certificate Policy for the Common Policy Framework and the Federal Smart Card Policy. According to the FICC, the goal of creating the certified PKI SSP providers list is to end the proliferation of stove-pipes within the Federal government, drive standards adoption, and simplify interoperability across the Federal enterprise. The resulting infrastructure will enable implementation of diverse capabilities that take advantage of standardized identity credentials and enhance security across and between Federal agencies.
The integrated PKI smart-card issuing system that VeriSign submitted for qualification as an SSP, which successfully passed an SSP Operational Capabilities Demonstration in June 2004, was based on the smart-card PKI solution that VeriSign deployed in 2003 for the Department of Interior's Bureau of Land Management. Bob Donelson, Chair of the Government Smart Card, Interagency Advisory Board and PKI Manager, Bureau of Land Management, noted, "The VeriSign solution has enabled BLM to rapidly deploy a scalable PKI that has substantially enhanced the physical and logical security for its employees and also enabled BLM to reinvent many of its business processes by securely moving them online."