1 / 13

GPO PKI and OFR eDOCS

GPO PKI and OFR eDOCS. U.S. Government Printing Office September 10, 2009. Agenda. About GPO PKI and OFR eDOCS GPO PKI Services. About GPO PKI. Shared Service Provider (SSP) certification – July 2007 Cross-Certified with Federal Bridge Certification Authority since December 2005

howe
Télécharger la présentation

GPO PKI and OFR eDOCS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GPO PKI and OFR eDOCS U.S. Government Printing Office September 10, 2009

  2. Agenda • About GPO PKI and OFR eDOCS • GPO PKI Services

  3. About GPO PKI • Shared Service Provider (SSP) certification – July 2007 • Cross-Certified with Federal Bridge Certification Authority since December 2005 • Meets all Federal PKI requirements • In operation at GPO since 2004

  4. GPO PKI Services • End User Certificates • Medium Assurance Level (federal PKI) • Requires in-person identity proofing for Users • End user must present themselves in person to the RA or LRA • Two options: • At GPO Main Office • Agency Local Registration Authority (LRA) • Agency LRA personnel require a hardware token • LRA personnel (agency) must be identity proofed at GPO\ • Hardware token required due to sensitive nature of enrollment function performed • LRA enrolls other agency personnel at agency– record keeping requirements • Agency users must present themselves in person to LRA at agency

  5. GPO PKI Services • Help Desk • GPO provides technical assistance to users • Email notification by users to GPO • Automatically routed to GPO PKI support • Phone number provided for emergencies • Agency IT Help Desk • Most agencies wish end users to coordinate IT problem reporting and resolution through the agency IT Help Desk • GPO will work with agencies and PKI end users • GPO will always provide technical assistance to resolve end user PKI problems • May involve IT problems at the agency and agency will need to resolve those

  6. Certificate Uses • File signing • eDOCS, for example • File encryption • Email encryption and signing (S/MIME) • For Outlook email • Other uses are possible, in consultation with GPO PKI

  7. OFR eDOCS PKI • Background: • OFR eDOCS application • Hosted by GPO on behalf of OFR • Allows email submission of digitally signed files • Saves time and money • Requires official agency submitter to have PKI certificate • Required Medium Assurance PKI certificate • Requires In-Person Identity Proofing • GPO PKI services for the OFR eDOCS application • In Operation since September 16, 2006 • OFR eDOCS originally used NFC PKI (pre Sept. 2006)

  8. eDOCS Document Submission Process • Step 1: • End user logs into GPO PKI end user software (COTS client software meeting FIPS 140-2 and Federal PKI standards from Entrust, configured by GPO to interface to the FBCA cross-certified GPO PKI). User enters appropriate password (from certificate issuance process, for initial password). • Step 2: • End user locates the file to be signed using Windows operating system process. • Step 3: • End user RIGHT CLICKS on the file to be signed. • Step 4: • End User selects Entrust Advanced. • Step 5: • End User selects Sign. • Step 6: • GPO PKI software signs the file. • Step 7: • End user uses their normal agency email to send email to the Federal Register email address. User attaches file selected and signed in Step 6. • Step 8: • Process COMPLETE.

  9. GPO PKI Services – Cost Structure • Cost Structure • End User Certificates: • $97 per user per year • NOTE: Software certificate (does not apply to smartcard certificate) • LRA Users: • $225 per LRA per year (includes hardware token) • LRA’s perform enrollment of agency users for GPO PKI • Costs documented in GPO Circular Letter 744 • URL: http://www.gpo.gov/customers/letters/744.htm • Business Enablement: • SF-1 Form executed for GPO • Printing Officers at each federal agency – liaison to GPO • Memorandum of Agreement • Spells out roles and responsibilities

  10. GPO PKI Services – Getting Started • Step 1: Execute a Standard Form 1 (SF-1) and send to GPO • Send to: Bobbie McKoy at GPO (contact information on last slide) • Sample SF-1 shown on a later slide • Identify the Number of End Users that will have Certificates • Decide if Agency will use Local Registration Authority (LRA) function • Step 2: Execute Memorandum of Agreement and send to GPO • Spells out Roles and Responsibilities • Send to: John Hannan at GPO (contact information on last slide) • Step 3: Ensure Agency IT Support staff know about: • A: Entrust Software installation on end user computers • Agencies normally review and certify software for use on Agency computers • B: Firewall Settings Required (see next slide) • Firewall changes may be needed at some Agencies (depends on Agency controls) • C: Help Desk Notification for End User Problems • Decide how Agency End Users will request Help Desk support for PKI problems • Most common model: End Users notify Agency Help Desk (using standard agency procedures) • Agency Help Desk notifies GPO PKI Help Desk, if needed • Step 4: Install Entrust software on end user computers at Agency • Entrust software provided by GPO as part of fee per user • Available for download at URL: http://www.gpo.gov/projects/pki.htm • Step 5: Arrange a date and time for End Users to come to GPO for in-person Identity Proofing (federal PKI requirement) • Contact John Hannan at GPO for this

  11. Example SF-1 Form

  12. Agency Firewall Settings Required

  13. Contact Information • Technical • John Hannan, CISSP Chief Information Security Officer U.S. Government Printing Office 202-512-1021 jhannan@gpo.gov • Business • Bobbie McKoy Assistant Director, Agency Accounts & Marketing U.S. Government Printing Office 202-512-1675 bmckoy@gpo.gov

More Related