Skip to Main Content
Individuals can already purchase digital certificates through the General Services Administration's (GSA's) Access Certificates for Electronic Services (ACES) program or through VeriSign, Thawte, and the like. Federal employees, contractors, and Web servers could have their digital certificates issued through the Federal PKI Common Policy program. In other words, the complete solution is in place if only someone would use it. This reluctance is particularly puzzling, given that these stronger authentication and authorization infrastructures are foundational for the secure data access and transactions that must conform to federal privacy laws and industry's best practices. Without strong credentials, support for the next generation of secure automation simply can't occur. And even more important, smartcard credentials that include digital certificates are already mandatory for federal employees and contractors.