Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/25/2009
03:25 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

VeriSign Delivers Managed PKI For Organizations Needing Interoperability With Federal Government

VeriSign Non-Federal Shared Service Provider (SSP) PKI facilitates trusted collaboration between federal and state governments and the public and private sector in areas such as domestic security, health care, and academic research

MOUNTAIN VIEW, Calif. " February 25, 2009--VeriSign, Inc. (NASDAQ: VRSN), the trusted provider of Internet infrastructure services for the networked world, announced today the availability of a managed PKI service for all organizations needing interoperability with the federal government, including state and local governments, government contractors, universities and healthcare providers. The new offering, called VeriSign' Non-Federal Shared Service Provider (SSP) PKI, facilitates trusted collaboration between federal and state governments and the public and private sector in areas such as domestic security, health care and academic research by enabling non-federal entities to operate at the specific levels of assurance required by the federal government.

VeriSign' Non-Federal SSP PKI is a comprehensive enterprise PKI service that includes a clone of the PKI service that VeriSign delivers to federal agencies for issuing Personal Identity Verification (PIV) smartcards to comply with the requirements of Homeland Security Presidential Directive-12 (HSPD-12). The solution is cross-certified with the Federal Bridge Certification Authority (FBCA) at four assurance levels. At the highest assurance level, VeriSign Non-Federal SSP PKI enables state and local governments to issue PKI certificates on First Responder Authentication Cards (FRAC) smartcards that are interoperable with the PIV cards issued to federal employees and contractors. Previously, VeriSign was the first vendor approved by the Federal Identity Credentialing Committee as a PKI Shared Service Provider for federal agencies. The VeriSign' Federal SSP PKI and associated Card Management System (CMS) for PIV are currently enabling federal agencies like the Federal Aviation Administration, the Department of Education and the Department of Housing and Urban Development to issue PIV cards to their employees and contractors. With Non-Federal SSP PKI, VeriSign has not only extended the concept of certified managed PKI services to non-federal organizations, but it has added additional assurance levels so that its service can adapt to the foreseeable enterprise PKI needs of these organizations. VeriSign Non-Federal SSP PKI uses the same technology, standards, and infrastructure that VeriSign, the National Institute of Standards and Technology (NIST) and others have developed to enable federal agencies to comply with Federal Information Processing Standard 201.

"VeriSign Non-Federal SSP PKI is designed as an enterprise PKI for non-federal organizations needing trusted interoperability with the federal government," said Nicholas Piazzola, vice president of Government Programs at VeriSign. It builds upon VeriSign's deep experience in operating infrastructure that is critical for ensuring trusted communications between individuals and organizations. By providing an infrastructure that meets the strict criteria for interoperability with the federal government, it enables non-federal organizations to avoid the significant time, investment and expertise needed to achieve trusted interoperability with the federal government."

Piazzola continued, "Not only will VeriSign Non-Federal SSP PKI more quickly enable state and local governments to issue PIV-interoperable smartcards for their first responders and enable government contractors to replace their employee badges with a PIV-compatible smartcard, but it will also enable these organizations, as well as universities, to issue digital certificates over the broad range of assurance levels appropriate for an enterprise."

"We have defined requirements to promote and ensure trusted, interoperable credentials for first responders, public safety officials, critical infrastructure partners and others needing high assurance interoperability for physical and logical access to federal government resources," said Peter Alterman, Deputy Associate Administrator for Technology at the General Services Administration. "Having Non-Federal Shared Service Provider PKIs cross-certified with the Federal Bridge is essential to meeting these interoperability requirements."

A number of state governments, including the States of Colorado and Kansas, have chosen VeriSign' Non-Federal SSP PKI to meet their FRAC and enterprise PKI needs. Micheline Casey, Director of Identity Management for the State of Colorado said, "We chose VeriSign Non-Federal SSP PKI because it not only provides the PIV-interoperable digital certificates that we need for our first responder FRAC cards, but it meets the requirements for an enterprise PKI for the State of Colorado."

Ron Thornburgh, Kansas Secretary of State, said, "We are pleased to be one of the first states to adopt the VeriSign Non-Federal SSP PKI. The resulting interoperability with federal government will enhance a number of important PKI initiatives in Kansas and add value for our customers. VeriSign Non-Federal SSP PKI will provide the flexibility and interoperability to meet all of our enterprise PKI needs."

The University of Texas, which has an extensive PKI that includes 16 Certification Authorities distributed across its various school campuses, is migrating its infrastructure to VeriSign Non-Federal SSP PKI. Clair Goldsmith, Ph.D., Senior Advisor for Information Technology for the University of Texas System, said, "We are pleased to be the first university to adopt the VeriSign Non-Federal SSP PKI. We chose this VeriSign PKI service because it provides the interoperability that our medical schools need for trusted communication with the National Institutes of Health. By adopting the VeriSign Non-Federal SSP PKI service, we avoided the costly and time-consuming effort that would have been necessary to get our existing PKI service cross-certified with the FBCA." Available immediately, VeriSign Non-Federal SSP PKI is a comprehensive enterprise PKI service that enables organizations to issue both client and device certificates. It includes a public directory and OCSP validation services. It is hosted in the same facilities and data centers from which VeriSign provides mission-critical security and infrastructure services for the Internet and thousands of commercial and government organizations. Pricing is on a per-user basis and each user can be issued virtually an unlimited number of certificates.

About VeriSign VeriSign, Inc. (NASDAQ: VRSN) is the trusted provider of Internet infrastructure services for the networked world. Billions of times each day, VeriSign helps companies and consumers all over the world engage in communications and commerce with confidence. Additional news and information about the company is available at www.verisign.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.