Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
USPS chooses vendor to take identity management to the cloud
Wednesday - 8/21/2013, 8:29pm EDT
USPS late Tuesday awarded a three-year, $15.1 million contract to SecureKey Technologies to build a portal in the cloud to handle the identity management process and connect one username or password or digital certificate to many services.
"SecureKey's proposal was determined to offer the best value because SecureKey had the highest rated technical proposal and offered the second lowest price," USPS wrote in the award notice.
A USPS spokeswoman said the pilot will give them a private and secure credential program.
"The Postal Service has been chosen to take part in an innovative cross-agency governmental task team established to create a digital Federal Cloud Credential Exchange (FCCX) platform," a USPS spokeswoman told Federal News Radio. "Credential exchange will allow individuals to access online services at participating government agencies using their existing commercially issued digital identification. USPS is well positioned to be a part of this transformational pilot project to develop a credential exchange program that will offer security, privacy and efficiency for the federal government."
The Federal Cloud Credential Exchange (FCCX) pilot falls under the National Strategy for Trusted Identities in Cyberspace (NSTIC) program, and it is one example of how to create an identity ecosystem.
Lefkovitz said the policy, framework and cloud exchange will benefit agencies in several ways, including cost reductions and simplifying the citizens' interaction with the government.
"Moreover, we anticipate that progress in addressing the knotty areas of governance, liability and business models will facilitate maturation of the Identity Ecosystem," she said.
SecureKey Technologies beat out 17 other vendors to win the award. While it's not a high dollar contract, it's prestigious and could open the door for future cloud and identity management opportunities.
The company said it will implement its SecureKey briidge.net Exchange, a cloud-based authentication and credential brokerage service. SecureKey said the exchange will enable cost-effective credential broker and management capabilities for tens of millions of people.
"Last year, SecureKey successfully launched its innovative SecureKey Concierge credential broker service as part of the Government of Canada's Cyber Authentication Renewal initiative," Andre Boysen, chief marketing officer for SecureKey, said in a release.
Lefkovitz said SecureKey Technologies will use a "double blind" architecture that will prevent the tracking of credential use among providers and relying parties to ensure privacy and civil liberties.
"In addition, the FCCX team will be working on the capability for identity providers to share needed attributes with federal agencies while limiting the attributes' exposure within the hub through the development of privacy-enhancing cryptography in a commercially deployable protocol," she wrote. "Notwithstanding the number of NSTIC pilots exploring this latter subject, broad commercial deployment of privacy-enhancing cryptography remains elusive."
Vendors and others in the identity management community have closely watched this contract opportunity. USPS issued the solicitation in January.
The goal of the FCCX is to let citizens log onto federal services using usernames and passwords from third parties, such as Google or PayPal, as long as those companies meet federal standards under the Federal Identity Credential and Access Management framework (FICAM).
USPS volunteered to run the pilot under its Digital Solutions Group.
According to a slide presentation from June posted on IDManagement.gov, the FCCX would create a single interface between agencies and identity service providers, speed up integration and reduce costs and complexity.
USPS told industry that the FCCX should be able to support 135 million customers and up to 1 million customer transactions per hour. The FCCX pilot is expected to last one year, the Postal Service said.