Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Navy moves closer to going paperless
Tuesday - 8/31/2010, 6:41am EDT
Federal News Radio
As one of his last official duties as chief information officer, Rob Carey made it easier for the Department of the Navy to go paperless.
"The military organizations as whole have many, many, many forms that you could digitize and you could now move around on the network given you have a workflow mechanism, you could sign them digitally with your Public Key Infrastructure certificates on your Common Access Card," Carey said in an interview with Federal News Radio. "This provides the top cover and the impetus to take business processes from paper based to electronic based. Now the records aspects, the storage aspects, the aspects of the business process change and hopefully accelerate."
DoD and several of the services issued policies requiring soldiers and civilians to sign e-mails using their secure identity card, or Common Access Card (CAC) as far back as 2000. But the Navy is one of the first, if only military service, to issue a policy detailing how to digitally sign documents as part of its business processes.
DoD's CIO issued a memo in May 2006 ensuring digital signature interoperability. The DoDwide policy required the Joint Interoperability Test Command (JITC) to approve all digital signature profiles.
"It's a policy about how you do it; it's not a mandate," Carey said. "But it enables someone who's thinking about it. The mandates come separately. We don't want to mandate to go spend a whole lot of money. You would prioritize what processes you want to electronicfy first that have a higher pay off than others."
The Navy's policy requires all e-signature software to be certified and accredited and approved by JITC. It also requires offices to perform a legal review of the adopted application, ensure the user has an opportunity to review the information before signing the document and ensure the person's name, the date and time it was signed are all available on the paper copy of the document.
Navy offices also must retain the digital metadata of the document or contextual materials, archive the signed documents and make sure the information is available for the life of the document.
Carey said there are several reasons for approving the policy now.
"We now have a customer base who understands cryptographic logons, signing and encrypting e-mails from their desktops and some of the front runners, early adopters, have gone out and digitized processes," he said.
Carey is one of those early adopters. He said he signs Privacy Impact Assessments of systems electronically.
"I get a form via e-mail. I open it up. I sign it digitally and move it along electronically," he said. "I never print the document anymore and these things are 30-to-40 pages long. It's very powerful that I'm being a little economical with my killing of trees and paper, and now I know no one has tampered with the document and there is a whole lot of benefits to speeding up approval and autographs of things. There is a convergence of need, capability and now people's ability to do it."
Carey said the policy becomes a catalyst for Navy offices who believe they have a business case to move processes online.
"Now our comfort level with this technology is at the right level, I think our technology is at the right level," he said. "As we introduce the SHA 256 algorithms to PKI after the first of the year we will start producing CAC cards with a different PKI algorithm on them, that will provide a little bit of a hiccup, but it will also provide a greater level of security associated with digital signatures and signing and encrypting things."
(Copyright 2010 by FederalNewsRadio.com. All Rights Reserved.)