Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 GPO PKI – Getting Started U.S. Government Printing Office May 20, 2011.

Published byStephen Sidley Modified over 9 years ago

Similar presentations

Presentation on theme: "1 GPO PKI – Getting Started U.S. Government Printing Office May 20, 2011."— Presentation transcript:

1 1 GPO PKI – Getting Started U.S. Government Printing Office May 20, 2011

2 2 Agenda  About GPO PKI  Using GPO PKI for OFR eDOCS  GPO PKI Services

3 3 About GPO PKI  Shared Service Provider (SSP) certification – July 2007  Cross-Certified with Federal Bridge Certification Authority since December 2005  Meets all Federal PKI requirements  In operation at GPO since 2004

4 4 GPO PKI Services  End User Certificates  Medium Assurance Level (federal PKI)  Requires in-person identity proofing for Users  End user must present themselves in person to the RA or LRA  Two options:  At GPO Main Office  Agency Local Registration Authority (LRA)  Agency LRA personnel require a hardware token  LRA personnel (agency) must be identity proofed at GPO\  Hardware token required due to sensitive nature of enrollment function performed  LRA enrolls other agency personnel at agency– record keeping requirements  Agency users must present themselves in person to LRA at agency

5 5 GPO PKI Services  Help Desk  GPO provides technical assistance to users  Email notification by users to GPO  Automatically routed to GPO PKI support  Phone number provided for emergencies  Agency IT Help Desk  Most agencies wish end users to coordinate IT problem reporting and resolution through the agency IT Help Desk  GPO will work with agencies and PKI end users  GPO will always provide technical assistance to resolve end user PKI problems  May involve IT problems at the agency and agency will need to resolve those

6 6 Certificate Uses  File signing  eDOCS, for example  File encryption  Email encryption and signing (S/MIME)  For Outlook email  Other uses are possible, in consultation with GPO PKI

7 7 OFR eDOCS PKI  Background:  OFR eDOCS application  Hosted by GPO on behalf of OFR  Allows email submission of digitally signed files  Saves time and money  Requires official agency submitter to have PKI certificate  Required Medium Assurance PKI certificate  Requires In-Person Identity Proofing  GPO PKI services for the OFR eDOCS application  In Operation since September 16, 2006  OFR eDOCS originally used NFC PKI (pre Sept. 2006)

8 8 eDOCS Document Submission Process  Step 1:  End user logs into GPO PKI end user software (COTS client software meeting FIPS 140-2 and Federal PKI standards from Entrust, configured by GPO to interface to the FBCA cross-certified GPO PKI). User enters appropriate password (from certificate issuance process, for initial password).  Step 2:  End user locates the file to be signed using Windows operating system process.  Step 3:  End user RIGHT CLICKS on the file to be signed.  Step 4:  End User selects Entrust Advanced.  Step 5:  End User selects Sign.  Step 6:  GPO PKI software signs the file.  Step 7:  End user uses their normal agency email to send email to the Federal Register email address. User attaches file selected and signed in Step 6.  Step 8:  Process COMPLETE.

9 9 GPO PKI Services – Cost Structure  Cost Structure  End User Certificates:  $97 per user per year  NOTE: Software certificate (does not apply to smartcard certificate)  LRA Users:  $225 per LRA per year (includes hardware token)  LRA’s perform enrollment of agency users for GPO PKI  Costs documented in GPO Circular Letter 744  URL: http://www.gpo.gov/customers/letters/744.htm  Business Enablement:  SF-1 Form executed for GPO  Printing Officers at each federal agency – liaison to GPO  Memorandum of Agreement  Spells out roles and responsibilities

10 10 GPO PKI Services – Getting Started  Step 1: Execute a Standard Form 1 (SF-1) and send to GPO  Send to: Bobbie McKoy at GPO (contact information on last slide)  Sample SF-1 shown on a later slide  Identify the Number of End Users that will have Certificates  Decide if Agency will use Local Registration Authority (LRA) function  Step 2: Execute Memorandum of Agreement and send to GPO  Spells out Roles and Responsibilities  Send to: John Hannan at GPO (contact information on last slide)  Step 3: Ensure Agency IT Support staff know about:  A: Entrust Software installation on end user computers  Agencies normally review and certify software for use on Agency computers  B: Firewall Settings Required (see next slide)  Firewall changes may be needed at some Agencies (depends on Agency controls)  C: Help Desk Notification for End User Problems  Decide how Agency End Users will request Help Desk support for PKI problems  Most common model: End Users notify Agency Help Desk (using standard agency procedures)  Agency Help Desk notifies GPO PKI Help Desk, if needed  Step 4: Install Entrust software on end user computers at Agency  Entrust software provided by GPO as part of fee per user  Available for download at URL: http://www.gpo.gov/projects/pki.htm  Step 5: Arrange a date and time for End Users to come to GPO for in-person Identity Proofing (federal PKI requirement)  Contact John Hannan at GPO for this

11 11 Example SF-1 Form

12 12 Agency Firewall Settings Required

13 13 Contact Information  Technical  John Hannan, CISSP Chief Information Security Officer U.S. Government Printing Office 202-512-1021 jhannan@gpo.gov  Business  Official Journals of Government office U.S. Government Printing Office 202-512-2100

Download ppt "1 GPO PKI – Getting Started U.S. Government Printing Office May 20, 2011."

Similar presentations

AmeriCorps is introducing a new online payment system for the processing of AmeriCorps forms

AmeriCorps is introducing a new online payment system for the processing of AmeriCorps forms
Digital Certificate Installation & User Guide For Class-3 Certificates.

Digital Certificate Installation & User Guide For Class-3 Certificates.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
New Filing Procedures: Filing Business Documents Online Tom Riley, Assistant Secretary of State Business Services Division (601) 359-1633 www.sos.ms.gov.

New Filing Procedures: Filing Business Documents Online Tom Riley, Assistant Secretary of State Business Services Division (601)
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
EAuthentication Before accessing the Delphi eInvoicing System, you must be an authenticated user. This authentication process is called eAuthentication.

EAuthentication Before accessing the Delphi eInvoicing System, you must be an authenticated user. This authentication process is called eAuthentication.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Steps to Recover Private Encryption Keys

Steps to Recover Private Encryption Keys
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
PKI Implementation in the Real World

PKI Implementation in the Real World
Welcome to Keyboarding Pro DELUXE ® Get Started Get Started Create Your Student Record Create Your Student Record The Main Menu The Main Menu Send Files.

Welcome to Keyboarding Pro DELUXE ® Get Started Get Started Create Your Student Record Create Your Student Record The Main Menu The Main Menu Send Files.
Objectives The Government of India and Government of Karnataka has constituted the Private Security Agencies Regulation Act, 2005 and Karnataka Private.

Objectives The Government of India and Government of Karnataka has constituted the Private Security Agencies Regulation Act, 2005 and Karnataka Private.
July 11 - September 2 2005 FFIEC Central Data Repository Bank Enrollment.

July 11 - September FFIEC Central Data Repository Bank Enrollment.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
6/2/2015Information Technology Standing Committee of the IMO 1 Digital Certificate Initiative Guy Springgay Holiday Inn - Oakville.

6/2/2015Information Technology Standing Committee of the IMO 1 Digital Certificate Initiative Guy Springgay Holiday Inn - Oakville.
Christopher Newport University.  Logging In  User Interface Navigation Bar Appointment Cells Adding Appointments ○ Individual Appointments Appointment.

Christopher Newport University.  Logging In  User Interface Navigation Bar Appointment Cells Adding Appointments ○ Individual Appointments Appointment.
By: Beth Gardner Procurement and Grants Office Technical Information Management Section Phone: 770-488-2700,

By: Beth Gardner Procurement and Grants Office Technical Information Management Section Phone: ,
Rural Development Department Government of Tripura Venue: Conference Hall #1, Pragna Bhawan, Gorkhabasti Date: 7 th March, 2014.

Rural Development Department Government of Tripura Venue: Conference Hall #1, Pragna Bhawan, Gorkhabasti Date: 7 th March, 2014.

Similar presentations

Ads by Google