VeriSign Certified as Federal PKI Shared Service Provider

In March 2004, the FICC established the Shared Service Provider (SSP) program and published the requirements and processes by which managed service providers can qualify to be Federal PKI Shared Service Providers. In June, VeriSign qualified as the first and only commercial vendor to pass the rigorous SSP qualification process. The OMB has determined that, after FY 2005, Federal agencies intending to use PKI must buy services from qualified managed service providers operating under the Federal Common Policy Framework, rather than establishing their own internal PKI. Qualified SSPs must deliver PKI certificates on smart cards that meet the X.509 Certificate Policy for the Common Policy Framework and the Federal Smart Card Policy. According to the FICC, the goal of creating the certified PKI SSP providers list is to end the proliferation of stove-pipes within the Federal government, drive standards adoption, and simplify interoperability across the Federal enterprise. The resulting infrastructure will enable implementation of diverse capabilities that take advantage of standardized identity credentials and enhance security across and between Federal agencies. The integrated PKI smart-card issuing system that VeriSign submitted for qualification as an SSP, which successfully passed an SSP Operational Capabilities Demonstration in June 2004, was based on the smart-card PKI solution that VeriSign deployed in 2003 for the Department of Interiors Bureau of Land Management.