1 GPO PKI – Getting Started U.S. Government Printing Office May 20, 2011.

Slides:



Advertisements
Similar presentations
AmeriCorps is introducing a new online payment system for the processing of AmeriCorps forms
Advertisements

Digital Certificate Installation & User Guide For Class-3 Certificates.
Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide
New Filing Procedures: Filing Business Documents Online Tom Riley, Assistant Secretary of State Business Services Division (601)
Digital Certificate Installation & User Guide For Class-2 Certificates.
EAuthentication Before accessing the Delphi eInvoicing System, you must be an authenticated user. This authentication process is called eAuthentication.
Digital Certificate Installation & User Guide For Class-2 Certificates.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Steps to Recover Private Encryption Keys
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
PKI Implementation in the Real World
Welcome to Keyboarding Pro DELUXE ® Get Started Get Started Create Your Student Record Create Your Student Record The Main Menu The Main Menu Send Files.
Objectives The Government of India and Government of Karnataka has constituted the Private Security Agencies Regulation Act, 2005 and Karnataka Private.
July 11 - September FFIEC Central Data Repository Bank Enrollment.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
6/2/2015Information Technology Standing Committee of the IMO 1 Digital Certificate Initiative Guy Springgay Holiday Inn - Oakville.
Christopher Newport University.  Logging In  User Interface Navigation Bar Appointment Cells Adding Appointments ○ Individual Appointments Appointment.
By: Beth Gardner Procurement and Grants Office Technical Information Management Section Phone: ,
Rural Development Department Government of Tripura Venue: Conference Hall #1, Pragna Bhawan, Gorkhabasti Date: 7 th March, 2014.
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Digital Certificate Installation & User Guide For Class - 2 Certificates.
GRANTS.GOV MODULE I How To Get Started Presented by San Francisco State University Office of Research and Sponsored Programs Jackie White, Pre-Award Manager.
LGC Website and Customer On-line Tools LGC RESOURCE 2014.
1 The HRSA Electronic Handbooks (EHBs) Judy Ceresa HRSA - Division of Grants Policy Elisa Peet HRSA Call Center August 27, 2007.
Louisiana Scholarship Program (LSP) Information on Registering and Enrolling Scholarship Students.
© TecSec® Incorporated 2003 Threat Notification Model for Federal, State and Local Authorities Threat Notification Model for Federal, State and Local Authorities.
EDMR Electronic data submittal system Jeffrey A. Ewick, Section Chief Data and Information Services Section Electronic Discharge Monitoring Report.
Annual Certification IDEAS-PD Select your IDEAS role from the list at the right. After completing that module, be sure to take the User Preference Setup.
Wyoming Medicaid Provider Web Portal Wyoming Medicaid Provider Workshops Summer 2015 Presenter: Kilee Thompson, Field Representative.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
EProcurement. Transaction: ME41 Create RFQ Transaction: ME41 Assign Vendor The following button invites vendor to participate in the bid.
U.S. Department of Agriculture eGovernment Program July 23, 2003 eAuthentication Initiative Agency Responsibilities and Funding Discussion eGovernment.
How Can NRCS Clients Use the Conservation Client Gateway
NACCED Conference Tech. 101: Making Your Grants Dance September 19, 2011 Presenter – Scott Stevenson, L.A. County CDC.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
Computer Emergency Notification System (CENS)
Copyright © First Option 2008 First Option WebCheck The 1st Option in IT.
Federal Acquisition Service U.S. General Services Administration eOffer/eMod Training eOffer/eMod Training Keonia Cobbins Systems Development Office of.
1 Streamlining NMMSS Data Submission James C. Crabtree Office of Health, Safety and Security U.S. Department of Energy May 20, 2009.
All Unit Charter Renewals are due at the respective District’s Roundtable Meeting in November Last Updated 9/29/15.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
Household Applications and Verification School Year Revised July 2014.
How can I respond to an IRB CAL Letter? It’s easy…just follow the steps on the next few slides.
How to Deploy and Get the Most Out of Tokens Paul Caskey PKI Deployment Forum 2008.
Bidder Registration Process
1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
Important Changes and Reminders for Fund Year 2016 E-rate Program Applicant Training November 2015.
Adviser Panel. Go to All DD Track Advisers: Click “Advisor Login”
V 0.1Slide 1  send – Send How to send in WebSAMS? Access Control Other Information Configuration Customization  manage.
PKI Services for CYPRUS STOCK EXCHANGE Kostas Nousias.
NIMAC for Accessible Media Producers: February 2013 NIMAC 2.0 for AMPs.
How to CORRECTLY Complete a TEASE Access Request Form.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
GEOS Underground Storage Tank Annual Tank Registration
Creating a new Central Data Exchange (CDX) Account (to access NetDMR)
Standard Operating Procedure
How Can NRCS Clients Use the Conservation Client Gateway
Training Objectives About D2F Download Installation Configuration
Public Key Infrastructure (PKI)
WikID installation/training
Protecting Client Confidentiality for Volunteers and Agency Staff
Installation & User Guide
WAWF e-Business Suite Federal Agencies Getting Started
Creating a new Central Data Exchange (CDX) Account (to access NetDMR)
ODMAP Gaining Agency Access.
HIDTA’s Overdose Detection Mapping Application Program
To the ETS – Encumbrance Online Training Course
Installation & User Guide
To the ETS – Encumbrance Online Training Course
Presentation transcript:

1 GPO PKI – Getting Started U.S. Government Printing Office May 20, 2011

2 Agenda  About GPO PKI  Using GPO PKI for OFR eDOCS  GPO PKI Services

3 About GPO PKI  Shared Service Provider (SSP) certification – July 2007  Cross-Certified with Federal Bridge Certification Authority since December 2005  Meets all Federal PKI requirements  In operation at GPO since 2004

4 GPO PKI Services  End User Certificates  Medium Assurance Level (federal PKI)  Requires in-person identity proofing for Users  End user must present themselves in person to the RA or LRA  Two options:  At GPO Main Office  Agency Local Registration Authority (LRA)  Agency LRA personnel require a hardware token  LRA personnel (agency) must be identity proofed at GPO\  Hardware token required due to sensitive nature of enrollment function performed  LRA enrolls other agency personnel at agency– record keeping requirements  Agency users must present themselves in person to LRA at agency

5 GPO PKI Services  Help Desk  GPO provides technical assistance to users  notification by users to GPO  Automatically routed to GPO PKI support  Phone number provided for emergencies  Agency IT Help Desk  Most agencies wish end users to coordinate IT problem reporting and resolution through the agency IT Help Desk  GPO will work with agencies and PKI end users  GPO will always provide technical assistance to resolve end user PKI problems  May involve IT problems at the agency and agency will need to resolve those

6 Certificate Uses  File signing  eDOCS, for example  File encryption  encryption and signing (S/MIME)  For Outlook  Other uses are possible, in consultation with GPO PKI

7 OFR eDOCS PKI  Background:  OFR eDOCS application  Hosted by GPO on behalf of OFR  Allows submission of digitally signed files  Saves time and money  Requires official agency submitter to have PKI certificate  Required Medium Assurance PKI certificate  Requires In-Person Identity Proofing  GPO PKI services for the OFR eDOCS application  In Operation since September 16, 2006  OFR eDOCS originally used NFC PKI (pre Sept. 2006)

8 eDOCS Document Submission Process  Step 1:  End user logs into GPO PKI end user software (COTS client software meeting FIPS and Federal PKI standards from Entrust, configured by GPO to interface to the FBCA cross-certified GPO PKI). User enters appropriate password (from certificate issuance process, for initial password).  Step 2:  End user locates the file to be signed using Windows operating system process.  Step 3:  End user RIGHT CLICKS on the file to be signed.  Step 4:  End User selects Entrust Advanced.  Step 5:  End User selects Sign.  Step 6:  GPO PKI software signs the file.  Step 7:  End user uses their normal agency to send to the Federal Register address. User attaches file selected and signed in Step 6.  Step 8:  Process COMPLETE.

9 GPO PKI Services – Cost Structure  Cost Structure  End User Certificates:  $97 per user per year  NOTE: Software certificate (does not apply to smartcard certificate)  LRA Users:  $225 per LRA per year (includes hardware token)  LRA’s perform enrollment of agency users for GPO PKI  Costs documented in GPO Circular Letter 744  URL:  Business Enablement:  SF-1 Form executed for GPO  Printing Officers at each federal agency – liaison to GPO  Memorandum of Agreement  Spells out roles and responsibilities

10 GPO PKI Services – Getting Started  Step 1: Execute a Standard Form 1 (SF-1) and send to GPO  Send to: Bobbie McKoy at GPO (contact information on last slide)  Sample SF-1 shown on a later slide  Identify the Number of End Users that will have Certificates  Decide if Agency will use Local Registration Authority (LRA) function  Step 2: Execute Memorandum of Agreement and send to GPO  Spells out Roles and Responsibilities  Send to: John Hannan at GPO (contact information on last slide)  Step 3: Ensure Agency IT Support staff know about:  A: Entrust Software installation on end user computers  Agencies normally review and certify software for use on Agency computers  B: Firewall Settings Required (see next slide)  Firewall changes may be needed at some Agencies (depends on Agency controls)  C: Help Desk Notification for End User Problems  Decide how Agency End Users will request Help Desk support for PKI problems  Most common model: End Users notify Agency Help Desk (using standard agency procedures)  Agency Help Desk notifies GPO PKI Help Desk, if needed  Step 4: Install Entrust software on end user computers at Agency  Entrust software provided by GPO as part of fee per user  Available for download at URL:  Step 5: Arrange a date and time for End Users to come to GPO for in-person Identity Proofing (federal PKI requirement)  Contact John Hannan at GPO for this

11 Example SF-1 Form

12 Agency Firewall Settings Required

13 Contact Information  Technical  John Hannan, CISSP Chief Information Security Officer U.S. Government Printing Office  Business  Official Journals of Government office U.S. Government Printing Office

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.