World Library  

Add to Book Shelf
Flag as Inappropriate
Email this Book

Public Key Infrastructure : Examples of Risks and Internal Control Objectives Associated with Certification Authorities

By Rhodes, Keith A.

Click here to view

Book Id: WPLBN0000217624
Format Type: PDF eBook
File Size: 0.3 MB
Reproduction Date: 2005
Full Text

Title: Public Key Infrastructure : Examples of Risks and Internal Control Objectives Associated with Certification Authorities  
Author: Rhodes, Keith A.
Language: English
Subject: Government publications, Accountability in government, United States. General Accounting Office
Collections: Government Library Collection, Government Accountability Integrity Reliability Office Collection
Publication Date:
Publisher: United States General Accounting Office (Gao)


APA MLA Chicago

Rhodes, K. A. (n.d.). Public Key Infrastructure : Examples of Risks and Internal Control Objectives Associated with Certification Authorities. Retrieved from

Government Accountability Integrity Reliability Office Collection

Excerpt: This letter is in response to your request that we examine our advice to executive branch agencies regarding commercial managed service public key infrastructure (PKI) solutions to see if the advice is consistent with current federal policy and private sector best practices. Specifically, over the past several years, staff from various agencies has asked for informal advice on these matters. Our informal advice was based on the control environment described to us by the agencies. This control environment, which is discussed later in this letter, resulted in the informal advice that the agencies may incur a greater burden in ensuring that a contract certification authority whose certificates are used in financial management applications1 has implemented an adequate system of internal controls than would be necessary if the certification authority were implemented internally. However, if agencies are willing to accept this potential increased burden by accepting and mitigating the potential risks (not all of which may be known and understood at this time) associated with commercial certification authorities contracting out, a certification authority may be able to provide the same level of security assurances as an internal certification authority. One key aspect of mitigating the risk will be the close involvement of agency personnel in the commercial implementation. We also told the agencies that until we were formally requested by an agency to review a commercial service provider's system, we could not express a formal position. To date, we have not received such a request.


Click To View

Additional Books

  • Federal Family Education Loan Program (by )
  • Major Management Challenges and Program ... (by )
  • Information Technology Terrorist Watch L... (by )
  • Aviation Security Challenges Exist in St... (by )
  • Department of Transportation, Federal Av... (by )
  • Information Security Further Efforts Nee... (by )
  • Commercial Activities Panel (by )
  • Congressional Committee and Subcommittee... (by )
  • Geographic Information Systems Challenge... (by )
  • Foreign Assistance Usaid Needs to Improv... (by )
  • International Exchange Programs Open Wor... (by )
  • Effects of the Terrorism Risk Insurance ... (by )
Scroll Left
Scroll Right


Copyright © World Library Foundation. All rights reserved. eBooks from World eBook Library are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.