By new position in the Navy’s Cyber Fleet Command on Sept. 13, signed a policy Friday describing how to implement an electronic signature process.
“The military organizations as whole have many, many, many forms that you could digitize and you could now move around on the network given you have a workflow mechanism, you could sign them digitally with your Public Key Infrastructure certificates on your Common Access Card,” Carey said in an interview with Federal News Radio. “This provides the top cover and the impetus to take business processes from paper based to electronic based. Now the records aspects, the storage aspects, the aspects of the business process change and hopefully accelerate.”
DoD and several of the services issued policies requiring soldiers and civilians to sign e-mails using their secure identity card, or Common Access Card (CAC) as far back as 2000. But the Navy is one of the first, if only military service, to issue a policy detailing how to digitally sign documents as part of its business processes.
DoD’s CIO issued a memo in May 2006 ensuring digital signature interoperability. The DoDwide policy required the Joint Interoperability Test Command (JITC) to approve all digital signature profiles.
“It’s a policy about how you do it; it’s not a mandate,” Carey said. “But it enables someone who’s thinking about it. The mandates come separately. We don’t want to mandate to go spend a whole lot of money. You would prioritize what processes you want to electronicfy first that have a higher pay off than others.”
The Navy’s policy requires all e-signature software to be certified and accredited and approved by JITC. It also requires offices to perform a legal review of the adopted application, ensure the user has an opportunity to review the information before signing the document and ensure the person’s name, the date and time it was signed are all available on the paper copy of the document.
Navy offices also must retain the digital metadata of the document or contextual materials, archive the signed documents and make sure the information is available for the life of the document.
Carey said there are several reasons for approving the policy now.
“We now have a customer base who understands cryptographic logons, signing and encrypting e-mails from their desktops and some of the front runners, early adopters, have gone out and digitized processes,” he said.
Carey is one of those early adopters. He said he signs Privacy Impact Assessments of systems electronically.
“I get a form via e-mail. I open it up. I sign it digitally and move it along electronically,” he said. “I never print the document anymore and these things are 30-to-40 pages long. It’s very powerful that I’m being a little economical with my killing of trees and paper, and now I know no one has tampered with the document and there is a whole lot of benefits to speeding up approval and autographs of things. There is a convergence of need, capability and now people’s ability to do it.”
Carey said the policy becomes a catalyst for Navy offices who believe they have a business case to move processes online.
“Now our comfort level with this technology is at the right level, I think our technology is at the right level,” he said. “As we introduce the SHA 256 algorithms to PKI after the first of the year we will start producing CAC cards with a different PKI algorithm on them, that will provide a little bit of a hiccup, but it will also provide a greater level of security associated with digital signatures and signing and encrypting things.”
(Copyright 2010 by FederalNewsRadio.com. All Rights Reserved.)