Use of Corps Electronic Signature System (Correspondence, 08/24/94,
GAO/AIMD-94-179R).
The Air Force requested that GAO sanction its use of the Army Corps of
Engineers' Prototype Electronic Signature System for its data
interchange project. GAO noted that: (1) it sanctioned the Corps'
prototype system in January 1993 on a test basis; (2) the Corps plans to
evaluate its prototype system in early 1995, at which time additional
needed controls may be identified before GAO can sanction the
operational system; (3) the Air Force can use the Corps' system if it
incorporates any needed changes into its system, a federal agency
generates and distributes the smart cards, and the Corps' system is
properly integrated into its application; (4) an external party should
review the system's integration to ensure its adequacy; and (5) GAO
approval of the system's use does not constitute approval of the base's
financial management system, although the use of the Corps' system will
significantly reduce the base's costs, risks, and time frames.
--------------------------- Indexing Terms -----------------------------
REPORTNUM: AIMD-94-179R
TITLE: Use of Corps Electronic Signature System
DATE: 08/24/94
SUBJECT: Internal controls
Financial management systems
Air Force procurement
Electronic equipment
Systems evaluation
Application software
Computerized information systems
Testing
IDENTIFIER: Army Electronic Signature Prototype System
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO report. Delineations within the text indicating chapter **
** titles, headings, and bullets are preserved. Major **
** divisions and subdivisions of the text, such as Chapters, **
** Sections, and Appendixes, are identified by double and **
** single lines. The numbers on the right end of these lines **
** indicate the position of each of the subsections in the **
** document outline. These numbers do NOT correspond with the **
** page numbers of the printed product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
** A printed copy of this report may be obtained from the GAO **
** Document Distribution Center. For further details, please **
** send an e-mail message to: **
** **
** **
** **
** with the message 'info' in the body. **
******************************************************************
Cover
================================================================ COVER
August 1994
GAO/AIMD-94-179R
Use of Corps Electronic Signature System
(511473)
Abbreviations
=============================================================== ABBREV
Letter
=============================================================== LETTER
B-258184
August 24, 1994
Colonel Gerald J. Palumbo, USAF
Director of Financial Management
and Controller
Los Angeles Air Force Base
2420 Vela Way, Suite 1467
Los Angeles, CA 90245
Dear Colonel Palumbo:
This letter responds to the July 18, 1994, request from your office
that we sanction the use of the Army Corps of Engineers' Prototype
Electronic Signature System for your electronic commerce/electronic
data interchange project at the Los Angeles Air Force Base. This
project includes financial and procurement software applications.
In January 1993, we issued a letter sanctioning the Corps' Prototype
Electronic Signature System.\1 It is our understanding that you are
asking for clarification on whether our sanction of this system would
apply to your use. Specifically, your office is concerned because
the Corps' system is still undergoing development and evaluation,
and, to date, we have only sanctioned the operation of the prototype
system on a test basis for the Corps' new financial management
system.
In reviewing the Corps' prototype electronic signature system, we
evaluated oral and written information provided by the Corps. We
concluded that the electronic signatures generated will provide at
least the same quality of evidence as the handwritten signatures they
were designed to replace. Furthermore, we stated that the prototype
system's internal controls, if properly implemented, should meet our
requirements and could be used in electronic contracting,
procurement, and financial management applications. (We provided a
general outline of the necessary requirements of electronic
signatures in 71 Comp. Gen. 109 (1991).)
The Corps plans to evaluate the prototype system during the first
quarter of 1995. This evaluation may identify additional controls
that are needed before we can sanction the operational system.
However, your adoption of the Corps' Prototype Electronic Signature
System is acceptable, provided that the following provisions are met:
1. Any changes identified during the evaluation of the Corps system
are incorporated into your system.
2. A federal agency, not a private party, must generate and
distribute the smart cards.\2 Because the generation of the
cryptographic keying material contained in the smart card is
critical, steps must be taken to ensure that the cryptographic key is
properly generated and protected.
3. The Corps' electronic signature system must be properly integrated
into your application.
It is our understanding that your office has agreed to (1) make any
changes that we find necessary in the Corps' system and (2) ensure
that a federal agency generates and distributes the smart cards. We
also suggest that an external party, such as the Air Force Audit
Agency or the Defense Department's Inspector General, review your
approach to integrating the Corps' system into your application to
ensure its adequacy.
Although we sanction your use of the Corps' Prototype Electronic
Signature System, this letter does not constitute GAO approval of
your financial management system, as defined by 31 U.S.C.
3512(f)(2).
We appreciate the challenges you face in upgrading your procurement
and financial management systems and believe that adopting the Corps'
electronic signature system will significantly reduce your risks,
costs, and time frames. We look forward to working with you on this
and other efforts in the future. Should you have any questions,
please contact Chris Martin, Assistant Director, at (202) 512-9481.
Sincerely yours,
Dr. Rona B. Stillman
Chief Scientist for Computers
and Communications
--------------------
\1 Electronic Signature Prototype System (GAO/AFMD-93-44R, January 5,
1993).
\2 A smart card is a hardware device, about the size of a credit
card, that contains one or more integrated circuit chips that
function as a computer. In the Corps' system, the smart card
contains cryptographic information and other data that identify the
authorized user.
*** End of document. ***