The FBI has selected Northrop Grumman Corp.
to provide the agency with a public key infrastructure (PKI) to increase the level of security provided to its information systems. The initial contract value is approximately $4 million to Northrop Grumman’s IT sector and could rise to more than $8 million if all options are exercised.
PKI is an infrastructure of cryptographic software that generates two large mathematically related numbers that are stored on a user’s Web browser or in a piece of hardware such as a smart card. The numbers help identify the user.
Northrop Grumman IT will provide program management, design and implementation services to maintain the PKI that will support 50,000 FBI employees. The Herndon, Va.-based government contractor will provide identification and authentication, confidentiality, integrity and non-repudiation services.
Northrop Grumman IT will deploy a completely commercial-off-the-shelf solution which requires no modifications and enabling initial deployment by December. Work on thd contract will be performed at the Northrop Grumman IT site in Reston, Va., with deployment to FBI headquarters, Washington, D.C., and one FBI field office in Oklahoma City, Okla.
Northrop Grumman IT team members on the contract include PEC Solutions of Fairfax, Va.; Entrust of Addison, Tex., and Schlumberger of New York, N.Y.
According to Northrop Grumman, the system will be able to accommodate growth of the Justice Department, and it is also scalable and will be deployed in multiple phases.
“The government anticipates transforming the PKI smart card into an FBI common access card to provide physical and system access control,” said Jim Perriello, president, Government Solutions for Northrop Grumman IT.
As the program expands to other Justice Department entities, Northrop Grumman says there is potential for an additional 200,000 certificates, which are similar to electronic credit cards that establish a person’s credentials when conducting business on the Internet.
These digital certificates can identify an individual or an organization and directory services that can store and, when necessary, revoke certificates. The certificate contains a person’s name, serial number, expiration dates, a copy of the certificate holder’s public key, and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real.