Technology Positioning Statement Report

4.1.6 Desktop and Notebook Security Technologies

Description: Desktop security technologies, including hardware and software.

Category: 4 - Client Platforms   Subcategory: 1 - General Purpose Client Platforms
Old Category: none

Vision

RetirementContainmentCurrentTacticalStrategic
     

Standards

Industry UsageSC Usage
  

Performance Metrics

Security; ease of use; transparency; ease of administration.


Usage and Dependencies

Industry Position: According to Gartner, OS security on the primary end-user desktop OS will be "good enough" for the mainstream by 2001. Microsoft's end-user OS security functionality varies by OS and release, and organizations will continue to shift platforms over the next several years, while the third-party product market is immature and changing rapidly. Windows 2000 is designed to provide single authentication across Windows 2000 resources, encrypted file system and IP encryption.

Giga (Andrew Bartels) has recommended clients give serious consideration to implementing a smart card-based digital certificate system for providing online authentication and access, both for internal intranet applications and for extranet applications where authentication is a high priority.

"with the price reduction of smart cards, the launch of the American Express Blue Card in 1999 and the launch of Visa smart cards in 2000, the consumer financial deployment of smart cards by North American financial firms is starting to take off. Similarly, we now expect that approximately 10 percent of the Fortune 500 companies in the US, especially those in financial services, pharmaceuticals and defense, will deploy employee ID and access/control smart cards in 2001, as will many US government agencies."

"We continue to believe that online authentication is the “killer app” for smart cards in North America. Smart cards provide a more secure, more portable and more user-friendly medium for digital certificates and the associated private signing key than the PC. The barriers to smart cards with digital certificates continue to be (a) the cost of the cards and associated smart card readers that connect to PCs and (b) the business belief that a user’s name and password provides adequate authentication relative to security exposures. Nonetheless, we expect to see rising business adoption of smart cards with digital certificates for online authentication initially of employees and customers of financial service companies, and then slow and patchy adoption for customers and suppliers of companies in general." -- Giga's Updated Projections for When and Where Smart Cards (With Digital Certificates) Will Be Adopted for Online Authentication, Andrew Bartels, Giga, Mar. 15, 2001.

"PKI is not for everyone. And Windows 2000 PKI does have distinct limitations in the current Windows 2000 1.0 release. These limitations will persist until at least the release of the 1.1 Windows 2000 upgrade which is due out at year’s end. Realistically though, customers may even have to wait until the “Blackcomb” release (the code name for the third generation of Windows 2000, which may be two to three years off) ships." -- Windows 2000 and PKI: What You Need to Know, Laura DiDio and Jan Sundgren, Giga, March 5, 2001

SC Usage: SC will comply with the security requirements of the SC Cyber Security Protection Plan (SCPP). SC is collaborating on public key encryption (PKI) standards and methods, both within DOE and in other Federal efforts. SC Web applications and some headquarters applications use password prompting, while FMIS and RIMS use internal ID and password plus OS-based group rights and access rights. The X.500 protocol is used DOE-wide to support the Public Key Infrastructure (PKI) security initiative.

SC Application Impact: Budget Formulation, Evaluation Data Management System, Funding Decision Information System, Guidance Information System.

Last Update: Valid Until:
4/12/20015/12/2001

References

Previous TPS Report
Microsoft Security web site


List all Categories

Administer the Database