Electronic Signature: Sanction of the Department of State's System (Correspondence, 07/10/2000, GAO/AIMD-00-227R). GAO reviewed the Department of State's electronic signature system. GAO noted that: (1) State utilized an electronic signature system that was developed by the Corps of Engineers and was previously sanctioned by GAO's office; (2) adoption of the Corps system was used to reduce development risks and costs; (3) State estimates that using the Corps' system saved about $750,000 in development costs, accelerated the deployment of the system by about 30 months, and allowed State to field a production system about 9 months after contract award; (4) GAO considers this approach to be a best practice since it reduces the costs to perform a necessary function while reducing the development time and risks; and (5) it also demonstrates that one of the Corps' objectives in developing its electronic signature system--developing a system that can be used by other agencies--has been accomplished with overall benefits to the federal government. --------------------------- Indexing Terms ----------------------------- REPORTNUM: AIMD-00-227R TITLE: Electronic Signature: Sanction of the Department of State's System DATE: 07/10/2000 SUBJECT: Electronic forms Data integrity Financial management systems Systems evaluation Computer security IDENTIFIER: Dept. of State Overseas Financial Management System ****************************************************************** ** This file contains an ASCII representation of the text of a ** ** GAO Testimony. ** ** ** ** No attempt has been made to display graphic images, although ** ** figure captions are reproduced. Tables are included, but ** ** may not resemble those in the printed version. ** ** ** ** Please see the PDF (Portable Document Format) file, when ** ** available, for a complete electronic file of the printed ** ** document's contents. ** ** ** ****************************************************************** GAO/AIMD-00-227R GAO/ AIMD- 00- 227R State Electronic Signature System United States General Accounting Office Washington, DC 20548 Accounting and Information Management Division B- 285766 July 10, 2000 Mr. Charles M. Smith Information Systems Security Officer Charleston Financial Service Center Department of State P. O. Box 150008 Charleston, SC 29415- 5008 Dear Mr. Smith: Subject: Electronic Signature: Sanction of the Department of State's System This letter responds to your June 30, 2000, request that we sanction the operation of your electronic signature system for full- scale implementation in the Overseas Financial Management System. We have reviewed the material provided and conclude that the electronic signatures generated by this system provide at least the same quality of evidence as the handwritten signatures they are designed to replace. 1 Specifically, your system is designed to produce electronic signatures that are (1) unique to the signer, (2) under the signer's sole control, (3) capable of being verified, and (4) linked to the data in such a manner that if the data are changed, the signature is invalidated upon verification. We note that the State Department utilized an electronic signature system that was developed by the Corps of Engineers and was previously sanctioned 2 by our office. Adoption of the Corps system was used to reduce development risks and costs. The State Department estimates that using the Corps's system saved about $750,0000 in development costs, accelerated the deployment of the system by about 30 months, and allowed you to field a production system about 9 months after contract award. We consider this approach to be a “best practice” since it reduces the costs to perform a necessary function while reducing the development time and risks. It also demonstrates that one of the Corps' objectives in developing its electronic signature system- developing a system that can be used by other agencies- has been accomplished with overall benefits to the federal government. 1 We outlined the necessary attributes of electronic signatures in a decision of the Comptroller General. 71 Comp. Gen. 109 (1991). 2 Corps of Engineers Electronic Signature System( GAO/ AIMD- 97- 18R, November 19, 1996). B- 285766 Page 2 In our evaluation, we considered a review conducted by the State Department's Bureau of Diplomatic Security, Analysis and Certification Division. It is our understanding that the bureau is independent of the Chief Financial Officer and is the organization that is required to evaluate systems for accreditation. The resulting report was positive and the system was recommended for accreditation by the Chief Financial Officer. This accreditation was granted on March 22, 2000. With this letter, we sanction full- scale deployment of your electronic signature system for financial management applications. As discussed, you will need to continue to monitor the effectiveness of controls over the system as part of your agency's annual review process under the Federal Managers' Financial Integrity Act (FMFIA). Reviewing this system as part of your FMFIA process should provide management and others adequate assurance that the stated controls continue to function as designed and that when warranted, improvements are implemented. Although the electronic signature system is part of your financial management system, this letter does not constitute approval of your financial management system as defined by 31 U. S. C. 3512( f)( 2). We are also sending a copy of this letter to the Corps of Engineers for its information. Should you have any questions, please contact Chris Martin, Assistant Director, at (202) 512- 9481. Sincerely yours, Keith A. Rhodes Chief Technologist (512068) *** End of document. ***