Electronic Signature: Sanction of the Department of State's System
(Correspondence, 07/10/2000, GAO/AIMD-00-227R).

GAO reviewed the Department of State's electronic signature system.

GAO noted that: (1) State utilized an electronic signature system that
was developed by the Corps of Engineers and was previously sanctioned by
GAO's office; (2) adoption of the Corps system was used to reduce
development risks and costs; (3) State estimates that using the Corps'
system saved about $750,000 in development costs, accelerated the
deployment of the system by about 30 months, and allowed State to field
a production system about 9 months after contract award; (4) GAO
considers this approach to be a best practice since it reduces the costs
to perform a necessary function while reducing the development time and
risks; and (5) it also demonstrates that one of the Corps' objectives in
developing its electronic signature system--developing a system that can
be used by other agencies--has been accomplished with overall benefits
to the federal government.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  AIMD-00-227R
     TITLE:  Electronic Signature: Sanction of the Department of
	     State's System
      DATE:  07/10/2000
   SUBJECT:  Electronic forms
	     Data integrity
	     Financial management systems
	     Systems evaluation
	     Computer security
IDENTIFIER:  Dept. of State Overseas Financial Management System

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Testimony.                                               **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************

GAO/AIMD-00-227R

GAO/ AIMD- 00- 227R State Electronic Signature System

United States General Accounting Office Washington, DC 20548

Accounting and Information Management Division

B- 285766 July 10, 2000 Mr. Charles M. Smith Information Systems Security
Officer Charleston Financial Service Center Department of State P. O. Box
150008 Charleston, SC 29415- 5008

Dear Mr. Smith: Subject: Electronic Signature: Sanction of the Department of
State's System This letter responds to your June 30, 2000, request that we
sanction the operation of your electronic signature system for full- scale
implementation in the Overseas Financial Management System. We have reviewed
the material provided and conclude that the electronic signatures generated
by this system provide at least the same quality of evidence as the
handwritten signatures they are designed to replace. 1

Specifically, your system is designed to produce electronic signatures that
are (1) unique to the signer, (2) under the signer's sole control, (3)
capable of being verified, and (4) linked to the data in such a manner that
if the data are changed, the signature is invalidated upon verification.

We note that the State Department utilized an electronic signature system
that was developed by the Corps of Engineers and was previously sanctioned 2
by our office. Adoption of the Corps system was used to reduce development
risks and costs. The State Department estimates that using the Corps's
system saved about $750,0000 in development costs, accelerated the
deployment of the system by about 30 months, and allowed you to field a
production system about 9 months after contract award. We consider this
approach to be a “best practice” since it reduces the costs to
perform a necessary function while reducing the development time and risks.
It also demonstrates that one of the Corps' objectives in developing its
electronic signature system- developing a system that can be used by other
agencies- has been accomplished with overall benefits to the federal
government.

1 We outlined the necessary attributes of electronic signatures in a
decision of the Comptroller General. 71 Comp. Gen. 109 (1991).

2 Corps of Engineers Electronic Signature System( GAO/ AIMD- 97- 18R,
November 19, 1996).

B- 285766 Page 2 In our evaluation, we considered a review conducted by the
State Department's

Bureau of Diplomatic Security, Analysis and Certification Division. It is
our understanding that the bureau is independent of the Chief Financial
Officer and is the organization that is required to evaluate systems for
accreditation. The resulting report was positive and the system was
recommended for accreditation by the Chief Financial Officer. This
accreditation was granted on March 22, 2000.

With this letter, we sanction full- scale deployment of your electronic
signature system for financial management applications. As discussed, you
will need to continue to monitor the effectiveness of controls over the
system as part of your agency's annual review process under the Federal
Managers' Financial Integrity Act (FMFIA). Reviewing this system as part of
your FMFIA process should provide management and others adequate assurance
that the stated controls continue to function as designed and that when
warranted, improvements are implemented. Although the electronic signature
system is part of your financial management system, this letter does not
constitute approval of your financial management system as defined by 31 U.
S. C. 3512( f)( 2).

We are also sending a copy of this letter to the Corps of Engineers for its
information. Should you have any questions, please contact Chris Martin,
Assistant Director, at (202) 512- 9481.

Sincerely yours, Keith A. Rhodes Chief Technologist

(512068)
*** End of document. ***