here is a potential hot button.
(1) NSA is doing what is supposed to civilian agencies: advise US Federal
govt agencies on crypto and security. It helped NIST recommend EES and DSS.
(2) US Federal Govt. agencies are doing what they are supposed to: buy services
from other agencies, in preference to commercial companies,
where possible, where an agency has that service as its core mission.
The requirement to use NIST/NSA technology (DSS etc) is instrumented through
the FIPS process, whereby Federal agencies must ( or will have to one
day when mandatory) obtained NIST waivers to go and procure
against the FIPS.
We have sold key distribution services to US Federal
govt entities, in the last few months. This is being used mainly to
perform outreach to the public, though also
some internal workgroup security, I suspect. (we dont
know what assets people actually protect)
AS a private commercial company, with obvious
vested interest in market development, Im finding it hard to sell
my wares in that gov environment, on account of
the second reason, versus the first.
One agency, which does have legitimate mission in
CAs, is USPS. but the executives there, have assured
us that they will not compete with private industry,
only do whatever private industry finds itself unable
or unwilling to do. This was claimed for the
private sector USPS is/was seeking to market to.
But the non-compete effective-policy may also occur to the public sector,
for which EOP/OMB regulation may require
agencies to use USPS/NSA services, even
where commercial equivalents exist (with
EES/DSS technology even)
Any issues, takers, opinions, knowledge, inside-info?
Just for fun,
Peter.