search

GSA / gsa-doc-digital-signature

This tool is deprecated. Please follow these new procedures - https://playbooks.idmanagement.gov/signfedregister/
Other
20 stars 7 forks source link

Tool installation for government agencies #15

Open powell-ofr opened 8 years ago

powell-ofr commented 8 years ago

The tool is working great. At the Office of the Federal Register, we encourage agencies to utilize the tool and their HSPD-12 ID cards to submit documents digitally and avail themselves of the inherent advantages with electronic submission. Having said that, the consistent speed bump I hear from agencies who want to start digital submission is that their IT department has to go through the process of getting approval to install the software. This takes days, weeks, even months in the case of large agencies, and actually is a show-stopper in some instances. It is by far the most time-consuming part of the process. This is ironic when you consider that more than a hundred agencies are already using it and the whole purpose of developing the tool was to make PKI signatures easy and free for government agencies. So my comment is more of a suggestion. How do we get this software "pre-approved" for federal agencies? I would use MS Office and Adobe Acrobat as examples of programs that agencies don't have to jump through hoops to install. Isn't there a way to put the GSA Document Signing Tool into this category of universally approved software?

afeld commented 8 years ago

How do we get this software "pre-approved" for federal agencies?

FedRAMP?

powell-ofr commented 8 years ago

If I knew how to do that, I would have already done it. I don't even know if there is such an option or what it might be called, but there are clearly software programs that government agencies can install and use without having to jump through approval hoops, especially for free software. I was asking if GSA, which manages this software, knows how to do it.

lachellel commented 8 years ago

@powell-ofr

Definitely agree with your sentiments. This is exactly one of the questions that we were trying to begin answering by posting the source to github, and allowing any user or company or agency to review the code (and contribute) freely.

The process usually begins as a TRM (technical reference model) insertion - which, yes, may be agency by agency to achieve, and includes a 508 compliance report, a justification, and perhaps a code scan.

Let's try to figure this out together - if the tool is useful, we definitely want to make it more efficient for usage as an option available.