RCAS Authentication

Gao ID: AFMD-93-70R May 4, 1993

Pursuant to an Army request, GAO reviewed the electronic authentication system used in the Army's Reserve Component Automation System (RCAS). GAO noted that: (1) the electronic signatures generated by the authentication system do not provide the same quality of evidence as handwritten signatures; (2) the system's cryptographic algorithms and techniques have not received required approval from the National Institute of Standards and Technology or the National Security Agency; (3) RCAS, as designed, is too dependent on the secrecy of its algorithms and is too susceptible to unauthorized disclosure; and (4) the RCAS contractor needs to adopt and properly implement government approved standards and techniques to overcome the system's shortcomings.



The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.