Summary

Pursuant to an agency request, GAO reviewed whether the Department of the Treasury could rely on particular methods to verify a certifying officer's electronic signature. GAO noted that: (1) an agency would generate a unique hash value on its payment information which would be electronically signed by the certifying officer using a message authentication code; (2) Treasury would validate the information by recomputing the hash value and verifying the message authentication code; (3) the validation process would provide at least the same quality of evidence as handwritten signatures and detect changes to the data made after the certifying officer generated the electronic signature; and (4) it is not sanctioning Treasury's planned electronic signature system or approving its financial management system.