Edit this page

Introduction

Welcome to the Federal Public Key Infrastructure (FPKI) guides! In these guides, you will find information about the Federal Public Key Infrastructure including commonly used links, tools, tips, and information for leveraging the Federal PKI.

These guides are open source and a work in progress and we welcome contributions from our colleagues. We encourage you to contribute and share information you think is helpful for your colleagues.

The information on this page provides introductory information to answer the following questions:

What is the Federal PKI?

Image of the Federal PKI Certification Authorities High-level Illustration of the FPKI Certification Authorities

The Federal PKI is a network of hundreds of certification authorities (CAs) that issue:

  • PIV credentials and person identity certificates
  • PIV-Interoperable credentials and person identity certificates
  • Other person identity certificates
  • Enterprise device identity certificates

The participating Certification Authorities and the Policies, Processes, and Auditing of all the participants is referred to as the Federal Public Key Infrastructure (FPKI).

The FPKI includes US federal, State, Local, Tribal, Territorial, international governments, and commercial organizations who work together to provide services for the benefit of the federal government.

What is an example?

We explain the PIV certificates as a simple example. Although we have many other types of identity certificates, it’s easiest to explain with PIV since you might have one:

  • Identity certificates are issued and digitally signed by a Certification Authority.
  • The Certification Authority that issued and digitally signed your PIV certificates is called an Intermediate Certification Authority because it was issued a certificate by another Certification Authority.
  • This process of issuing and signing continues until there is one Certification Authority that is called the Root Certification Authority.

Example of an identity certificate with intermediate and root

The full process of proving identity when issuing the certificates, auditing the certificate authorities, and the cryptographic protections of the digital signatures establish the basis of Trust.

For the US Federal Government Executive branch agencies, there is one Root Certification Authority named Federal Common Policy Certification Authority (COMMON), and dozens of Intermediate Certification Authorities, and Bridged Certification Authorities.

Why should Agencies use certificates from the Federal PKI?

All Agencies should use the Federal PKI to enhance their security and trust for:

  • Facilities access, network access, and application access for high risk applications
  • Document sharing and digital signatures
  • Signed and encrypted email communications across federal agencies

The Federal PKI provides four core technical capabilities: Illustration of the four core FPKI capabilities The Four Core FPKI Capabilities

  • Trust with Federal agencies and Industry
  • Support for technical non-repudiation
  • Strong authentication & encryption
  • Strong digital signature

These four core capabilities are made possible by leveraging digital certificates, their standards, processes, and a mission-critical Trust Infrastructure to administer the certificates.

Why is the Federal PKI important?

The Federal PKI is important to Federal agencies as well as businesses and other government entities that need access to federal facilities or participate in delivering federal government services.

Benefit Description
Security Improved facilities, network and application access through cryptographic based, federated authentication. PKI credentials reduce data breaches inherent in weak credentials such as username/password. Specifically, PKI closes security gaps of user identification and authentication, encryption of sensitive data, and data integrity.
Compliance Using the Federal PKI means compliance with several Executive Orders, laws, initiatives, and standards (e.g. FISMA, E-Gov Act). The Federal PKI verifies participating CAs are audited and operated in a secure manner.
Interoperability Improved interoperability with other federal agencies and non-federal organizations that trust Federal PKI certificates. The Federal PKI helps reduce the need for issuing multiple credentials to users.
Return on Investment The Federal PKI improves business processes and efficiencies. For example, leveraging digital signing, encryption, and non-repudiation allows Federal agencies to migrate from manual processing to automated processing, especially around document processing/sharing, and communications across Federal agencies, and between Federal agencies and outside bodies.

Where can I find the Policies and Standards?