Edit this page

Introduction

Welcome to the Federal Public Key Infrastructure (FPKI) Guides! In these guides, you will find commonly used links, tools, tips, and information for leveraging the FPKI (also Federal PKI).

These guides are open source and a work in progress and we welcome contributions from our colleagues. We encourage you to contribute and share information you think is helpful for the Federal PKI community.

This page provides introductory information that answers the following questions:

What is the Federal PKI?

Image of the Federal PKI Certification Authorities High-level Illustration of the Federal PKI Certification Authorities

The Federal PKI is a network of hundreds of Certification Authorities (CAs) that issue:

  • PIV credentials and person identity certificates
  • PIV-Interoperable credentials and person identity certificates
  • Other person identity certificates
  • Enterprise device identity certificates

The participating Certification Authorities and the policies, processes, and auditing of all the participants are collectively referred to as the Federal Public Key Infrastructure (FPKI or Federal PKI).

The Federal PKI includes U.S. Federal, State, Local, Tribal, Territorial, and International Governments, as well as commercial organizations, that work together to provide services for the benefit of the Federal Government.

What is an example of an identity certificate?

A PIV certificate is a simple example. Although there are many types of identity certificates, it’s easiest to explain PIV certificates since you might have one:

  • Identity certificates are issued and digitally signed by a Certification Authority.
  • The Certification Authority that issued and digitally signed your PIV certificates is called an Intermediate Certification Authority. The Intermediate Certification Authority’s certificate was issued by another Certification Authority.
  • This process of issuing and signing continues until there is one Certification Authority that is called the Root Certification Authority.

Example of an identity certificate with intermediate and root

The full process of proving identity when issuing certificates, auditing the Certification Authorities, and the cryptographic protections of the digital signatures establish the basis of Trust.

For the U.S. Federal Government Executive Branch agencies, there is one Root Certification Authority, called the Federal Common Policy Certification Authority (COMMON), plus dozens of Intermediate Certification Authorities and Bridged Certification Authorities.

Why should agencies use certificates from the Federal PKI?

All federal agencies should use the Federal PKI to enhance their security and trust for:

  • Facilities access, network access, and application access for high-risk applications
  • Document sharing and digital signatures
  • Signed and encrypted email communications across federal agencies

The Federal PKI provides four core technical capabilities: Illustration of the four core FPKI capabilities The Four Core Federal PKI Capabilities

  • Trust with federal agencies and industry
  • Support for technical non-repudiation
  • Strong authentication and encryption
  • Strong digital signatures

These four core capabilities are made possible by leveraging digital certificates; their policies, standards, and processes; and a mission-critical Trust Infrastructure that administers the certificates.

Why is the Federal PKI important?

The Federal PKI is important to federal agencies, other government entities, and businesses that need access to federal facilities or participate in delivering Federal Government services.

Benefit Description
Security Improved facilities, network, and application access through cryptography-based, federated authentication. Federal PKI credentials reduce the possibility of data breaches that can result from using weak credentials, such as username and password. Specifically, the Federal PKI closes security gaps in user identification and authentication, encryption of sensitive data, and data integrity.
Compliance Using the Federal PKI means compliance with several Executive Orders, laws (e.g., FISMA, E-Government Act), initiatives, and standards. The Federal PKI verifies that participating Certification Authorities are audited and operated in a secure manner.
Interoperability Improved interoperability with other federal agencies and non-federal organizations that trust Federal PKI certificates. The Federal PKI helps reduce the need for issuing multiple credentials to users.
Return on Investment The Federal PKI improves business processes and efficiencies. For example, leveraging digital signing, encryption, and non-repudiation allows federal agencies to migrate from manual processing to automated processing, especially around document processing/sharing, communications across federal agencies, and between federal agencies and outside organizations.

Where can I find the Policies and Standards?