1 / 11

Federal PKI Policy Authority Overview and Current Status

Federal PKI Policy Authority Overview and Current Status. Peter Alterman, Chair. Mission. Created at the direction of the Federal CIO Council and operates pursuant to Federal CIO Council authority Representatives of cross-certified federal agencies plus observers

kimball
Download Presentation

Federal PKI Policy Authority Overview and Current Status

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Federal PKI Policy Authority Overview and Current Status Peter Alterman, Chair

  2. Mission • Created at the direction of the Federal CIO Council and operates pursuant to Federal CIO Council authority • Representatives of cross-certified federal agencies plusobservers • Sets policy governing operation of the U.S. Federal PKI • Approves applicants for cross certification with the FBCA and Shared Service Providers • Point of Interaction for E-AuthenticationFederation credential providers offering PKI

  3. Policy Authority Org. Chart Federal CIO Council E-Auth PMO Policy Authority www.cio.gov/fpkipa FICC FBCA Op Auth Tech WG PD-Val WG SSP WG Cert Policy WG • Charter • Bylaws • Criteria & Methodology Document • Policies

  4. Simplified Diagram of Federal PKI Federal Bridge CA Cross- Certified gov PKIs Common Policy CA Shared Service Provider PKIs (Common Policy OID And root Cert) C4 CA E-Gov CAs (3) Cross- Certified External PKIs eAuth CSPs

  5. Federal PKI Role in E-Authentication -Banks -Universities -Agency Apps -Etc. Levels 1 & 2 Online Apps & Services SAML Assertions Levels 1 & 2 CSPs Biz Rules, CAF SDT Levels 3 & 4 Online Apps & Services Digital Certificates Levels 2,3 & 4 CSPs Digital Certificates FBCA X-Certification Federal Agency PKIs Other Gov PKIs Commercial PKIs Bridges

  6. Status • 13 Federal Entities Cross-certified • US Common Policy CA Cross-certified (SSPs) • 1 State PKI Cross-certified • 1 Commercial PKI Cross-certified • Engagement with E.U., Australia, Canada, UK, Asia PKI (Japan, Taiwan, Singapore) • Spawned 3 other bridge PKIs: • Higher Education (gasping prototype) • Aerospace Industry (production) • Pharmaceutical Industry (production)

  7. 2005 Accomplishments • Completed PKI Interoperability Project • Solved citizenship of trusted agents issue • Implemented one new LOA and 3 new policies • Cross-certified new PKIs, most recently Justice, Gov Printing Office, Wells Fargo Bank • Revised Audit Requirements • Developed Bylaws –expanded documentation and formalized processes • Developed and Adopted Methodology for B2B xcert • Implemented PD-Val test suite and certified four products/services • Prepared initial ISMS assessment of Policy Authority Processes

  8. Current Implementation-Related Work • CertiPath Bridge xcert in process • USPS PKI xcert in process • DEA CSOS PKI xcert in process • Boeing PKI xcert in process • Engaged Adobe PKI - exploratory • Develop and implement cert validation service with eAuthentication • Absorbed Shared Service Provider Work Group from FICC

  9. Current Policy-Related Work • Developing audit guidelines for non-federal PKIs • Implementing Service Agreement with eAuthentication • Advisory on Rewrite of eAuthentication business and operating rules • Developing an ISO-compliant ISMS Plan for Operational Authority (ISO/IEC 27001 & 17799) • Harmonizing FIPS 201 requirements and preparing for HSPD-12 service demands • Harmonizing CP with EU QCP

  10. Outreach • Sponsor 2nd PKI Implementation Workshop • Meetings with ETSI, UTex PKI Federation, Aussies, Internet2, EDUCAUSE, more • Aiming for the Grids but so far just tentative feelers

  11. Resources • www.cio.gov/fpkipa • www.cio.gov/fbca • www.cio.gov/ficc • www.cio.gov/eauthentication

More Related