layout | title | permalink | redirect_to |
---|---|---|---|
default |
Federal PKI Overview |
/overview/ |
The Federal Public Key Infrastructure encompasses the Certification Authorities which issue:
- PIV credentials and person identity certificates
- PIV-Interoperable credentials and person identity certificates
- Other person identity certificates
- Device identity certificates
The participating Certification Authorities and the Policies, Processes, and Auditing of all the participants is referred to as the Federal Public Key Infrastructure (FPKI)
To give a simple example, we'll explain the PIV certificates. Although we have many other types of identity certificates, it's easiest to explain with PIV since you might have one:
- Identity certificates are issued and digitally signed by a Certification Authority.
- The Certification Authority that issued and digitally signed your PIV certificates is called an Intermediate Certification Authority because it was issued a certificate by another Certification Authority.
- This process of issuing and signing continues until there is one Certification Authority that is called the Root Certification Authority.
The full process of proving identity when issuing the certificates, auditing the certification authorities, and the cryptographic protections of the digital signatures establish the basis of Trust.
The US Federal Government has also established Trust with other Certification Authorities which serve business communities, State and Local government communities, and international government communities.
For the US Federal Government Executive branch agencies, there is one Root Certification Authority named Federal Common Policy Certification Authority (COMMON), and dozens of Intermediate Certification Authorities, and Bridged Certification Authorities.