Title Size Updated
  X.509 Certificate Policy for the U.S. Federal PKI Common Policy Framework X.509 Certificate Policy for the U.S. Federal PKI Common Policy Framework
This Certificate Policy (CP) defines ten certificate policies for use by the Federal Bridge Certification Authority (FBCA) to facilitate interoperability between the FBCA and other Entity PKI domains. The FBCA enables interoperability among Entity PKI domains in a peer-to-peer fashion. The FBCA issues certificates only to those CAs designated by the Entity operating that PKI (called Principal CAs). The DoD Interoperability Root Certificate Authority (IRCA) is one such Principle CA.
2019 02 21
  X.509 Certificate Policy for the Federal Bridge Certification Authority (FBCA) X.509 Certificate Policy for the Federal Bridge Certification Authority (FBCA)
This Certificate Policy (CP) defines ten certificate policies for use by the Federal Bridge Certification Authority (FBCA) to facilitate interoperability between the FBCA and other Entity PKI domains. The FBCA enables interoperability among Entity PKI domains in a peer-to-peer fashion. The FBCA issues certificates only to those CAs designated by the Entity operating that PKI (called Principal CAs). The DoD Interoperability Root Certificate Authority (IRCA) is one such Principle CA.
2019 02 21
  Working with External PKIs - Version 5.5 Working with External PKIs - Version 5.5
This slick sheet provides an overview of the Federal PKI/Federal Bridge and discusses the usage of External PKIs within the DoD.
375.7 KB 2018 11 30
WHS IPM Help Desk WHS IPM Help Desk
2019 03 01
WCF.reg WCF.reg
1.29 KB 2019 05 13
  WCF Enterprise Break & Inspect (EBI) Troubleshooting Guide 3.1 WCF Enterprise Break & Inspect (EBI) Troubleshooting Guide 3.1
This guide provides troubleshooting steps for SSL/TLS problems encountered by end users flowing through Internet Access Points (IAPs) where EBI devices are deployed.
693.86 KB 2019 09 17
  VMWare Horizon View v5.2/5.3: Configuring for Use with DoD PKI VMWare Horizon View v5.2/5.3: Configuring for Use with DoD PKI
This guide is written for DoD system or network administrators and provides instructions for configuring the VMware Horizon View product suite to utilize DoD PKI in accordance with DoD best practices.
412.25 KB 2018 11 30
Viewing and Editing Your Microsoft Trust Store Viewing and Editing Your Microsoft Trust Store
22.44 MB 2019 05 08
Viewing and Editing Your Firefox (NSS) Trust Store Viewing and Editing Your Firefox (NSS) Trust Store
12.17 MB 2019 05 08
  Verifying Digital Signatures on PKE Tools Verifying Digital Signatures on PKE Tools
This guide provides step-by-step instructions to quickly verify the digital signature on DoD PKE tools.
441.97 KB 2018 11 30
Using Commercial PKI Certificates Using Commercial PKI Certificates
136.58 KB 2019 02 26
  Update to DoD CIO Memo on Commercial Public Key Infrastructure Certificates on Public-Facing DoD Websites Update to DoD CIO Memo on Commercial Public Key Infrastructure Certificates on Public-Facing DoD Websites
This memorandum, dated October 4, 2018, updates and replaces DoD CIO Memorandum "Commercial Public Key Infrastructure Certificates on Public-Facing DoD Websites" dated January 5, 2018. It provides guidance on the use of commercial TLS and code signing PKI certificates on public-facing DoD websites and services.
352.03 KB 2019 02 26
  United States Department of Defense X.509 Certificate Policy United States Department of Defense X.509 Certificate Policy
The United States Department of Defense Certificate Policy (CP) is the unified policy under which a Certification Authority (CA) operated by a DoD component is established and operates. This document defines the creation and management of Version 3 X.509 public key certificates for use in applications requiring communication between networked computer-based systems.
1.07 MB 2019 05 09
  United States Department of Defense S-Interoperability Domain X.509 Certificate Policy United States Department of Defense S-Interoperability Domain X.509 Certificate Policy
The S-Interoperability Certificate Policy outlines the policy for the secret level multi-domain Public Key Infrastructure created by the S-Interop Root CA and defines the procedures for the approval and issuance of cross-certificates to member Certification Authorities.
407.85 KB 2018 11 30
  United States Department of Defense External Certification Authority X.509 Certificate Policy United States Department of Defense External Certification Authority X.509 Certificate Policy
This Certificate Policy (CP) governs the operation of the ECA Public Key Infrastructure (PKI), consisting of products and services that provide and manage X.509 certificates for public-key cryptography. The United States (US) DoD has established the External Certification Authority (ECA) program to support the issuance of DoD-approved certificates to industry partners and other external entities and organizations. The ECA program is designed to provide the mechanism for these entities to securely communicate with the DoD and authenticate to DoD Information Systems.
1.48 MB 2019 08 21
  Trust Anchor Constraints Tool (TACT): 1.2.6 User Guide Trust Anchor Constraints Tool (TACT): 1.2.6 User Guide
This guide provides usage instructions for TACT.
2.26 MB 2018 11 30
  Trust Anchor Constraints Tool (TACT): 1.2.6 Installation Instructions Trust Anchor Constraints Tool (TACT): 1.2.6 Installation Instructions
This guide provides installation instructions for TACT.
784.07 KB 2018 11 30
  The DoD PKI External Interoperability Landscape - Version 5.5 The DoD PKI External Interoperability Landscape - Version 5.5
This diagram provides an overview of the Federal PKI Interoperability Landscape and illustrates the cross certificate trust relationships between DoD PKI and External PKIs.
747.58 KB 2018 11 30
Registry Enrollment and Certificate Issuance Protocol Tool (RECEIPT) Registry Enrollment and Certificate Issuance Protocol Tool (RECEIPT)
2019 02 24
Raytheon PKI Technical Information Raytheon PKI Technical Information
2019 03 13
Purebred Registration App Version History Purebred Registration App Version History
2019 02 21
Purebred Agent Milbook Collaboration Site Purebred Agent Milbook Collaboration Site
2019 02 21
  Purebred Agent FAQs Purebred Agent FAQs
This guide covers Purebred Agent frequently asked questions. (PDF Download) Date: 2/13/2019 | Size: 245 KB
122.4 KB 2018 11 30
  PKI Interoperability Test Tool (PITT): 2.0.6 User Guide PKI Interoperability Test Tool (PITT): 2.0.6 User Guide
This guide provides usage instructions for PITT.
1.88 MB 2018 11 30
  PKI CA Certificate Bundles: PKCS#7 For JITC PKI Only - Version 5.6 PKI CA Certificate Bundles: PKCS#7 For JITC PKI Only - Version 5.6
This zip file contains the Joint Interoperability Test Command (JITC) PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Separate PKCS#7 certificate bundles are also included for each root CA, for relying parties who may wish to only accept certificates issued with the key and signature hash combinations (e.g. RSA-2048/SHA-256) issued by a given root. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
124.76 KB 2019 05 09
  PKI CA Certificate Bundles: PKCS#7 for ECA PKI Only - Version 5.5 PKI CA Certificate Bundles: PKCS#7 for ECA PKI Only - Version 5.5
This zip file contains the External Certification Authority (ECA) PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Separate PKCS#7 certificate bundles are also included for each root CA, for relying parties who may wish to only accept certificates issued with the key and signature hash combinations (e.g. RSA-2048/SHA-256) issued by a given root. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
32.53 KB 2019 06 27
  PKI CA Certificate Bundles: PKCS#7 for DoD WCF B&I Only - Version 5.6 PKI CA Certificate Bundles: PKCS#7 for DoD WCF B&I Only - Version 5.6
This zip file contains the DoD Web Content Filtering (WCF) PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
65.52 KB 2019 08 20
  PKI CA Certificate Bundles: PKCS#7 For DoD PKI Only - Version 5.6 PKI CA Certificate Bundles: PKCS#7 For DoD PKI Only - Version 5.6
This zip file contains the DoD PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Separate PKCS#7 certificate bundles are also included for each root CA, for relying parties who may wish to only accept certificates issued with the key and signature hash combinations (e.g. RSA-2048/SHA-256) issued by a given root. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
83.99 KB 2019 05 09
  PK-Enabling Mobile Devices with DoD PKI Credentials PK-Enabling Mobile Devices with DoD PKI Credentials
This brief provides Purebred’s goals, fundamentals, status, workflows, and technical details on its background.
2.36 MB 2018 11 30
ORC ECA Support ORC ECA Support
2019 03 01
  Oracle Weblogic Server: Public Key Enabling Oracle Weblogic Server: Public Key Enabling
The purpose of this reference guide is to provide guidance to the DoD user community on the process to secure and Secure Socket Layer (SSL)/Transport Layer Security (TLS)-enable an Oracle Weblogic server.
398.35 KB 2018 11 30
  OMBs Requirements for Accepting Externally-Issued Identity Credentials Memorandum OMBs Requirements for Accepting Externally-Issued Identity Credentials Memorandum
This OMB Memorandum requires agencies to begin leveraging externally-issued credentials, in addition to continuing to offer federally-issued credentials. The use of externally-issued credentials (i.e., those that have been issued by an entity other than the federal government) will decrease the burden on uses of government information systems and reduce costs associated with managing credentials.OMB's Requirements for Accepting Externally-Issued Identity Credentials
2019 02 21
  OMB Memorandum 11-11, Continued Implementation of HSPD-12 OMB Memorandum 11-11, Continued Implementation of HSPD-12
OMB M-11-11 requires that all federal agencies continue implementing the requirements outlined in Homeland Security Presidential Directive (HSPD) 12 to enable agency-wide use of the Personal Identity Verification (PIV) card. This includes enabling agency IT systems, applications, and facilities to be capable of using the PIV card as the mechanism for granting user access.OMB M-11-11, Continued Implementation of HSPD-12
2019 02 21
  OMB Memorandum 04-04, E-Authentication Guidance for Federal Agencies OMB Memorandum 04-04, E-Authentication Guidance for Federal Agencies
OMB M-04-04 requires requires agencies to review new and existing electronic transactions to ensure that authentication processes provide the appropriate level of assurance. It establishes and describes four levels of identity assurance for electronic transactions requiring authentication.OMB Memorandum 04-04, E-Authentication Guidance for Federal Agencies OMB M-04-04 requires requires agencies to review new and existing electronic transactions to ensure that authentication processes provide the appropriate level of assurance. It establishes and describes four levels of identity assurance for electronic transactions requiring authentication.OMB Memorandum 04-04, E-Authentication Guidance for Federal Agencies
2019 02 21
  NIST SP 800-78-4, Cryptographic Algorithms and Key Sizes for PIV NIST SP 800-78-4, Cryptographic Algorithms and Key Sizes for PIV
NIST SP 800-78-4 specifies the cryptographic algorithms and key sizes for PIV systems and is a companion document to FIPS 201.NIST SP 800-78-4, Cryptographic Algorithms and Key Sizes for PIV
2019 02 21
NIST SP 800-63-3 NIST SP 800-63-3
2019 02 24
  NIPRNet Test Material FAQ NIPRNet Test Material FAQ
This slick sheet contains information about the test materials available to support NIPRNet PK-enablement and how to obtain them.
220.82 KB 2018 11 30
Navy PKI RA Office Navy PKI RA Office
2019 03 01
Navy CAC/PKI Helpdesk Navy CAC/PKI Helpdesk
2019 03 01
  Mozilla Firefox: Configuring Firefox to Utilize the DoD CAC Mozilla Firefox: Configuring Firefox to Utilize the DoD CAC
This guide provides instructions for installing your certificates, using the CAC, and configuring certificate validation for Firefox.
602.6 KB 2018 11 30
  Mac OS X: Enabling Smart Card Logon Using Centrify Suite 2012.4 Mac OS X: Enabling Smart Card Logon Using Centrify Suite 2012.4
The procedures in this document guide the reader in configuring Mac OS X for Smart Card Logon (SCL) using the Centrify Suite of products.
443.19 KB 2018 11 30
Mac OS Smartcard Services Installers Mac OS Smartcard Services Installers
2019 02 24
Mac OS Smartcard Services Installers Mac OS Smartcard Services Installers
2019 02 27
List of WHS Supported Agencies List of WHS Supported Agencies
2019 03 01
Linux: OpenSSH Public Key Authentication Linux: OpenSSH Public Key Authentication
565.62 KB 2019 04 23
  Linux: Enabling Smart Card Logon Using Centrify Suite 2012.4 Linux: Enabling Smart Card Logon Using Centrify Suite 2012.4
The procedures in this document guide the reader in configuring Linux for Smart Card Login (SCL) using Centrify Suite 2012.4.
465.34 KB 2018 11 30
KeyShare Reference for iOS KeyShare Reference for iOS
2019 02 21
  Key Recovery Policy for External Certification Authorities Key Recovery Policy for External Certification Authorities
The purpose of this document is to describe the security and authentication requirements to implement key recovery operation for the External Certificate Authorities (ECAs).
323.56 KB 2018 11 30
JITC PKI Home Page JITC PKI Home Page
2019 03 01
  InstallRoot 5.2: User Guide InstallRoot 5.2: User Guide
This guide provides installation and usage instructions for the DoD PKE InstallRoot 5.2 tool.
2.56 MB 2018 11 30
  InstallRoot 5.2: NIPR Non-Administrator Windows Installer InstallRoot 5.2: NIPR Non-Administrator Windows Installer
This tool allows users to install DoD production PKI, Joint Interoperability Test Command (JITC) test PKI, and External Certification Authority (ECA) CA certificates into their Windows and Firefox certificate stores. InstallRoot 5.1 is packaged with a command line version as well as an InstallRoot service, which can check for updated Trust Anchor Management Protocol (TAMP) messages that contain the latest certificate information from DoD. The following operating systems are supported: Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.
26.46 MB 2018 11 30
  InstallRoot 5.2: NIPR 64-bit Windows Installer InstallRoot 5.2: NIPR 64-bit Windows Installer
This tool allows users to install DoD production PKI, Joint Interoperability Test Command (JITC) test PKI, and External Certification Authority (ECA) CA certificates into their Windows and Firefox certificate stores. InstallRoot 5.1 is packaged with a command line version as well as an InstallRoot service, which can check for updated Trust Anchor Management Protocol (TAMP) messages that contain the latest certificate information from DoD. The following operating systems are supported: Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.
27.42 MB 2018 11 30
  InstallRoot 5.2: NIPR 32-bit Windows Installer InstallRoot 5.2: NIPR 32-bit Windows Installer
This tool allows users to install DoD production PKI, Joint Interoperability Test Command (JITC) test PKI, and External Certification Authority (ECA) CA certificates into their Windows and Firefox certificate stores. InstallRoot 5.1 is packaged with a command line version as well as an InstallRoot service, which can check for updated Trust Anchor Management Protocol (TAMP) messages that contain the latest certificate information from DoD. The following operating systems are supported: Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.
26.71 MB 2018 11 30
IdenTrust ECA Support IdenTrust ECA Support
2019 03 01
  HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors
HSPD 12 is a presidential directive requiring all Federal Executive Departments and Agencies to implement a government-wide standard for secure and reliable forms of identification for employees and contractors, for access to Federal facilities and information systems.HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors
2019 02 21
Fixing the Cross-Certificate Chaining Issue Fixing the Cross-Certificate Chaining Issue
16.71 MB 2019 05 08
  FIPS PUB 201-1, Personal Identity Verification (PIV) of Federal Employees and Contractors​ FIPS PUB 201-1, Personal Identity Verification (PIV) of Federal Employees and Contractors​
FIPS PUB 201-1 specifies Personal Identity Verification (PIV) requirements for Federal employees and contractors. This standard specifies a PIV system within which a common identity credential can be created and later used to verify a claimed identity.FIPS PUB 201-1, Personal Identity Verification (PIV) of Federal Employees and Contractors (Download Link)
2019 02 21
  FIPS PUB 140-2, Security Requirements for Cryptographic Modules FIPS PUB 140-2, Security Requirements for Cryptographic Modules
IPS PUB 140-2 specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting sensitive but unclassified information in computer and telecommunication systems. FIPS PUB 140-2, Security Requirements for Cryptographic Modules (Download Link)
2019 02 21
  FBCA Cross-Certificate Remover 1.17 FBCA Cross-Certificate Remover 1.17
This tool removes certificates which cause the cross-certificate chaining issue for DoD (and optionally ECA) users from Microsoft Local Computer and User Certificate stores. The following Operating Systems are supported: Windows Server 2003, Windows Server 2003R2, Windows Server 2008, Windows Server 2008R2, Windows Server 2012, Windows Server 2012R2, Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, and Windows 10.
43.05 KB 2019 02 26
  FBCA Cross-Certificate Remover 1.15 User Guide FBCA Cross-Certificate Remover 1.15 User Guide
This guide provides usage instructions for the FBCA Cross-Certificate Remover tool.
234.46 KB 2018 11 30
  FAQ: DoD Root Certificate Chaining Problems FAQ: DoD Root Certificate Chaining Problems
This FAQ discusses the issue of DoD certificates chaining improperly to cross-certificates or the Common Policy Root Certification Authority (CA), and provides steps to resolve the issue.
236.72 KB 2018 11 30
  FAQ: Configuration Not Supported Message in Firefox While Downloading Certificates FAQ: Configuration Not Supported Message in Firefox While Downloading Certificates
This FAQ discusses a configuration error received by Registration Authorities (RAs) and end users while trying to download certificates in Firefox.
131.51 KB 2018 11 30
Entrust Managed Services Root CA (Key Update #1) Entrust Managed Services Root CA (Key Update #1)
1.49 KB 2018 11 30
  Editing CRLAutoCache Source Locations Editing CRLAutoCache Source Locations
This Quick Reference Guide (QRG) describes how to edit source location and DNLookupTable URLs used by CRLAutoCache for Windows to fetch and cache CRLs.
326.54 KB 2019 08 20
  Editing CRLAutoCache Source Locations Editing CRLAutoCache Source Locations
This Quick Reference Guide (QRG) describes how to edit source location and DNLookupTable URLs used by CRLAutoCache for Windows to fetch and cache CRLs.
326.54 KB 2019 08 23
  Editing Certificate Group Locations for InstallRoot via the GUI Editing Certificate Group Locations for InstallRoot via the GUI
This Quick Reference Guide (QRG) describes how to edit the default InstallRoot certificate group locations using the InstallRoot graphical user interface (GUI).
243.26 KB 2019 08 20
DoD PKI and ECA CRLs and intermediate CA certificates DoD PKI and ECA CRLs and intermediate CA certificates
2019 03 01
  DoD PKE Tool Configuration File URLs Crosswalk DoD PKE Tool Configuration File URLs Crosswalk
This spreadsheet lists the former IASE and corresponding current GDS locations for configuration files utilized by the DoD PKE InstallRoot and CRLAutoCache tools.
16.84 KB 2019 08 20
  DoD Memorandum - Department of Defense Requirements for Accepting Non-Federally Issued Identity Credentials DoD Memorandum - Department of Defense Requirements for Accepting Non-Federally Issued Identity Credentials
This DoD Memorandum provides Federal Government Guidance on acceptance and use of Non-Federal Issuer (NFI) identity credentials and specific DoD policies and practices for accepting credentials for logical access to DoD applications and websites.
2.41 MB 2018 11 30
  DoD Memorandum - Department of Defense Acceptance and Use of Personal Identity Verification-Interoperable (PIV-I) Credentials DoD Memorandum - Department of Defense Acceptance and Use of Personal Identity Verification-Interoperable (PIV-I) Credentials
This DoD Memorandum permits acceptance of PIV-I credentials for authentication and access when DoD relying parties, installation commanders, and facility coordinators determine that granting access is appropriate and the appropriate vetting requirements are met.
654.83 KB 2018 11 30
  DoD Instruction 8520.03, Identity Authentication for Information Systems DoD Instruction 8520.03, Identity Authentication for Information Systems
DoDI 8520.03 is a new instruction that requires that all authentications of users be conducted with an appropriate credential that is approved for use by a DoD authority and has been verified as active (not revoked) and not expired by the credential issuing authority. It defines four levels of data sensitivity granularity for sensitive but unclassified information, and three levels of data sensitivity granularity for Secret or Confidential information. It then provides specific requirements for authentication credentials based on these levels of sensitivity. Policy related to authentication requirements was previously found in DoDI 8520.2 which has been obsoleted by DoDI 8520.02.DoD Instruction 8520.03, Identity Authentication for Information Systems (Web Link)
2019 02 21
  DoD Instruction 8520.02, Public Key Infrastructure (PKI) and Public Key (PK) Enabling DoD Instruction 8520.02, Public Key Infrastructure (PKI) and Public Key (PK) Enabling
DoDI 8520.02 is a re-release of DoDI 8520.2 that establishes the availability of the Coalition PKI for Combatant Commands (COCOMS), refers to the SIPRNET PKI that will be transitioned to operate under Committee for National Security Systems (CNSS) authority, provides specific guidance on issuance of alternate logon tokens (ALTs) to Flag-level officers or Senior Executives, and incorporates the DoD CIO "Approval of External PKIs" memorandum (circa July 2008) into the instruction. It also contains two other major changes. The first is that all policy related to authentication requirements has been moved to DoDI 8520.03. The second major change impacts pursuing waivers to DoDI 8520.02. Previously, Component CIOs had the authority to approve waivers to the instruction
2019 02 21
DoD ID Card Reference Center DoD ID Card Reference Center
2019 03 01
  DoD Functional Interface Specification Version 3.0 DoD Functional Interface Specification Version 3.0
This document describes the functional interface to the Department of Defense (DoD) Public Key Infrastructure to support development of applications capable of interacting with the DoD PKI.
876.65 KB 2019 03 01
  DoD CIO memo regarding Use of Commercial Mobile Devices (CMD) in the DoD DoD CIO memo regarding Use of Commercial Mobile Devices (CMD) in the DoD
This April 2011 DoD CIO memo emphasizes the importance of adhering to existing security policies for the use of commercial mobile devices in the DoD, outlines current challenges and provides requirements and potential mitigations for limited use pilots and mission-critical applications of devices that do not currently have approved Security Technical Implementation Guides (STIGs).
225.05 KB 2019 03 13
  DoD CIO memo providing DoD CMD Interim Policy DoD CIO memo providing DoD CMD Interim Policy
This January 2012 DoD CIO memo defines interim policy and establishes responsibilities to increase mission capabilities of CMDs while adhering to DoD security policies. Attachment 1 addresses configuring optimal security settings in the BlackBerry STIG to improve user acceptance and functionality. Attachment 2 discusses requirements for the use of non-enterprise activated CMDs. Attachment 3 outlines interim steps to support CMD applications in the DoD.
598.09 KB 2019 02 26
DoD CAC Reader Specifications DoD CAC Reader Specifications
116.12 KB 2018 11 30
  DoD Approved External PKIs Master Document - Version 7.3 DoD Approved External PKIs Master Document - Version 7.3
his document provides Certification Authority (CA) certificate trust chain and assurance level information for all Department of Defense (DoD) approved Public Key Infrastructures (PKIs).
1.39 MB 2019 09 17
DoD Approved External PKIs Master Document - Version 6.5 DoD Approved External PKIs Master Document - Version 6.5
1.23 MB 2019 05 10
  DoD Approved External PKIs Master Document - Version 6.3 DoD Approved External PKIs Master Document - Version 6.3
This document provides Certification Authority (CA) certificate trust chain and assurance level information for all Department of Defense (DoD) approved Public Key Infrastructures (PKIs).
1.56 MB 2019 05 09
  DoD Approved External PKIs Category 2 Certificate Trust Chains (Non Federal Issuers) - Version 1.7 DoD Approved External PKIs Category 2 Certificate Trust Chains (Non Federal Issuers) - Version 1.7
This zip file contains certificate trust chains for DoD Approved External Category 2 PKIs
83.88 KB 2018 03 05
DoD and ECA Cross Certificates DoD and ECA Cross Certificates
10.46 KB 2019 02 26
  DoD and ECA CRL Distribution Points (CRLDPs) DoD and ECA CRL Distribution Points (CRLDPs)
This file provides a listing of all DoD and ECA CRLDPs. CRLDPs are represented by HTTP URLs that are asserted in the CRL Distribution Points certificate extension. CRLDPs are one of the mechanisms used by DoD relying party applications to validate certificates.
3.03 KB 2019 06 27
DoD 411 DoD 411
2019 03 01
  Department of Defense External Interoperability Plan - Version 1.0 Department of Defense External Interoperability Plan - Version 1.0
The DoD Public Key Infrastructure (PKI) External Interoperability Plan (EIP) outlines the steps to be accomplished in order for External PKIs to be designated as approved for use with DoD relying parties.
1.94 MB 2018 11 30
DEERS/RAPIDS Facility DEERS/RAPIDS Facility
2019 02 24
  CNSSI-1300, National Security Systems (NSS) PKI X.509 Certificate Policy CNSSI-1300, National Security Systems (NSS) PKI X.509 Certificate Policy
The Committee on National Security Systems Instruction (CNSSI) No. 1300, "Instruction for National Security Systems (NSS) Public Key Infrastructure (PKI) X.509 Certificate Policy, Under CNSS Policy No. 25," states the requirements for issuing and managing certificates that Relying Parties can use in making decisions regarding what assurance they can place in a certificate issued by a NSS PKI CA.
2019 02 21
CNSS Policy No. 25 CNSS Policy No. 25
2019 03 01
CNSS Directive 506 CNSS Directive 506
2019 02 24
  Certificate Validation Capability Requirements and Best Practices Certificate Validation Capability Requirements and Best Practices
This guide provides basic requirements and best practices for vendors or custom system developers looking to build certificate validation capabilities into their products.
429.93 KB 2018 11 30
CAC Developer Resources CAC Developer Resources
2019 03 01
AF PKI SPO CAC/PKI Helpdesk AF PKI SPO CAC/PKI Helpdesk
2019 03 01
AF PKI RA Office AF PKI RA Office
2019 03 01
PKI/PKE Topics

Type

Target Audience