NIST, Computer Security Division, Computer Security Resource Center
CSOR Public Key Infrastructure (PKI) Objects Registration
The CSOR has allocated the following registration branch for Public Key Infrastructure (PKI) objects:
csor-pki={joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) csor(3) pki(2)}.
For agencies requesting a new OID, please send email with OID name, associated document and point of contact information.
Additional information on Federal PKI activities is available from the NIST PKI Page.
ACES Registered Objects
There are eight objects registered to support the ACES project. The first object is an arc for ACES policies. These objects define an arc for policies associated with the GSA ACES project.
-- the ACES policy arc
aces OBJECT IDENTIFIER ::= { csor-certpolicy 1 }
-- the aces policy OIDs
The seven policies below are defined in "Revised Certificate Policy for Access Certificates for Electronic Services".
--
aces-ca OBJECT IDENTIFIER ::= { aces 1 }
aces-identity OBJECT IDENTIFIER ::= { aces 2 }
aces-business-rep OBJECT IDENTIFIER ::= { aces 3 }
aces-relying-party OBJECT IDENTIFIER ::= { aces 4 }
aces-SSL OBJECT IDENTIFIER ::= { aces 5}
aces-fed-employee OBJECT IDENTIFIER ::= { aces 6 }
aces-fed-employee-hw OBJECT IDENTIFIER ::= { aces 7 }
U.S. Patent and Trademark Office Registered Objects
There are nine policies registered with the U.S. Patent and Trademark Office. The first object is an arc for PTO policies. These OIDs have been assigned to this agency; however, we do not have the agency Certificate Profile associated with these OIDs.
pto-policies OBJECT IDENTIFIER ::= { csor-certpolicy 2 }
-- the pto policy OIDs
--
pto-registered-practitioner OBJECT IDENTIFIER ::= { pto 1 }
pto-inventor OBJECT IDENTIFIER ::= { pto 2 }
pto-practitioner-employee OBJECT IDENTIFIER ::= { pto 3 }
pto-basic OBJECT IDENTIFIER ::= { pto 4 }
pto-service-provider OBJECT IDENTIFIER ::= { pto 5}
pto-service-provider-registrar OBJECT IDENTIFIER ::= { pto 6 }
The following two policies are defined in the document: "Certificate Policy for the U.S. Patent and Trademark Office".
Back to Toppto-basic-2003 OBJECT IDENTIFIER ::= { pto 7 }
pto-medium-2003 OBJECT IDENTIFIER ::= { pto 8 }
id-pto-mediumHardware OBJECT IDENTIFIER ::= { pto 9 }
id-pto-cardAuth OBJECT IDENTIFIER ::= { pto 10 }
Federal Bridge Certification Authority Registered Objects
Seven objects have been registered to support the Federal Bridge Certification Authority. The first object is an arc for FBCA policies; the remaining six objects identify the five certificate policies used by the Federal Bridge Certification Authority.
fbca-policies OBJECT IDENTIFIER ::= { csor-certpolicy 3 }
The polices below are defined by the FBCA certificate policy.
id-fpki-certpcy-rudimentaryAssurance OBJECT IDENTIFIER ::= { fbca-policies 1 }
id-fpki-certpcy-basicAssurance OBJECT IDENTIFIER ::= { fbca-policies 2 }
id-fpki-certpcy-mediumAssurance OBJECT IDENTIFIER ::= { fbca-policies 3 }
id-fpki-certpcy-highAssurance OBJECT IDENTIFIER ::= { fbca-policies 4 }
id-fpki-certpcy-testAssurance OBJECT IDENTIFIER ::= { fbca-policies 5 }
id-fpki-certpcy-mediumHardware OBJECT IDENTIFIER ::= { fbca-policies 12 }
id-fpki-certpcy-medium-CBP OBJECT IDENTIFIER ::= { fbca-policies 14 }
id-fpki-certpcy-mediumHW-CBP OBJECT IDENTIFIER ::= { fbca-policies 15 }
The policies below are defined in "X.509 Certificate Policy for the Common Policy Framework".
id-fpki-common-policy OBJECT IDENTIFIER ::= { fbca-policies 6 }
id-fpki-common-hardware OBJECT IDENTIFIER ::= { fbca-policies 7 }
id-fpki-common-devices OBJECT IDENTIFIER ::= { fbca-policies 8 }
id-fpki-common-authentication OBJECT IDENTIFIER ::= { fbca-policies 13 }
id-fpki-common-high OBJECT IDENTIFIER ::= { fbca-policies 16 }
id-fpki-common-cardAuth OBJECT IDENTIFIER ::= { fbca-policies 17 }
The policies below are defined in "X.509 Certificate Policy for the E-Governance Certification Authority".
id-eGov-Level1 OBJECT IDENTIFIER ::= { fbca-policies 9 }
id-eGov-Level2 OBJECT IDENTIFIER ::= { fbca-policies 10 }
id-eGov-Applications OBJECT IDENTIFIER ::= { fbca-policies 11 }
National Institute of Standards and Technology Registered Objects
Two objects have been registered with the National Institute of Standards and Technology PKI policies. The first object is an arc for NIST policies.
nist-policies OBJECT IDENTIFIER ::= { csor-certpolicy 4 }
-- the nist policy OIDs
The following policy is defined in the document: "Basic Level NIST Certificate Policy".
--
nist-cp1 OBJECT IDENTIFIER ::= { nist-policies 1 }
U.S. Treasury Department's Registered Objects
Nine objects have been registered to support the U.S. Treasury Department's PKI. The first object is an arc for Treasury policies.
treasury-policies OBJECT IDENTIFIER ::= { csor-certpolicy 5 }
The following object is the FMS PKI policy. The FMS policy is defined in Certificate Policy CP-1 for FMS Public Key Certificates in Unclassified Environments (draft).
treasury-cp1 OBJECT IDENTIFER ::= { treasury-policies 1 }
The following six policies will be defined in the US Treasury Certificate Policy which is currently being updated.
id-treasury-certpcy-rudimentary OBJECT IDENTIFER ::= { treasury-policies 2 }
id-treasury-certpcy-basicindividual OBJECT IDENTIFER ::= { treasury-policies 3 }
id-treasury-certpcy-basicorganizational OBJECT IDENTIFER ::= { treasury-policies 8 }
id-treasury-certpcy-medium OBJECT IDENTIFER ::= { treasury-policies 7 }
id-treasury-certpcy-mediumhardware OBJECT IDENTIFER ::= { treasury-policies 4 }
id-treasury-certpcy-high OBJECT IDENTIFER ::= { treasury-policies 5 }
The following policy is defined in the "Certificate Policy for the Internal Revenue Service (IRS) Secure Messaging" document.
id-US-IRS-Securemail OBJECT IDENTIFER ::= { treasury-policies 6 }
Back to TopState Department Registered Objects
Seven objects have been registered to support the U.S. State Department PKI. The first object is an arc for State Department policies.
state-policies OBJECT IDENTIFIER ::= { csor-certpolicy 6 }
The following objects are defined in the "United States Department of State X.509 Certificate Policy". (This document is currently not publicly available.)
state-basic OBJECT IDENTIFIER ::= { state-policies 1 }
state-low OBJECT IDENTIFIER ::= { state-policies 2 }
state-moderate OBJECT IDENTIFIER ::= { state-policies 3 }
state-high OBJECT IDENTIFIER ::= { state-policies 4 }
The following object has been assigned to this agency; however, we do not have the agency Certificate Profile associated with this OID.
state-certpcy-mediumHardware OBJECT IDENTIFIER ::= { state-policies 12 }
state-certpcy-citizen-and-commerce OBJECT IDENTIFIER ::= { state-policies 14 }
The following object is defined in the "Machine Readable Travel Document (MRTD) PKI X.509 Certificate Policy Version 1.1". (This document is currently not publicly available.)
state-mrtd OBJECT IDENTIFIER ::= { state-policies 100 }
Back to TopFederal Deposit Insurance Corporation Registered Objects
Five objects have been registered to support the Federal Deposit Insurance Corporation PKI. The first object is an arc for FDIC policies.
fdic-policies OBJECT IDENTIFIER ::= { csor-certpolicy 7 }
The following four policies can be defined in the "Certificate Policy for the Federal Deposit Insurance Corporation" document. (This document is currently not publicly available.)
fdic-basic OBJECT IDENTIFIER ::= { fdic-policies 1 }
fdic-low OBJECT IDENTIFIER ::= { fdic-policies 2 }
fdic-moderate OBJECT IDENTIFIER ::= { fdic-policies 3 }
fdic-high OBJECT IDENTIFIER ::= { fdic-policies 4 }
NFC (National Finance Center) Registered Objects
Four objects have been registered to support the USDA and NFC PKI. The first object is an arc for USDA-NFC policies.
nfc-policies OBJECT IDENTIFIER ::= { csor-certpolicy 8}
The following three policies are defined in the "United States Department of Agriculture and National Finance Center Public Key Infrastructure Certificate Policy"
nfc-basicAssurance OBJECT IDENTIFIER ::= { nfc-policies 1 }
nfc-mediumAssurance OBJECT IDENTIFIER ::= { nfc-policies 2 }
nfc-highAssurance OBJECT IDENTIFIER ::= { nfc-policies 3 }
Drug Enforcement Administration Registered Objects
Three objects have been registered to support the DEA PKI. The first object is an arc for DEA policies.
dea-policies OBJECT IDENTIFIER ::= { csor-certpolicy 9}
The following policies have been assigned to this agency; however, we do not have the agency Certificate Profile associated with these OIDs.
dea-csos-cp OBJECT IDENTIFIER ::= { dea-policies 1 }
dea-epcs-policy OBJECT IDENTIFIER ::= { nfc-policies 2 }
DOE (Department of Energy) Registered Objects
Five objects have been registered to support the Department of Energy policies for PKI. The first object is an arc for DOE policies.
doe-policies OBJECT IDENTIFIER ::= { csor-certpolicy 10}
The following three policies are defined in the "Certificate Policy CP-1 for DOE Public Key Certificates in Unclassified"
doe-basic OBJECT IDENTIFIER ::= { doe-policies 1 }
doe-medium OBJECT IDENTIFIER ::= { doe-policies 2 }
doe-high OBJECT IDENTIFIER ::= { doe-policies 3 }
The policy below is defined in the "U.S. Department of Energy Public Key Infrastructure X.509 Certificate Policy" document.
doe-medium-v2 OBJECT IDENTIFIER ::= { doe-policies 4 }
Back to TopDOL (Department of Labor) Registered Objects
Three objects have been registered to support the Department of Labor policies for PKI. The first object is an arc for DOL policies.
dol-policies OBJECT IDENTIFIER ::= { csor-certpolicy 11}
These OIDs have been assigned to this agency; however, we do not have the agency Certificate Profile associated with these OIDs.
dol-basic OBJECT IDENTIFIER ::= { dol-policies 1 }
dol-medium OBJECT IDENTIFIER ::= { dol-policies 2 }
FDA (Food and Drug Administration) Registered Objects
Six objects have been registered to support the Food and Drug Administration policies for PKI. The first object is an arc for FDA policies.
id-ORApki-policies OBJECT IDENTIFIER ::= { csor-certpolicy 13}
The following policy is defined in the "X.509 Certificate Policy for the Food and Drug Administration (FDA) Office"
id-ORApki-assurance-test OBJECT IDENTIFIER ::= { id-ORApki-policies 1 }
id-ORApki-assurance-basic OBJECT IDENTIFIER ::= { id-ORApki-policies 2 }
id-ORApki-assurance-medium OBJECT IDENTIFIER ::= { id-ORApki-policies 3}
id-ORApki-assurance-high OBJECT IDENTIFIER ::= { id-ORApki-policies 4}
The following object has been assigned to this agency; however, we do not have the agency Certificate Profile associated with this OID.
id-fpki-common-devices-HHSdomains OBJECT IDENTIFIER ::= {id-ORApki-policies 5}
Back to TopCitizen and Commerce Registered Objects
Three objects have been registered to support the Citizen and Commerce policies for PKI. The first object is an arc for the Citizen and Commerce policies.
citizen-and-commerce-policies OBJECT IDENTIFIER ::= { csor-certpolicy 14}
The following two policies are defined in the "Citizen and Commerce Certificate Policy" document.
citizen-and-commerce-provisional OBJECT IDENTIFIER ::= { citizen-and-commerce-policies 1 }
citizen-and-commerce-cp1 OBJECT IDENTIFIER ::= { citizen-and-commerce-policies 2 }
Department of Homeland Security Registered Objects
Twenty objects have been registered to support the Department of Homeland Security policies for PKI. The first object is an arc for the DHS policies.
dhs-policies OBJECT IDENTIFIER ::= { csor-certpolicy 15}
The following arc is reserved for private DHS certificate content and PKI-protected message formats:
id-dhs-pkiObjects ::= { dhs-policies 0 }
The following OID is defined for use in the extended key usage extension:
id-dhs-USVISITsigner ::= { dhs-pkiObjects 1 }
The following OIDs was assigned to DHS eContentTypes for use with Cryptographic Message Syntax object formats:
id-dhs-ValidationList ::= { dhs-pkiObjects 3 }
id-dhs-CertStatus ::= { dhs-pkiObjects 4 }
id-dhs-CountryStatus ::= { dhs-pkiObjects 5 }
The following OID was assigned to the ASN.1 module that defines the eContentTypes and value for the extendedKeyUsage extension:
id-dhs-MRTDValidationV4 ::= { dhs-pkiObjects 2 }
The following seven policies are defined within the "X.509 Certificate Policy for the Department of Homeland Security Public Key Infrastructure" document.
id-dhs-certpcy-rudimentary OBJECT IDENTIFIER ::= { dhs-policies 1 }
id-dhs-certpcy-basic OBJECT IDENTIFIER ::= { dhs-policies 2 }
id-dhs-certpcy-medium OBJECT IDENTIFIER ::= { dhs-policies 3}
id-dhs-certpcy-high OBJECT IDENTIFIER ::= { dhs-policies 4 }
id-dhs-certpcy-mediumHardware OBJECT IDENTIFIER ::= { dhs-policies 5}
id-dhs-certpcy-cardAuth OBJECT IDENTIFIER ::= { dhs-policies 6 }
id-dhs-certpcy-internalBasic OBJECT IDENTIFIER ::= { dhs-policies 7}
The following seven test policies are defined within the "X.509 Certificate Policy for the Department of Homeland Security Public Key Infrastructure" document to support pilots and testing. These policies should never be inserted in "real" certificates, and no relying party should ever accept such a certificate to implement security services in a "real" application!
id-dhs-certpcy-testRudimentary OBJECT IDENTIFIER ::= { dhs-policies 31}
id-dhs-certpcy-testBasic OBJECT IDENTIFIER ::= { dhs-policies 32 }
id-dhs-certpcy-testMedium OBJECT IDENTIFIER ::= { dhs-policies 33 }
id-dhs-certpcy-testHigh OBJECT IDENTIFIER ::= { dhs-policies 34 }
id-dhs-certpcy-testMediumHardware OBJECT IDENTIFIER ::= { dhs-policies 35 }
id-dhs-certpcy-testCardAuth OBJECT IDENTIFIER ::= { dhs-policies 36 }
id-dhs-certpcy-testInternalBasic OBJECT IDENTIFIER ::= { dhs-policies 37 }
Department of Justice Registered Objects
Eight objects have been registered to support the Department of Justice policies for PKI. The first object is an arc for the DOJ policies.
id-doj-policies OBJECT IDENTIFIER ::= { csor-certpolicy 16}
The following five policies are defined in the "Department of Justice Public Key Infrastructure X.509 Certificate Policy" document.
id-doj-Class1 OBJECT IDENTIFIER ::= { id-doj-policies 1 }
id-doj-Class2 OBJECT IDENTIFIER ::= { id-doj-policies 2 }
id-doj-Class3 OBJECT IDENTIFIER ::= { id-doj-policies 3 }
id-doj-Class4 OBJECT IDENTIFIER ::= { id-doj-policies 4 }
id-doj-Class5 OBJECT IDENTIFIER ::= { id-doj-policies 5 }
The following two policies are defined in the "X.509 Certificate Policy for the Federal Bureau of Investigation Public Key Infrastructure.
id-fbi-mediumAssurance OBJECT IDENTIFIER ::= { id-doj-policies 6.1 }
id-fbi-highAssurance OBJECT IDENTIFIER ::= { id-doj-policies 6.2 }
Government Printing Office Registered Objects
Two objects have been registered to support the Government Printing Office policies for PKI. The first object is an arc for the GPO policies.
id-gpo-policies OBJECT IDENTIFIER ::= { csor-certpolicy 17}
The following policies are defined in the "X.509 Certificate Policy for the Government Printing Office Certification Authority".
id-gpo-medium OBJECT IDENTIFIER ::= { id-gpo-policies 1 }
id-gpo-medium-hardware OBJECT IDENTIFIER ::= { id-gpo-policies 2 }
Nuclear Regulatory Commission Registered Objects
Three objects have been registered to support the Nuclear Regulatory Commission policies for PKI. The first object is an arc for the NRC policies.
id-nrc-policies OBJECT IDENTIFIER ::= { csor-certpolicy 18}
The following policy are defined in the "U.S. Nuclear Regulatory Commission Certificate Policy for Level 3 Assurance Addendum to the VTN CP" document (not publicly available).
id-nrc-level3 OBJECT IDENTIFIER ::= { id-nrc-policies 1 }
The following policy are defined in the "U.S. Nuclear Regulatory Commission Certificate Policy for Level 2 Assurance Addendum to the VTN CP" document (not publicly available).
id-nrc-level2 OBJECT IDENTIFIER ::= { id-nrc-policies 2 }
Back to TopDepartment of Interior Registered Objects
Three objects have been registered to support the Department of Interior policies for PKI. The first object is an arc for the DOI policies.
id-doi-policies OBJECT IDENTIFIER ::= { csor-certpolicy 19}
These OIDs have been assigned to this agency; however, we do not have the agency Certificate Profile associated with these OIDs.
id-doi-basic OBJECT IDENTIFIER ::= { id-doi-policies 1 }
id-doi-medium OBJECT IDENTIFIER ::= { id-doi-policies 2 }
U.S. Postal Service Registered Objects
Two objects have been registered to support the U.S. Postal Service policies for PKI. The first object is an arc for the USPS policies.
id-usps-policies OBJECT IDENTIFIER ::= { csor-certpolicy 20}
This OID has been assigned to this agency; however, the Certificate Policy is still in draft format.
id-usps-cp1 OBJECT IDENTIFIER ::= { id-usps-policies 1 }
Back to TopPKI Pilots and Testing Registered Objects
There are eighty-one objects registered to support PKI pilots and testing. These objects define an arc for policies associated and eighty distinct policies. These policies should never be inserted in "real" certificates, and no relying party should ever accept such a certificate to implement security services in a "real" application! Note that the eighty policies are all equivalent and are defined within the "Test Certificate Policy to Support PKI Pilots and Testing" document.
-- test policy arc
csor-test-policies OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 2 1 48 }
-- test policy OIDs
test1 OBJECT IDENTIFIER ::= { csor-test-policies 1 }
test2 OBJECT IDENTIFIER ::= { csor-test-policies 2 }
test3 OBJECT IDENTIFIER; ::= { csor-test-policies 3 }
test4 OBJECT IDENTIFIER ::= { csor-test-policies 4 }
test5 OBJECT IDENTIFIER ::= { csor-test-policies 5 }
test6 OBJECT IDENTIFIER ::= { csor-test-policies 6 }
test7 OBJECT IDENTIFIER ::= { csor-test-policies 7 }
test8 OBJECT IDENTIFIER ::= { csor-test-policies 8 }
test9 OBJECT IDENTIFIER ::= { csor-test-policies 9 }
test10 OBJECT IDENTIFIER ::= { csor-test-policies 10 }
. . .
test78 OBJECT IDENTIFIER ::= { csor-test-policies 78}
test79 OBJECT IDENTIFIER ::= { csor-test-policies 79 }
test80 OBJECT IDENTIFIER ::= { csor-test-policies 80 ]