Federal Bridge Certification Authority - Access with Trust              Procedures for Cross-Certifying with the Federal Public Key Infrastructure


Applicant PKIs and Bridges may choose to cross-certify with the Federal PKI at one or more of the five levels of assurance of the Federal Bridge CA (rudimentary, basic, medium, medium hardware and high), or to cross certify at the Citizen and Commerce Class Certificate level of assurance. The actual requirements for cross-certification are listed below, but we encourage potential applicants to contact the Policy Authority prior to submitting any documentation, so that we can work with you actively to smooth the process.

Requirements for Cross-Certification and Interoperability with the Federal PKI:

  1. Submit an Application for Cross-Certification signed by the responsible executive in charge of the applicant PKI (e.g., CIO, VP for Systems, etc.) to the Federal PKI Policy Authority Chair. Usually, this individual is in charge of funding and budget for the applicant's PKI.

  2. Submit a copy of your PKI Certificate Policy for mapping, along with contact information for the individual tasked with seeing to the cross-certification. Please download a copy of the "mapping matrix" available on the web site to use as you prepare your Policy for mapping.

  3. Submit a copy of the summary of your PKI's audit, stating that your operations comply with your CPS and that your CPS is in conformance with your CP. Please download a copy of the Audit Review Requirements from this web site to ensure you understand what language we are looking for.

  4. If steps 1 - 3 are accomplished successfully, the Federal PKI Policy Authority will enter into negotiations with you to sign a mutually-acceptable Memorandum of Agreement (MOA) that will spell out our mutual responsibilities and expectations. For Bridges cross-certifying with the Federal Bridge CA, there are additional requirements to be fulfilled mutually.

  5. Once the MOA is signed, the Federal PKI Policy Authority Chair directs the Director of the Federal PKI Operational Authority to exchange cross-certificates with the new member PKI.

Detailed discussions of all of these steps may be found in the FPKI Criteria and Methodology document on this web site, as well as many other supporting documents. At any time, feel free to contact us to discuss any questions you may have. The applicant should submit the information requested above in an electronic format to Peter.Alterman@nih.gov and to FPKI.Webmaster@gsa.gov

Page Last Updated: 29-March-2007