Procedures
for Cross-Certifying with the Federal Public Key Infrastructure
Applicant
PKIs and Bridges may choose to cross-certify with the Federal PKI at one or
more of the five levels of assurance of the Federal Bridge CA (rudimentary,
basic, medium, medium hardware and high), or to cross certify at the Citizen
and Commerce Class Certificate level of assurance. The actual requirements for
cross-certification are listed below, but we encourage potential applicants
to contact
the Policy Authority prior to submitting any documentation, so that we can
work with you actively to smooth the process.
Requirements for Cross-Certification and Interoperability with the Federal
PKI:
- Submit an Application
for Cross-Certification signed by the responsible executive in charge
of the applicant PKI (e.g., CIO, VP for Systems, etc.) to the Federal PKI
Policy Authority Chair. Usually, this individual is in charge of funding and
budget for the applicant's PKI.
- Submit a copy of your PKI Certificate Policy for mapping, along with contact
information for the individual tasked with seeing to the cross-certification.
Please download a copy of the "mapping
matrix" available on the web site to use as you prepare your Policy
for mapping.
- Submit a copy of the summary of your PKI's audit, stating that your operations
comply with your CPS and that your CPS is in conformance with your CP. Please
download a copy of the Audit
Review Requirements from this web site to ensure you understand what language
we are looking for.
- If steps 1 - 3 are accomplished successfully, the Federal PKI Policy Authority
will enter into negotiations with you to sign a mutually-acceptable Memorandum
of Agreement (MOA) that will spell out our mutual responsibilities and
expectations. For Bridges cross-certifying with the Federal Bridge CA, there
are additional requirements to be fulfilled mutually.
- Once the MOA is signed, the Federal PKI Policy Authority Chair directs the
Director of the Federal PKI Management Authority to exchange cross-certificates
with the new member PKI.
Detailed
discussions of all of these steps may be found in the FPKI
Criteria and Methodology document on this web site, as well as many other
supporting documents. At any time, feel free to contact
us to discuss any questions you may have. The applicant should submit the
information requested above in an electronic format to Judith.Spencer@gsa.gov
and to FPKI.Webmaster@gsa.gov
Page Last
Updated: 01-December-2008