Shared Service Provider PKI

As Federal agencies widely deploy HSPD-12 solutions, they will become highly dependent on the availability of Shared Service Provider PKI services for everyday physical and logical access functions like logging on to a Windows workstation or accessing a Federal building. VeriSign Shared Service Provider PKI (SSP PKI) offers low risk, full featured PKI with the high reliability, scalability and availability needed for Federal agency mission-critical SSP PKI services.

Homeland Security Presidential Directive-12 (HSPD-12) signed by the President in August 2004 mandated a common identification standard for Federal employees and contractors. Federal Information Processing Standard 201 (FIPS 201), Personal Identity Verification (PIV) of Federal employees and contractors, specifies the implementation requirements for HSPD-12, which include a smart card (PIV card) with biometrics (facial image and fingerprints) and digital certificate(s) obtained from an approved PKI Shared Service Provider. To help enable Federal agencies deploy a low cost, robust solution for complying with FIPS 201, VeriSign provides both an SSP PKI service and a complementary Card Management System for the personalization of PIV cards. Both the VeriSign SSP PKI and Card Management System are on the GSA Approved Products List for FIPS-201 certified products and services.

VeriSign provides the required SSP PKI features and functionality including a dedicated Federal agency Certification Authority (CA), Registration Authority, key management, repository, and archive services. In addition, VeriSign SSP PKI includes an integrated Online Certificate Status Protocol (OCSP) responder service that eliminates the need for a Federal agency to purchase an OCSP responder solution. Choosing VeriSign SSP PKI enables Federal agencies to take advantage of VeriSign’s highly available and scalable Internet-based infrastructure to help ensure the availability of their mission-critical SSP PKI services.

• Out of the box integration with VeriSign Card Management System and proven compatibility with other vendor smartcard management systems.
• Includes a full suite of digital certificates to meet Federal agency security needs including four (4) certificates on the PIV card and other device certificates for PIV content signing, OCSP responders, and Windows domain controllers.
• Validation of certificates through Certificate Revocation Lists (CRLs) that are updated more frequently than the Federal requirement and a real-time OCSP validation service.
• Global repository service and seamless integration into Federal agency enterprise directory for storage and retrieval of certificates and CRLs.
• Audited polices and procedures to aid the most rigorous compliance requirements.
• Key Management Service provides a centralized, auditable key storage and archive service for key escrow and recovery.
• Each Federal agency receives three instances of dedicated agency SSP CA configured with redundancy, load balancing for high availability.
• Disaster recovery is provided through a geographically distributed back-up agency SSP CA with dedicated secured link to mirror all transactions for disaster recovery in event of failure of primary agency SSP CAs.

VeriSign SSP PKI offers flexible deployment options and custom features and workflow. Coupled with VeriSign professional services, VeriSign SSP PKI supports HSPD-12 compliance for Federal agencies and is unmatched by any other vendor or government managed service offering.