Background

Securing Federal Government web services and delivering information to our consumers and partners in a trusted and privacy-enhancing manner is a priority for Federal Government teams across all our missions.

Federal Government teams are working to ensure our missions have secure, cost-effective, and stable services to secure these web services. We developed this Certificate Policy to address Internet PKI requirements and to support the establishment of the new U.S. Federal Public Trust TLS Public Key Infrastructure (PKI) for .mil and .gov web services.

We welcome and encourage public and community comment on this Certificate Policy.

Scope

The browser community, commercial and non-profit trust store owners, and Standards Development Organizations have rapidly been adopting emerging technology and new requirements for the public Internet and Hypertext Transfer Protocol (HTTPS). These requirements are intended to protect consumers, protect website operators from spoofing incidents, and promote an open and transparent trust model across the globe. These requirements include:

This Certificate Policy was developed for Federal Government missions and addresses Internet PKI requirements defined and governed by six (6) communities.

This Certificate Policy was scoped to encompass:

Relationship to Federal Public Key Infrastructure

The Federal Government currently manages the Federal Public Key Infrastructure, a trust framework of over one hundred (100) certification authorities used to issue and manage person identity and enterprise device identity certificates for the U.S. Federal Government and mission partners. The current Federal Public Key Infrastructure (FPKI) is managed and operated as a bridged public key infrastructure originally intended to establish trust across related communities of interest.

Government teams recognized the need to create a new Certificate Policy and infrastructure focused on Internet PKI requirements. The CAs operating under this Certificate Policy in the new infrastructure will not have cross-certificates with any existing Federal Public Key Infrastructure CAs. This is one step towards new purpose driven services intended to support the mission needs, and:

The Federal Public Key Infrastructure Policy Authority maintains the governance and voting rights to manage this Certificate Policy.