Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Federal Public Key Infrastructure Guide Introduction

Welcome to the Federal Public Key Infrastructure (FPKI) Guides! In these guides, you will find commonly used links, tools, tips, and information for the FPKI.

These guides are open source and a work in progress and we welcome contributions from our colleagues. We encourage you to contribute and share information you think is helpful for the Federal PKI community.

What Is the Federal PKI?

The Federal PKI is a network of certification authorities (CAs) that issue:

  • PIV credentials and person identity certificates
  • PIV-Interoperable credentials and person identity certificates
  • Other person identity certificates
  • A small number of federal enterprise device identity certificates

The participating certification authorities and the policies, processes, and auditing of all the participants are collectively referred to as the Federal Public Key Infrastructure (FPKI or Federal PKI).

The Federal PKI includes U.S. federal, state, local, tribal, territorial, and international governments, as well as commercial organizations, that work together to provide services for the benefit of the federal government.

Use the FPKI Graph to see the relationships between the certification authorities in the Federal PKI ecosystem. It graphically depicts how each certification authority links to another through cross-certificates, subordinate certificates, or bridge CAs.

What Is an Example of an Identity Certificate?

A PIV certificate is a simple example. Although there are many types of identity certificates, it’s easiest to explain PIV certificates since you might have one:

  • Identity certificates are issued and digitally signed by a certification authority.
  • The certification authority that issued and digitally signed your PIV certificates is called an intermediate certification authority. The intermediate certification authority’s certificate was issued by another certification authority.
  • This process of issuing and signing continues until there is one certification authority that is called the root certification authority.

An example of an identity certificate with intermediate and root.

The full process of proving identity when issuing certificates, auditing the certification authorities, and the cryptographic protections of the digital signatures establish the basis of trust.

For the U.S. federal government Executive Branch agencies, there is one root certification authority, called the Federal Common Policy Certification Authority (COMMON), plus dozens of intermediate certification authorities and bridged certification authorities. See a graph of the Federal PKI, including the business communities.

Why Should Agencies Use Certificates from the Federal PKI?

All federal agencies should use the Federal PKI for:

  • Facilities access, network authentication, and some application authentication for applications based on a risk assessment
  • Document sharing and digital signatures
  • Signed and encrypted email communications across federal agencies

The Federal PKI provides four core technical capabilities:

An illustration of the four core FPKI capabilities.

The Four Core Federal PKI Capabilities

  • Trust with federal agencies and industry
  • Support for technical non-repudiation
  • Authentication and encryption
  • Digital signatures

These four core capabilities are made possible by leveraging digital certificates; their policies, standards, and processes; and a mission-critical trust infrastructure.

Why Is the Federal PKI Important?

The Federal PKI is important to federal agencies, other government entities, and businesses that need access to federal facilities or participate in delivering federal government services.

Benefit Description
Security Improved facilities, network, and application access through cryptography-based, federated authentication. Federal PKI credentials reduce the possibility of data breaches that can result from using weak credentials, such as username and password. Specifically, the Federal PKI closes security gaps in user identification and authentication, encryption of sensitive data, and data integrity.
Compliance Using the Federal PKI means compliance with several Executive Orders, laws (e.g., FISMA, E-Government Act), initiatives, and standards. The Federal PKI verifies that participating certification authorities are audited and operated in a secure manner.
Interoperability Improved interoperability with other federal agencies and non-federal organizations that trust Federal PKI certificates. The Federal PKI helps reduce the need for issuing multiple credentials to users.
Return on Investment The Federal PKI improves business processes and efficiencies. For example, leveraging digital signing, encryption, and non-repudiation allows federal agencies to migrate from manual processing to automated processing, especially around document processing/sharing, and enhances communications between two or more federal employees for internal efficiency and effectiveness.

Where Can I Find the Policies and Standards?

IDManagement.gov

An official website of the General Services Administration

Looking for U.S. government information and services?
Visit USA.gov Edit this page