Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Federal Common Policy CA Update

Upcoming changes to the Federal Common Policy Certification Authority (CA) will impact your agency. This announcement will be updated as more information is available.

In October 2020, the Federal Government created a new Federal Public Key Infrastructure (FPKI) Root Certification Authority (CA). The new root is named the Federal Common Policy CA G2.

Between December 2020 and June 2021, the CAs signed by the old root will be migrated to be signed by this new root: Federal Common Policy CA G2. Once the migration is complete, the old root will be decommissioned.

What Will Be Impacted?

This change will affect all federal agencies and will have an impact on the following services:

  • Personal Identity Verification (PIV) credential authentication to the government networks
  • Agency web applications implementing client authentication (e.g., PIV authentication)
  • User digital signatures that leverage PIV or similar credentials
  • Other applications leveraging the Federal Common Policy CA as a root

When Will This Change Take Place?

Tentative time-line:

  • October 14, 2020: The Federal PKI Management Authority (FPKIMA) created the new Federal Common Policy CA G2 root
  • October 15, 2020: The FPKIMA team issued a cross certificate from the Federal Common Policy CA G2 to the Federal Bridge CA G4
  • November 18, 2020: The FPKIMA team will issue CA certificates to migrate agency and shared service providers CAs to the new root: Federal Common Policy CA G2
  • December 2020 to June 2021: All agencies will need to transition from using the old Federal Common Policy CA as the root to the new Federal Common Policy CA G2 (approximately six months)
  • June 2021: The FPKIMA team will decommission the old Federal Common Policy CA

What Should I Do?

We are collaborating with CISA on a series of webinars to communicate the upcoming changes and answer your questions. Email fpkirootupdate@gsa.gov to be notified of future events.

To prevent issues, agencies must distribute the Federal Common Policy CA G2 root certificate as a trusted Root Certification Authority to workstations and servers.

To prepare for the Federal Common Policy CA update, read our guide here.

Who Can I Contact for Help or More Information?

Email us at fpkirootupdate@gsa.gov.

Return to top

IDManagement.gov

An official website of the General Services Administration

Looking for U.S. government information and services?
Visit USA.gov

This site is a collaboration between GSA and the Federal CIO Council. It is managed by the Identity Assurance and Trusted Access Division in the GSA Office of Government-wide Policy.

Edit this page