Federal Common Policy CA Update
The Federal PKI Management Authority has completed the revocation of the certificates issued by the Federal Common Policy CA. If you encounter any issues, please review the contents of this playbook, including the Frequently Asked Questions page.
The federal government recently deployed the Federal Common Policy CA (FCPCA) G2, a new Federal Public Key Infrastructure (FPKI) root certification authority (CA). As the existing Federal Common Policy CA reaches the end of its planned service life, FCPCA G2 will roll out incrementally and serve as the new trust anchor for the Federal PKI. Below, you’ll find important dates and steps for a successful operational transition to the FCPCA G2 trust anchor.
This change affects all federal agencies and the following services:
- Personal Identity Verification (PIV) credential authentication to government networks
- Agency web applications implementing client authentication (for example, PIV authentication)
- User digital signatures that leverage PIV or similar credentials
- Other applications leveraging the Federal Common Policy CA as a root CA
Federal enterprises and other relying party organizations should plan for this transition and test interoperability in advance of implementing changes in their production IT environments.
Recommended steps to complete by December 31st, 2020:
- Prepare to migrate to the Federal Common Policy CA G2
- Obtain and verify a copy of the Federal Common Policy CA G2 certificate
- Distribute the certificate to operating systems
- Verify operating system distribution
- Distribute the certificate to applications
- Distribute the CA certificates issued by the Federal Common Policy CA G2
Recommended steps to complete by April 20th, 2021:
View the Frequently Asked Questions page for more information, or email us at fpkirootupdate at gsa.gov.