Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Pardon our Dust.

Welcome to the new site for Federal Identity, Credential, and Access Management (FICAM) Playbooks! We are consolidating all existing FICAM and Federal Public Key Infrastructure (FPKI) playbooks to this new page to help you find answers and content faster. Please bookmark this URL for future reference.

Federal Common Policy CA Update

The Federal Government recently deployed the Federal Common Policy CA (FCPCA) G2, a new Federal Public Key Infrastructure (FPKI) root Certification Authority (CA). As the existing Federal Common Policy CA reaches the end of its planned service life, FCPCA G2 will roll out incrementally and serve as the new trust anchor for the Federal PKI. Below, you’ll find important dates and steps for a successful operational transition to the FCPCA G2 trust anchor.

This change affects all federal agencies and the following services:

  • Personal Identity Verification (PIV) credential authentication to government networks
  • Agency web applications implementing client authentication (for example, PIV authentication)
  • User digital signatures that leverage PIV or similar credentials
  • Other applications leveraging the Federal Common Policy CA as a root CA

Federal enterprises and other relying party organizations should plan for this transition and test interoperability in advance of implementing changes in their production IT environments.

Recommended steps to complete by December 31st, 2020:

  1. Prepare to migrate to the Federal Common Policy CA G2
  2. Obtain and verify a copy of the Federal Common Policy CA G2 certificate
  3. Distribute the certificate to operating systems
  4. Verify operating system distribution
  5. Distribute the certificate to applications
  6. Distribute the CA certificates issued by the Federal Common Policy CA G2

Recommended steps to complete by April 20th, 2021:

  1. Migrate to the Federal Common Policy CA G2
  2. Verify migration to the Federal Common Policy CA G2

Heads-up! The Federal PKI Management Authority is working with CA operators to plan the revocation of the certificates issued by the Federal Common Policy CA. Follow our GitHub issue page or System Notifications page for more information related to the planned revocation schedule.

Need Help?

View the Frequently Asked Questions page for more information, or email us at fpkirootupdate at gsa dot gov.

We're collaborating with CISA on a series of virtual "office hours" sessions to answer your questions in real-time. Email fpkirootupdate at to be notified once the sessions are scheduled.