1 / 9

Federal PKI Update

Federal PKI Update. Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority. Agenda. Current state of the Federal PKI Bridge-to-Bridge Update FIPS 201 and Chicken Little Pending Issues Why this matters to You. Simplified Diagram of Federal PKI. Federal Bridge CA. Cross- Certified

hcooley
Download Presentation

Federal PKI Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Federal PKI Update Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority

  2. Agenda • Current state of the Federal PKI • Bridge-to-Bridge Update • FIPS 201 and Chicken Little • Pending Issues • Why this matters to You

  3. Simplified Diagram of Federal PKI Federal Bridge CA Cross- Certified gov PKIs Common Policy CA Shared Service Provider PKIs (Common Policy OID And root Cert) C4 CA E-Gov CAs (3) Cross- Certified External PKIs eAuth CSPs ?

  4. Federal PKI: Summary • No architectural changes in last 6 months – stable • Closure near on path discovery/path validation tools and services • Cross-certification approved with first commercial partner – Wells Fargo Bank, and near with Boeing • New Federal Bridge CP adopted in RFC 3647 format incorporating Medium Hardware LOA • New Federal Certificate Profile adopted requiring populating AIA or SIA fields • Most of the work diverted to HSPD-12 implementation

  5. Federal PKI: Shared Service Provider Update • New High Assurance Policy for Common Policy CA approved • One new Shared Service Provider approved and two others in process • No new self-signed Agency PKIs allowed unless waiver granted from OMB.

  6. Federal PKI and EAuthentication • PKI required for Levels 3 & 4 • EAuth management still clueless about integrating PKI into operational vision • Therefore, focusing on LOA 1 & 2 with SAML as transport

  7. Bridge to Bridge Update • Policy roadblock (citizenship of trusted operators) surmounted by creating “commercial best practice” policies at Medium and Medium Hardware LOA • FBCA reserves High Assurance cross-certification for governments only • SAFE bridge (pharmaceutical) operational • Certipath bridge (aerospace) open for business before 12/31 – already in technical interoperability testing with FBCA • HEBCA aiming for Medium Hardware cross-certification with FBCA; USHER aiming for ??

  8. FIPS 201 and Chicken Little • FIPS 201 mandates both identity proofing standards and PKI on a SmartCard for all feds and inside contractors • Identity Proofing standard required 10/05 of ALL federal agencies; security checks of all new hires; over next 12 months, security checks of all employees and contractors. Huge $$ and bottlenecks expected. • SmartCard standards in place but incomplete. No products yet available. Middleware also playing catch-up. Both promised for 2Q06. • Agencies stunned and busy playing catch-up with little money to implement. Meteorologists predict a blast of hot air followed by a blizzard of meaningless but expensive paper. A blessed few will succeed, making everybody else look inept. Blame will be spread wide.

  9. Discussion altermap@mail.nih.gov

More Related