FPKI PIV-I Certified, v1.0

This Trustmark Definition defines a Trustmark that verifies an organization's PIV-I CA has been certified by the Federal Public Key Infrastructure (FPKI) Policy Authority. This may not be a direct certification, but a chain of trust must be traceable to the FPKI Police Authority.

Assessment Step

1
PIVI-Approved (PIVI_Approved)

Has the organization been approved by the FPKI CA (or bridged to the FPKI CA with a navigatable trust chain)? Be sure to review this site: http://www.idmanagement.gov/approved-piv-i-entities and provide all certs involved in the trust chain if the certification is not direct.

Artifact
FPKI-Certification

Provide evidence of their FPKI Certification (including all certs in the chain as required).

Conformance Criteria (1)

FPKI-Certified

An organization that has been certified by the FPKI is published to the Approved PIV-I Entities site.

Citation
FPKI-Cert

Metadata

Publication Date 2017-05-18
Trustmark Reference Attribute https://artifacts.trustmarkinitiative.org/lib/trustmark-definitions/fpki-pivi-certified/1.0//trustmark-reference/
Issuing Organization
No Responder support@trustmarkinitiative.org 404-407-8956 75 5th Street NW, Suite 900, Atlanta, GA 30308
Keywords FPKI, PIV-I, Federal Public Key Infrastructure, Personal Identity Verification, Authentication, Certificate Authority, CA, X.509,
Supersedes
Issuance Criteria
yes(ALL)
Assessment Step Preface

Assessment Steps

Target Stakeholder The PIV-I Community and relying parties of PIV-I cards.
Target Recipient Organizations that operate a PIV-I CA that is cross certified with the FPKI.
Target Relying Party Organizations that wish to trust organizations operating PIV-I CAs.
Target Provider Any organization that is capable of verifying a chain of trust.
Provider Eligibility Criteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
Assessor Qualifications Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
Trustmark Revocation Criteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
Extension Description This Trustmark Definition requires no extension data.
Legal Notice This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Sources (1)

Terms (5)

Term Name Abbreviations Definition
Attribute Provider Organization APO

An identity federation member organization that vets and collects specific attributes about individuals, maintains those attributes in an accurate and timely manner, and provides those attributes to other organizations in the identity federation as needed, subject to applicable attribute release and privacy policies, for access control and auditing purposes. An APO operates one or more Attribute Provider (AP) software entities in an identity federation.

Federal Public Key Infrastructure Policy Authority FPKIPA

The Federal Public Key Infrastructure (FPKI) Policy Authority is an inter-agency body set up under the CIO Council to enforce digital certificate standards for trusted identity authentication across the federal agencies and between federal agencies and outside bodies, such as universities, state and local governments and commercial entities.

Identity Provider Organization IDPO

An identity federation member organization that vets individuals, collects attributes about these individuals, and maintains those attributes in an accurate and timely manner. The IDPO operates one or more Identity Provider (IDP) entities, and may also operate one or more SAML Assertion Delegate Service (ADS) entities, in an identity federation.

Personal Identity Verification Interoperable PIV-I

PIV-I Cards are popular way of performing high level of assurance authentication of users. The cards have strongly protected crypto devices and can perform strong authentication of a user.

Service Provider Organization SPO

An identity federation member organization that operates one or more SAML Service Provider (SP) and/or Web Service Provider (WSP) software entities in an identity federation.

Also available as XML or JSON