UNITED STATES DEPARTMENT OF THE TREASURY
UNCLASSIFIED
UNITED STATES The Department of the Treasury Public Key Infrastructure (PKI)
X.509 Certificate Policy
Version 3.6 December 15, 2022
Digitally signed by Daniel W.
Daniel W. Wood Wood Date: 2022.12.19 09:31:57 -05'00'
PKI Policy Management Authority (PMA) Daniel W. Wood
DATE
UNCLASSIFIED
Revision History
Version
Date
Author(s)
Description
Reason For Change
Bring the TreasuryPKI Policy into
Department of the Treasury compliance with FPKIPA change
2.0
January 2008 James Schminky
PKI Policy in RFC
proposal requiringall cross
3647 format.
certifiedPKI Policies to be in RFC
3647 format.
2.1
March 17, 2009
James Schminky
Errata changes to sections 2.2.1,
4.8, 4.912, 5.5, and 7.1.3.
As a result of mapping the Treasury PKI Policy to Federal Policy, a number of minor changes and omissions where identified
and corrected.
As a result of the PMA annual
Errata changes to sections review a number of minor
5.6, and 6.3.2. Change
corrections, Federal Bridge
2.2 March 11, 2010 James Schminky proposal changes to 2.4, CertificationAuthority (FBCA)
4.2.2, 5.1, 5.1.1 5.1.2.1, 5.4.4, Policy Change Proposal Number:
5.4.5, 6.1.6, 6.5.1, and 6.7. 2009-02 and 2010-01, and
Treasury Change Proposal
2.3
April 15, 2010
James Schminky
Change proposal changes to As a result of FBCA Policy Change
8.1 and 8.4.
Proposal Number: 2010-02.
Changes Proposal Changes to As a result of FBCA PolicyChange
2.4
March 22, 2011
James Schminky
1.3.1.8, 3.1.1&.2, 3.1.5, Proposal Numbers; 2010-3 thru 8 3.2.3.1, 4.7, 6.1.5, 8.1, and and CPCA policy Change Proposal
9.4.3.
Number: 2011-1
Made changes to align the
Treasury CP with the Common
2.5
September 11,2012
Daniel Wood
Changes Proposal Changes to Policy Framework(CPF), removed
3.2.3.2 and 4.9.7
all reference to the acronym
"DoT" and replaced with the
name "Treasury".
Changes Proposal Changes to
2.6 October 15, 2012 Daniel Wood
1.2, 3.2.3.2, 6.1.5, 6.2.3,
Made changes to align the Treasury CP with the CPF,
6.2.4.2, and 6.2.8.
2.7
August 22, 2013
Fred AsomaniAtinkah
1.3, 1.3.1, 1.3.1.1, 1.3.1.2, 1.3.1.3, 1.3.1.4, 1.3.1.5, 1.5.2,
and 3.2.3.2.
Made changes to align the Treasury CP with the CPF,
2.8
March 26, 2015
Daniel Wood, Terry McBride
Clarified Treasury's dual role as Federal Legacy and SSP;
Provide capabilities to customers and baseline update as requested
Added PIV-I, role-based, and group certificates
by FPKIPA
UNCLASSIFIED
Version
Date
2.9 March 25, 2017
2.91 November 20, 2018 3 February28, 2019 3.1 October 30, 1,2019 3.2 December 15, 2020
March 29, 2021
3.3
- Not Signed
- Not Released
3.4
April 27, 2021
3.5 December 7, 2021
3.6 December 1, 2022
Author(s) Daniel Wood
Daniel Wood Daniel Wood Daniel Wood Daniel Wood
Daniel Wood Daniel Wood Daniel Wood
Daniel Wood
Description
Reason For Change
Adds PIV-I, andInternal PKI
OIDs, changed criteria for
suspension, definedthe PKI Program Team, added the
internal PKI addendum,
Changes to TreasuryPKI basedon user needs
changes to Common/Federal
CPs and editorial updates
Update based on TOCA Compliance Audit and Correct minor errors and maintain
introductionof the Fed Key compliance withFedPKI (through
Recovery Policyandother
2018-
Common and Federal Bridge
06)
policy changes
Updated based on Comments Maintain conformancewith FBCA
from BFS
CP
Updated Section5.8 withnew language to cover CA terminations
Maintain conformancewith Federal/Common CPs
Updates in sections:
Responses to audit findings,
1, 1.1.1, 1.2, 1.4.1, 2.2.1, annual review findings, change
4.4.2, 5.2.1, 5.2.1.1, 5.2.1.2, proposals, and for separation of
5.3.1, 5.3.2, 5.3.7, 5.4.2, Key Recovery roles from clearance
5.5.1, and 6.1.5
requirements on CA roles
Removed the "offline"
requirement on OLT Root CAs
in section 1.3.1.2 of
To allow for remote administration on an OLT Root CA,
Addendum 1.
and to define implementation
Added Addendum 2 ? policies on SSL/TLS certificates for
Implementation of PKI
HTTPS
Certificates on Treasury
Systems
Punctuation & spelling updates throughout
Final editing for signature & release
Rebuilt Doc to eliminate file
Remove OLT & certificate implementation Addendums (and
corruption & formatting references to them) to maintain in
issues, and updates in
separate policy doc; Improve
sections: 1, 1.1, 1.2, 1.3.4,
descriptions of DDS & Key
1.3.5, 4.6.6, 4.7.6, 4.8.6, 5.1.2, 5.2.1, 6.4.3, and
Addendums 1 & 2
Recovery roles; Improve cert publishing language; and remove unnecessaryrequirement on CMS
activation data
Updates in sections: 1.3.4, 5.1.1, 5.2.1.2, and
Appendix B
Response to Auditor recommendations and implementation of FBCA CP Change Proposal 2022-02
UNCLASSIFIED
Table of Contents
1. INTRODUCTION .................................................................................................................... 13 1.1 OVERVIEW ..................................................................................................................... 14 1.1.1 Certificate Policy (CP)............................................................................................... 14 1.1.2 Relationship between the DoT PKI CP and the Dot PKI CA CPSs ...................................... 14 1.1.3 Relationship between the DoT PKI CP and the FBCA and Other Entity CPs........................ 14 1.1.4 Scope .................................................................................................................... 15 1.1.5 Interaction with PKIs External to the Federal Government............................................. 16 1.2 DOCUMENT IDENTIFICATION............................................................................................ 16 1.3 PKI ENTITIES ................................................................................................................... 17 1.3.1 Treasury PKI Program Team...................................................................................... 17 1.3.2 Registration Authority.............................................................................................. 19 1.3.3 Subscribers............................................................................................................. 20 1.3.4 Key Recovery Authorities.......................................................................................... 20 1.3.5 Key Recovery Requestors ......................................................................................... 21 1.3.6 Relying Parties ........................................................................................................ 21 1.3.7 Other Participants ................................................................................................... 22 1.4 CERTIFICATE USAGE......................................................................................................... 22 1.4.1 Appropriate Certificate Uses ..................................................................................... 22 1.4.2 Prohibited Certificate Uses ....................................................................................... 24 1.5 POLICY ADMINISTRATION................................................................................................. 24 1.5.1 Organization Administering the Document.................................................................. 24 1.5.2 Contact Person ....................................................................................................... 24 1.5.3 Person Determining CPS Suitability for the Policy ......................................................... 24 1.5.4 CPS Approval Procedures ......................................................................................... 25 1.6 DEFINITIONS AND ACRONYMS .......................................................................................... 25
2. PUBLICATION AND REPOSITORY RESPONSIBILITIES .................................................................... 26 2.1 REPOSITORIES................................................................................................................. 26 2.2 PUBLICATION OF CERTIFICATION INFORMATION ................................................................. 26 2.2.1 Publication of Certificates and Certificate Status .......................................................... 26 2.2.2 Publication of CA Information ................................................................................... 27 2.2.3 Interoperability....................................................................................................... 27 2.3 FREQUENCY OF PUBLICATION........................................................................................... 27
4
UNCLASSIFIED
2.4 ACCESS CONTROLS ON REPOSITORIES................................................................................ 27 3. IDENTIFICATION AND AUTHENTICATION .................................................................................. 28
3.1 NAMING........................................................................................................................ 28 3.1.1 Types of Names ...................................................................................................... 28 3.1.2 Need for Names to Be Meaningful............................................................................. 32 3.1.3 Anonymity or Pseudonymity of Subscribers................................................................. 33 3.1.4 Rules for Interpreting Various Name Forms................................................................. 33 3.1.5 Uniqueness of Names .............................................................................................. 33 3.1.6 Recognition, Authentication, and Role of Trademarks................................................... 33
3.2 INITIAL IDENTITY VALIDATION........................................................................................... 33 3.2.1 Method to Prove Possession of Private Key................................................................. 34 3.2.2 Authentication of Organization Identity...................................................................... 34 3.2.3 Authentication of Individual Identity .......................................................................... 35 3.2.4 Non-verified Subscriber Information .......................................................................... 39 3.2.5 Validation of Authority............................................................................................. 39 3.2.6 Criteria for Interoperation ........................................................................................ 40
3.3 IDENTIFICATION AND AUTHENTICATION FOR RE-KEY REQUESTS ............................................ 40 3.3.1 Identification and Authentication for Routine Re-key.................................................... 40 3.3.2 Identification and Authentication for Re-key after Revocation ....................................... 42
3.4 IDENTIFICATION AND AUTHENTICATION FOR REVOCATION REQUEST..................................... 42 4. CERTIFICATE LIFE-CYCLE......................................................................................................... 43
4.1 APPLICATION.................................................................................................................. 43 4.1.1 Submission of Certificate Application ......................................................................... 43 4.1.2 Enrollment Process and Responsibilities ..................................................................... 43
4.2 CERTIFICATE APPLICATION PROCESSING............................................................................. 43 4.2.1 Performing Identification and Authentication Functions................................................ 43 4.2.2 Approval or Rejection of Certificate Applications ......................................................... 44 4.2.3 Time to Process Certificate Applications ..................................................................... 44
4.3 ISSUANCE....................................................................................................................... 45 4.3.1 CA Actions During Certificate Issuance........................................................................ 45 4.3.2 Notification to Subscriber of Certificate Issuance ......................................................... 45
4.4 ACCEPTANCE.................................................................................................................. 45 4.4.1 Conduct Constituting Certificate Acceptance............................................................... 45
5
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- department of the treasury united states secret service
- united states department of the treasury
- department of the treasury
- treasury department regulations governing practice before
- federal account symbols and titles
- fs form 4000 revised february 9 request to reissue united
- fs form 1048 claim for lost stolen or destroyed united
- department treasury united states department of the
Related searches
- united states department of education
- united states department of education we
- united states department of education website
- united states department of treasury
- united states department of energy
- united states department of finance
- united states department of education forms
- united states department of the treasury irs
- united states department of education accreditation
- united states department of insurance
- united states department of the treasury organization
- united states department of education student loans