Federal PKI Certification Authorities Audit Information

Federal PKI Certification Authorities Annual Review Information

This page contains information to help auditors assess Certification Authorities operated as part of the Federal PKI. This page also contains the annual audit reports to help the general public understand how the Federal PKI Management Authority (FPKIMA) provides trusted PKI and CA operations.

Annual Review Requirements for all Certification Authorities

Independent compliance audits are the primary way that the Federal Public Key Infrastructure Policy Authority (FPKIPA) ensures that Certification Authorities participating in the Federal PKI comply with the requirements identified in the appropriate Certificate Policies (CPs). Audits are an important component of the Annual Review Requirements.

Audits are required annually for Certification Authorities.  Annual review packages should be submitted to fpki@gsa.gov.

Annual Review Schedule

Entity Type Annual Review Package
Due Date (2018)
Access Certificates for Electronic Services (ACES) Program Affiliate PKI Sep 30
CertiPath Bridge Jun 30
Drug Enforcement Agency (DEA) Trust Partner Sep 30
Digicert Affiliate PKI May 31
Digicert (Includes Symantec Non-Federal Issuer [NFI]) Affiliate PKI May 31
Digicert (Includes Symantec Shared Service Provider [SSP]) SSP May 31
Department of Defense (DoD) Affiliate PKI Aug 30
Department of State (DOS) Affiliate PKI Apr 30
Department of the Treasury Affiliate PKI May 31
Department of the Treasury SSP SSP May 31
Entrust NFI Affiliate PKI Nov 22
Entrust Federal SSP SSP Nov 22
Exostar Affiliate PKI Apr 30
Government Publishing Office (GPO) Affiliate PKI Oct 31
Identrust NFI Affiliate PKI Aug 31
Patent and Trademark Office (PTO) Affiliate PKI Oct 31
SAFE BioPharma Bridge Oct 31
Southwest Texas Regional Advisory Council (STRAC) Bridge Nov 30
Transglobal Secure Collaboration Program (TSCP) Bridge Apr 30
Verizon NFI Affiliate PKI July 31
Verizon SSP SSP July 31
Wide Point NFI Affiliate PKI Apr 30
Wide Point SSP SSP Apr 30

Audit Information for the Federal PKI Management Authority

This section contains information on Audits performed on the Federal Common Policy Certification Authority and the Federal Bridge Certification Authority.

The Federal Common Policy Certification Authority operates in compliance with the Federal Common Certificate Policy. The Federal Bridge Certificate Authority (FBCA) operates in compliance with the Federal Bridge Certificate Policy.

The Certificate Policies may be found on the Federal PKI page.  The associated Certification Practice Statement (CPS) documents the operational practices required to ensure trusted operations.

Reporting Incidents

If you need to report a security incident involving the Federal PKI, please contact us.

Page Reviewed/Updated:  February 6, 2018