Federal Public Key Infrastructure Policy Authority (FPKIPA)
The FPKIPA serves the interest of U.S. Federal Government organizations as relying parties and promotes interoperability between federal and non-federal entities by:
- Setting policy governing the FPKI Trust Infrastructure;
- Approving applicants for cross certification with the FBCA; and
- Providing oversight to the Certified PKI Shared Service Provider (SSP) Program.
- Approve Policies and Practices – Approve Federal Bridge Certification Authority (FBCA) and Federal Common Policy Certification Authority Certificate Policies (CPs), including revisions; approve FPKI Trust Infrastructure Certification Practice Statements.
- Approve Entity Cross-Certification – Establish and administer criteria and methodology for cross-certification with the FBCA; approve cross-certifications and execute Memoranda of Agreement (MOAs); maintain the FPKI Certification Applicant Requirements and the Common Policy CPS Evaluation Matrix.
- Maintain Compliance – Ensure cross-certified entities are compatible with the FBCA CP (or the FCPCA CP for Federal Legacy CAs).
- Agreement with FPKI Management Authority – Oversee the FPKI Management Authority (FPKIMA) to issue and revoke cross-certificates, ensure adherence to the FPKI CPs, and provide documentation to be archived.
- Interoperability Practices – Coordinate legal, policy, technical, and business practices and issues related to FPKI Trust Infrastructure.
Members are appointed by each federal agency’s CIO, and the group operates under the authority of the Federal CIO Council through the Information Security and Identity Management Committee (ISIMC) and the Identity, Credential, and Access Management Subcommittee (ICAMSC). See the FPKIPA Charter (PDF, February 2015) for information on membership requirements, voting rights, etc.
The following working groups support the work of the FPKIPA.
- FPKI Certificate Policy Working Group (CPWG)
- FPKI Shared Service Provider Working Group (SSPWG)
- FPKI Technical Working Group (TWG)
The FPKIPA meets in the morning on the second Tuesday of each month. Notes from past meetings will be listed here as they become available.
Incident Management Plan
This document provides guidance for FPKIPA and FPKIMA members and affiliates on roles and responsibilities in the event of an incident, and incident reporting and response.
- FPKI Incident Management Plan (PDF, September 2020)
- Non-Compliance Management Framework For The Federal Public Key Infrastructure (FPKI) (PDF, January 2016)
Page Reviewed/Updated: December 2, 2020