Trust Services

Trust Services

This page is for agencies to view the current service providers that have an identity federation agreement with the U.S. Government.

The services provided rely upon a level of trust to be established with the U.S. Government. This trust is managed through legal agreements; technology agreements; and regular auditing of the services, procedures, and practices. These agreements and audits are managed by the Federal Public Key Infrastructure (FPKI) or Trust Framework Services (TFS) initiatives.

If you are looking for a list of all possible Certification Authorities in the FPKI, please review the FPKI Graph:

  • Federal PKI Graph – Includes government agencies and commercial entities that may operate their own services.

Overview

Trust Services providers offer services related to identity and credentialing of persons and operate within identity federations. These provider services specifically include:

  • Issuing and managing person identity and device identity certificates using PKI.
  • Issuing and managing person identity credentials for PIV and Common Access Card (CAC) hardware credentials that are tied to PKI.
  • Issuing and managing person identity credentials using other identity federation technologies. (For example, a person may be identity-proofed, have an account in the service, and use one-time password credentials to authenticate.)

We’ve categorized the service providers by type of identity and credential and what population is served:

  • Government Identity and Credentials – This covers the FPKI Shared Service Providers (SSPs)
  • Business Identity and Credentials – This covers PIV-Interoperable (PIV-I), other PKI certificates, and non-PKI
  • Consumer Identity and Credentials – This covers non-PKI

Government Identity and Credentials

These organizations operate as Federal PKI Shared Service Providers (SSPs) for federal agencies. All organizations operate Certification Authorities, are audited, and have and maintain a FISMA Authority To Operate (ATO).

All of the Certification Authorities operated by these Federal PKI SSPs issue certificates for:

  • Person identity, including for PIV credentials

A subset of the Federal PKI SSPs also issue and manage:

  • Government enterprise device certificates

Information on publicly trusted device certificates used for TLS (HTTPS) on the internet, and recommendations on government configurations and which PKI providers / Certification Authorities to use can be found at the HTTPS Guidance site.

Organization Customer Service Tech Support Authority To Operate
Department of the Treasury Daniel Wood
(202) 622-5144
Joe Gribble
(304) 480-7608
View Authority to Operate (ATO) (PDF, October 2017)
DigiCert Federal Shared Service Providers (Formerly Symantec) Kris Singh
(801) 701-9642
Ben Wilson
(801) 701-9678
View Authority to Operate (ATO) (PDF, December 2016)
Entrust Federal Shared Service Provider Dan Miller
(703) 346-1164
Bryan Rosensteel
(202) 277-6082
View Authority to Operate (ATO) (PDF, July 2017)
Verizon Business Federal Shared Service Provider Neil van Duinen
(571) 206-2316
Russ Weiser
(801) 631-1685
View Authority to Operate (ATO) (PDF, June 2015)
Widepoint Federal Shared Service Provider Jim Manchester

(800) 816-5548
pkipolicy@orc.com

Adam Jones

(800) 816-5548
pkipolicy@orc.com

View Authority to Operate (ATO) (PDF, August 2015)

Business Identity and Credentials

These organizations operate services for persons who are affiliated with a business, State, Local, Tribal, Territorial, or non-profit. For the PKI credentials, these are often used by a business person to digitally sign documents with the U.S. Government as a business representative or to authenticate to a small number of government applications.

For each, we identify whether the services include:

  • Person identity using PKI, including PIV-I credentials
  • Person identity using PKI for business-to-government digital signatures
  • Person identity using non-PKI federation technologies

Information on publicly trusted device certificates used for TLS (HTTPS) on the internet, and recommendations on government configurations and which PKI providers / Certification Authorities to use can be found at the HTTPS Guidance site.

Organization Customer Service Tech Support Type of Person Identity Credentials
Carillon Information Security Marc St-Jacques
(844) 754-7484 x125
Marc St-Jacques
(844) 754-7484 x125
PIV-I Credentials
Digicert Kris Singh
(801) 701-9642
Ben Wilson
(801) 701-9678
Other PKI Credentials
Entrust Dan Miller
(703) 346-1164
Bryan Rosensteel
(202) 277-6082
PIV-I Credentials
Other PKI Credentials
Exostar Tim Zullo
(703) 793-7733
(703) 793-7800
Open a case online
Other PKI Credentials
Foundation for Trusted Identity (FTI) Kenneth Boley
(210) 704-1650
Sam Dibrell, Jr.
(210) 704-1650
PIV-I Credentials
IdenTrust Jerry Cox
(801) 384-3534
Helpdesk@
IdenTrust.com
(888) 882-1104
PIV-I Credentials
ACES Credentials
Other PKI Credentials
InCommon affiliated Universities
(hundreds of organizations)
admin@incommon.
org
admin@incommon.
org
Non-PKI
InCommon Bronze and Silver
NextgenID Dario Berini
(703) 929-5543
Keith Sheridan
(703) 615-1697
PIV-I Credentials
Other PKI Credentials
Fortior Solutions Tony Schroeder
(503) 924-5338
David Byrum
(503) 924-5236
PIV-I Credentials
Widepoint Jim Manchester

(800) 816-5548
pkipolicy@orc.com

Adam Jones

(800) 816-5548
pkipolicy@orc.com

PIV-I Credentials
Other PKI Credentials

**NOTE** GSA Access Certificates for Electronic Services (ACES) credentials are deprecated starting August 1, 2018. For more information, see the GSA ACES Sunset FAQ Sheet or email the GSA ACES Program at GSA-ACES@GSA.gov.

Consumer Identity and Credentials

These organizations operate services for consumers—persons acting on their own behalf and not affiliated with a business, the U.S. Government, or an organization. You use these services by integrating and using a federation protocol. The U.S. Government allows three protocols to be used:  PKI, Security Assertion Markup Language (SAML), and Open ID Connect.

Each service is identified by the protocol that it supports and the NIST Special Publication (SP) 800-63 level of assurance.

Organization Customer Service Tech Support Federation Technology and Level of Assurance
Google SAML
Level of Assurance 1
ID.me Blake Hall
(703) 992-8380
Blake Hall
(703) 992-8380
SAML
Level of Assurance 1
Level of Assurance 2
Level of Assurance 3
United States Postal Service Jeff Tackes
(202) 268-6312
Jeff Tackes
(202) 268-6312
SAML
Level of Assurance 1
Level of Assurance 2
USAA Bill Wright
(210) 456-4752
Bill Wright
(210) 456-4752
SAML
Level of Assurance 2
Level of Assurance 3
Zentry
A Synchronoss Venture
Jose Lopez
(790) 191-5581
Jose Lopez
(790) 191-5581
SAML
Level of Assurance 1
Level of Assurance 2
Level of Assurance 3

Trust and Auditing of Services

The FPKI and Trust Framework Solutions (TFS) program reviews the trust frameworks of commercial and non-profit organizations to determine whether the policies, processes, legal agreements, privacy protections, security controls, and audit requirements are comparable with the U.S. Government requirements. If comparable, the commercial and non-profit organizations that manage their communities’ trust frameworks become adopted Trust Framework Providers.

The Trust Frameworks do not manage identities or credentials for their community of interest directly. Services that are certified and audited by the Trust Frameworks provide the federated identity and credentials. These services are listed above in different categories.

Services operating within these Trust Frameworks may be used by U.S. Government applications if the service and the demographics are appropriate for the mission. The U.S. Government applications have performed a risk assessment based on security requirements, the Risk Management Framework, and NIST SP 800-63. If the non-government service is acceptable for the mission purpose and has the same risk rating, it may be used.

Each Trust Framework is identified by the category of federation technology and the primary communities served. To apply to be a certified Trust Framework, please review the Federal Government’s requirements:

And fill out the application contained in this document:

Trust Frameworks Customer Service Tech Support Type Community
CertiPath Judith Spencer
(301) 974-4227
support@certipath.com
(855) 758-0075
PKI Bridge Aerospace and Defense
International
InCommon admin@incommon.org admin@incommon.org Non-PKI Higher Education
Kantara Ruth Puente
ruth@kantarainitiative.org
Ruth Puente
ruth@kantarainitiative.org
Non-PKI General
National Identity
Exchange Foundation (NIEF)
John Wandelt
john.wandelt@gtri.gatech.edu
John Wandelt
john.wandelt@gtri.gatech.edu
Non-PKI Law Enforcement
SAFE-BioPharma Matt King
(410) 271-5624
David Simonetti
dsimonetti@safe-biopharma.org
PKI Bridge
Non-PKI
Healthcare
International
STRAC Eric Epley
(210) 233-5850
Ryan Ahlfors
(210) 233-5850
PKI Bridge State and Local
TSCP, Inc. Shauna Russell
(202) 769-9114
Steve Race
(703) 980-8915
PKI Bridge Aerospace and Defense
International

Page Reviewed/Updated:  June 29 2018