DoD Seal DISA Seal JITC Seal
JITC PUBLIC KEY INFRASTRUCTURE (PKI)
DoD PKI INTERAGENCY / PARTNER INTEROPERABILITY TESTING
Updated: 8/24/2017 12:49:09 PM
OVERVIEW

Secure information sharing between the Department of Defense (DoD) and its external partners requires Public Key Infrastructure (PKI) interoperability. Like the DoD, many Federal Agencies and DoD partners have implemented a PKI to secure their applications and networks. In the past, these external PKIs were designed to operate independently. Internal policies, technical challenges and vendor selection have all contributed to these different identity management and information protection solutions.

Homeland Security Presidential Directive (HSPD)-12, Federal Information Processing Standards (FIPS)-201, and the Federal Bridge Certificate Authority (FBCA) have been implemented to synchronize identity management and information protection across the federal government. These initiatives aid the federal government and private industry in building PKI-based solutions that interoperate moving forward.

As deployed PKIs transition to full compliance, the need to share information cannot wait. Legacy PKIs in the near term will have to interoperate with PKIs that fall in line with the FBCA. The DoD is currently evaluating these external PKIs for implementation on DoD systems. Per DoD CIO Memo, SUBJECT: Approval of External Public Key Infrastructures, the DoD PKI Program Management Office (PMO), the DoD Public Key Enabling (PKE) Team and the DoD External Interoperability Working Group will be responsible for interoperability testing and approval.

SUBMITTING CERTIFICATES FOR TESTING

The DoD test team must obtain the following test materials from the intended partner:

When submitting certificates to JITC via email, certificates should be placed in to separate folders, the trust chain in one folder labeled “Trust Chain” followed by the user certificates in another folder labeled “User Certificates”. Both folders should then be compressed into a single ZIP file with the extension “.txt” added to the end (Example: Certificate_Package.zip.txt) to prevent our email filter from stripping your attachment off the email.

Each end-user certificate should be labeled with the usage and the revocation status for that particular certificate. For example, the following name conventions should be utilized for a certificate that will be used for E-mail signing and Smart Card Logon:

Completed packages should be sent via a digitally signed e-mail to disa.jitc.pke@mail.mil

PROCEDURE

DoD External Interoperability Plan, version 1.0 specifies the process by which an external PKI can be approved to interoperate with the DoD PKI. The process differs according to the classification of the external PKI:

The interoperability testing phase of this process is conducted by the Joint Interoperability Test Command PKE Lab according to the DoD PKI Interoperability Test Plan, verison 2.0. Two key trust models are tested:

EXTERNAL PKI TESTING STATUS

The following table contains information on external PKIs that have completed interoperability testing with the DoD PKI.

More detailed information can be found at http://iase.disa.mil/pki-pke/interoperability/index.html.

Test Status Color Codes
Not Tested Test In Progress Test Complete Not Interoperable Interoperable
This trust model was not tested. Testing is in progress. Testing is complete. External PKI is non-interoperable

using this trust model.
External PKI is interoperable

using this trust model.



External PKI PKI Category Federal Bridge Relationship Date Certified Direct Trust Model Cross Certified Trust Model
SHA-1 SHA-256 SHA-1 SHA-256
Australian Defence Organisation (ADO) NIPRNet Category III Member through CCEB 03/2013 Interoperable Not Tested Interoperable Not Tested
Australian Defence Organisation (ADO) SIPRNet Category III Memeber through CCEB 06/2013 Interoperable Not Tested Interoperable Not Tested
Boeing Medium Assurance Domain Category II CertiPath Bridge Member 07/2013 Interoperable Not Tested Interoperable Not Tested
Booz Allen Hamilton Inc. Category II Member through Symantec NFI 12/2012 Interoperable Interoperable Interoperable Not Tested
Canada Department of National Defence (DND) SIPRNet Category III Member through CCEB 11/2013 Interoperable Not Tested Interoperable Not Tested
Carillon Federal Services PKI Category II Federal Bridge Member 10/2016 Not Tested Interoperable Not Tested Interoperable
Carillon Federal Services PKI Category II CertiPath Bridge Member 12/2015 Not Tested Interoperable Not Tested Interoperable
Cassidian Communications Category II CertiPath Bridge Member 06/2014 Not Tested Interoperable Not Tested Interoperable
Computer Sciences Corp Category II Member through Symantec NFI 01/2013 Not Tested Interoperable Not Tested Interoperable
CSRA Category II Member through Symantec NFI 07/2016 Not Tested Interoperable Not Tested Interoperable
Department of Energy Category I Member through Entrust SSP 02/2010 Interoperable Interoperable Not Tested Not Tested
Department of Homeland Security Category I Member through U.S. Treasury SSP 03/2009 Interoperable Interoperable Not Tested Not Tested
Department of Justice Category I Member through Entrust SSP 09/2008 Interoperable Interoperable Not Tested Not Tested
Department of State Category I Federal Bridge Member 06/2011 Interoperable Interoperable Not Tested Not Tested
Department of Transportation Category I Member through Symantec SSP 11/2008 Interoperable Interoperable Not Tested Not Tested
Department of Treasury Category I Federal Bridge Member 12/2008 Interoperable Interoperable Not Tested Not Tested
Department of Veterans Affairs Category I Federal Bridge Member 10/2011 Not Tested Interoperable Not Tested Not Tested
Eid Passport RAPIDGate Premier CA Category II Member through Symantec NFI 08/2014 Not Tested Interoperable Not Tested Interoperable
Eid Passport RAPIDGate PIV-I CA Category II Member through Symantec NFI 10/2013 Not Tested Interoperable Not Tested Interoperable
Entrust Shared Services Provider SSP Category I Federal Bridge Member 01/2016 Not Tested Interoperable Not Tested Interoperable
Environmental Protection Agency Category I Member through ORC SSP 12/2008 Interoperable Interoperable Not Tested Not Tested
Exostar SHA-256 Category II Federal Bridge Member 04/2014 Not Tested Interoperable Not Tested Interoperable
Federal Aviation Administration Category I Member through Symantec SSP 05/2009 Interoperable Interoperable Not Tested Not Tested
General Services Administration Managed Service Office Category I Member through Entrust SSP 05/2011 Interoperable Interoperable Not Tested Not Tested
IdenTrust ECA DoD Sponsored Member through DoD 12/2014 Interoperable Not Tested Interoperable Not Tested
IdenTrust NFI Category II Federal Bridge Member 03/2016 Not Tested Interoperable Not Tested Interoperable
Human Health Services Category I Member through Entrust SSP 11/2013 Not Tested Interoperable Not Tested Interoperable
Lockheed Martin Category II Certipath Bridge Member 08/2017 Interoperable Interoperable Interoperable Interoperable
Lockheed Martin (Non-Production)
* Encryption Certificate not certified
Category II TSCP Bridge Member 08/2015 Interoperable Not Tested Interoperable Not Tested
Lockheed Martin (Production)
* Encryption Certificate not certified
Category II TSCP Bridge Member 04/2016 Not Tested Interoperable Not Tested Interoperable
National Aeronautics and Space Administration Category I Member through U.S. Treasury SSP 03/2009 Interoperable Interoperable Not Tested Not Tested
National Institute of Standards and Technology Category I Member through Entrust SSP 02/2009 Interoperable Interoperable Not Tested Not Tested
Netherlands Ministry PKI Category II Certipath Bridge Member 09/2012 Not Tested Interoperable Not Tested Not Tested
Northrop Grumman Corporation Category II Certipath Bridge Member 06/2013 Interoperable Not Tested Interoperable Not Tested
Northrop Grumman Corporation
(Non-Production)
Category II TSCP Bridge Member 08/2015 Not Tested Interoperable Not Tested Interoperable
Nuclear Regulatory Commission (NRC) Category I Member through Symantec SSP 04/2015 Not Tested Interoperable Not Tested Interoperable
Operational Research Consultants ECA DoD Sponsored Member through DoD 06/2014 Interoperable Not Tested Interoperable Not Tested
Operational Research Consultants ECA 6 PIV-I DoD Sponsored Member through DoD 01/2016 Not Tested Interoperable Not Tested Interoperable
Operational Research Consultants Non-Federal Issuer CA 3 Category II Federal Bridge Member 06/2016 Not Tested Interoperable Not Tested Interoperable
Operational Research Consultants Non-Federal Issuer CA 2 Category II Federal Bridge Member 03/2012 Not Tested Interoperable Not Tested Interoperable
Operational Research Consultants Shared Services Provider (SSP) 3 Category I Federal Bridge Membership 07/2014 Not Tested Interoperable Not Tested Interoperable
Operational Research Consultants Shared Services Provider (SSP) 4 Category I Federal Bridge Membership Pending Not Tested Testing is in Progress Not Tested Testing is in Progress
Raytheon Category II Certipath Bridge Member 08/2015 Interoperable Interoperable Interoperable Interoperable
Social Security Administration Category I Member through U.S. Treasury SSP 01/2009 Interoperable Interoperable Not Tested Not Tested
SureID Inc. Category II Member through Symantec NFI 03/2017 Not Tested Interoperable Not Tested Interoperable
Symantec ECA DoD Sponsored Member through DoD 06/2014 Interoperable Not Tested Interoperable Not Tested
Verizon Non-Federal Issuer Category II Federal Bridge Member 07/2011 Not Tested Interoperable Not Tested Not Tested

Top of Page