- Established in 2003.
- Performs test and evaluations of the DOD PKI CAC issuance systems from an enterprise level all the way down to the component level.
- Provides formal testing on newly released Certification Authorities (CAs) or major upgrades to existing CAs.
- Provides testing and support on the Automated System Monitoring (ASM) delivered to JITC December 2004.
- Provide testing and support on the Robust Certificate Validation Services (RCVS) delivered to JITC in January 2005.
- Provide testing and support on the Coalition PKI delivered to JITC in October 2008.
The GDS JITC Arizona Test Lab core mission is to provide testing support to IA42 Directory Services Branch and its customers as part of DISA GDS Program via a lab that is an exact replica of the Defense Enterprise Computing Centers (DECC) deployed operational GDS system.
The GDS JITC Arizona Test Lab directly supports the GDS with operational configuration management and independent verification and validation testing of deploying GDS system and components.
JITC GDS provides NIPRNET based testing community an enterprise-wide PKI directory service that distributes Certificate Revocation Lists (CRL) and email public key encrypted certificates generated from the JITC PKI Project Management Office (PMO) test Certificate Authority (CA).
PUBLIC KEY-ENABLED (PKE) APPLICATION TESTING OVERVIEWApplications must be enabled to take advantage of the services a PKI offers. Without enabled applications, the infrastructure holds little value. It is essential that applications become enabled and utilize the infrastructure. However, enabling is a complicated task. Applications must be tested to ensure they are enabled correctly, and are interoperable with the DoD PKI. The DoD PKI PMO established the Joint Interoperability Test Command (JITC) DoD PKE Certification Lab as an independent testing facility to perform interoperability testing on PKE applications. It is DoD policy that enabled applications be tested to ensure interoperability and compatibility with the DoD PKI. The lab supports this policy through the interoperability certification process.
The certification process is based on a master test plan containing all DoD PKE requirements and associated tests. This plan is used as a guideline for testing individual applications. Each PKE application is different and takes advantage of various DoD PKI services; therefore all the DoD PKE requirements may or may not be applicable to every application. JITC works individually with each application to analyze and determine which of the requirements and corresponding tests apply.
PUBLIC KEY INFRASTRUCTURE (PKI) OVERVIEWThe JITC PKI enclave mirrors the configuration of the operational PKI enclaves at the Defense Enterprise Computer Centers (DECCs) in Oklahoma City, OK, and Chambersburg, PA. This allows testing, development, and training to occur in an environment separate from the operational infrastructure yet with the same functionality. All software used by DoD PKI is tested at JITC before being installed at the DECCs. Configuration Management of the JITC PKI enclave is coordinated with the PKI PMO.
Customers of the PKI lab include:
- Commercial and government developers testing their products.
- Services and agencies training system administrators and end users.
- JITC PKI test engineer performing application interoperability certification testing.
- Commercial vendors demonstrating their products' interoperability with the DoD PKI.
Test certificates start with the Sponsor Agency as indicated at the PKI/PKE Help website https://cyber.mil/pki-pke/help
Once you navigate to the website, click the link "Combatant Command/Service/Agency Registration Authority (RA) Operations Offices" (this list is towards the bottom of the page).
The intent is for the Sponsor Agency of the product/test be the entity issuing the test certificate. This ensures a valid requirement exists for that particular test. The JITC PKI/PKE lab can provide services to users who do not have access to a Service or Agency RA. Questions about each Agency RA process should be directed to that Agency (emails and phone numbers are available on the website)."