JITC

JOINT INTEROPERABILITY TEST COMMAND

Seal of DoD Seal of DISA Seal of JITC
JITC PUBLIC KEY INFRASTRUCTURE (PKI)
DoD PKI COMBINED COMMUNICATIONS ELECTRONICS BOARD (CCEB) / PARTNER INTEROPERABILITY TESTING
Updated: 2/10/2021 2:50:01 PM
OVERVIEW

The Combined Communications-Electronics Board (CCEB) is a five-nation joint military communications-electronics (C-E) organization whose mission is the coordination of any military C-E matter that is referred to it by a member nation. The member nations of the CCEB are Australia, Canada, New Zealand, the United Kingdom and the United States of America. Secure information sharing between the Department of Defense (DoD) and its CCEB partners requires Public Key Infrastructure (PKI) interoperability. Like the DoD, many CCEB partners have implemented a PKI to secure their applications and networks. In the past, these countries' PKIs were designed to operate independently, but internal policies, technical challenges and vendor selection have all contributed to these different identity management and information protection solutions.

U.S. DoD CCEB Interoperability Root Certificate Authority (USDODCCEBRCA) has been implemented to synchronize identity management and information protection across the CCEB Partners. These initiatives aid the DoD and its CCEB partners in building PKI based solutions that interoperate moving forward.

As deployed PKIs transition to full compliance, the need to share information cannot wait. Legacy PKIs in the near term will have to interoperate with PKIs that fall in line with the Federal Bridge Certificate Authority (FBCA). The DoD is currently evaluating these external PKIs for implementation on DoD systems.

Department of Defense (DOD) Public Key Infrastructure (PKI) Combined Communications Electronic Board (CCEB) Partner PKI Interoperability Test Plan, version 1.0 specifies the process by which a CCEB PKI Partner can be approved to interoperate with the U.S. DoD PKI. Both Production and Non-production certificates were used in testing CCEB partner PKIs.

The interoperability testing phase of this process is conducted by the Joint Interoperability Test Command PKE Lab according to the Department of Defense (DOD) Public Key Infrastructure (PKI) Combined Communications Electronic Board (CCEB) Partner PKI Interoperability Test Plan, version 1.0. Three key trust models are tested:

  • Direct Trust Model - The DoD PKE test application will be required to trust the root certificate of the target PKI and have access to its revocation information in order to determine the validity of the target PKI's certificates.

  • Cross Certificate Trust Model - The DoD PKI and the target PKI will each issue a certificate to a Certification Authority (CA) in the other PKI, or a third party CA trusted by both, creating a cross-certificate pair or pairs providing bi-directional trust. Trust can also be one-way if only one CA signs a certificate for the other CA.

  • Functional Testing - DoD PKE will require the target PKI to successfully interoperate with DoD systems to include web servers and email clients to verify that certificate revocation information can be obtained by these types of DoD systems.
CCEB PARTNER PKI TESTING STATUS

The following table contains information on CCEB Partner PKIs that have completed interoperability testing with the DoD PKI.

More detailed information can be found at https://iase.disa.mil/pki-pke/interoperability/index.html.


Test Status Color Codes
Not Tested
Test In Progress
Test Complete
Not Interoperable
Interoperable
This trust model was not tested.
Testing is in progress.
Testing is complete.
External PKI is non-interoperable

using this trust model.
External PKI is interoperable

using this trust model.


CCEB Partner PKI Root CA PKI Type Date Tested Direct Trust Model Cross Certified Trust Model
SHA-1 SHA-256 SHA-1 SHA-256
Australian Defence Organisation (ADO) Australian Defence Public Root CA Non-Production (NIPRNet) 05/2017 Not Tested Interoperable Not Tested Interoperable
Australian Defence Organisation (ADO) Australian Defence Public Root CA Production (SIPRNet) 01/2018 Not Tested Interoperable Not Tested Interoperable
Australian Defence Organisation (ADO) ADOCA02 Non-Production (NIPRNet) 03/2013 Interoperable Not Tested Interoperable Not Tested
Australian Defence Organisation (ADO) ADOCA02 Production (NIPRNet) 06/2013 Interoperable Not Tested Interoperable Not Tested
Australian Defence Organisation (ADO) ADOCA02 Non-Production (SIPRNet) 03/2014 Interoperable Not Tested Interoperable Not Tested
Australian Defence Organisation (ADO) ADOCA05 Non-Production (SIPRNet) 06/2016 Not Tested Interoperable Not Tested Interoperable
Canada Department of National Defence (DND) DND SinteropCA-MDN Non-Production (SIPRNet) 02/2015 Not Tested Interoperable Not Tested Interoperable
Canada Department of National Defence (DND) DND SinteropCA-MDN Non-Production (SIPRNet) 11/2013 Interoperable Not Tested Interoperable Not Tested
New Zealand Defence Force (NZDF) NZDFCA001 Non-Production (SIPRNet) 09/2017 Not Tested Interoperable Not Tested Interoperable

Top of Page

DISA / JITC 2023