A certification authority is a system that issues digital certificates. These digital certificates are based on cryptography and follow the X.509 standards defined for information security.

The Federal PKI (FPKI) is a network of certification authorities (CAs) that are either root, intermediate, or issuing CAs.

Any CA in the FPKI may be referred to as a Federal PKI CA. The two highest level CAs in the FPKI hierarchy are the FPKI Trust Infrastructure CAs, which are operated and managed by the Federal PKI Management Authority (FPKIMA) Program Office:

The FCPCA serves as the root and trust anchor for the intermediate and issuing CAs operated by:

Federal Government Executive Branch Agencies

Public trust for websites A new effort is in the planning stages to establish another Federal Government root and issuing CAs dedicated to Public Trust Transport Layer Security (TLS) device certificates. Follow or contribute to the development of the Federal Government's new certificate policy for this Public Trust effort at https://github.com/uspki/policies

Federal Common Policy Certification Authority

The Federal Common Policy CA may be referred to as the FCPCA, or as COMMON in documents. As the FPKI root and trust anchor for the Federal Government, the FCPCA supports government person trust and and a small number of agency intranet enterprise devices, including Personal Identity Verification (PIV) credentials. The FCPCA’s design enables any certificate issued by any FPKI CA to validate its certificate path to a single root CA.

A few commercial vendors include the FCPCA root certificate in the commercial-off-the-shelf (COTS) products’ Trust Stores. This enables Federal Government systems to trust person and enterprise device certificates issued by FPKI CAs. It is possible to add the FCPCA root certificate to trust stores for government-managed devices and servers, if it’s not available by default.

The FCPCA root certificate is included in the trust stores for some platforms such as Microsoft and Adobe. Other platforms, such as Mozilla and Apple, do not include the FCPCA by default.

Federal Bridge Certification Authority

The FBCA is the Federal Bridge CA 2016 or the new Federal Bridge CA G4

The FBCA is a PKI Bridge or link between the FCPCA and other CAs that comprise the FPKI network and that may operate under comparable but different certificate policies.

The FBCA provides a means to map these certificate policies and CAs and allow certificates to validate to the FCPCA root certificate.

The CAs with certificates signed by the Federal Bridge CA 2016 or Federal Bridge CA G4 are cross-certified. These CAs have established a trust relationship with the FPKI and are audited annually for conformance to the certificate policies. This cross-certification process has extended the reach of the FPKI well beyond the boundaries of the Federal Government.

All Federal PKI Certification Authorities

A CA that is part of the FPKI is called a participating certification authority. Over a hundred participating CAs form the FPKI network.

For historical records, we might label or identify CA systems using a category that shows when the system was established and for what types of communities it is or was used.

We realize all the acronyms and labels may be confusing and welcome your input to help us improve, add information over time, and simplify where needed.