Trustmark Definition (TD):
FPKI PIV-I Certified

Metadata


Identifierhttps://trustmark.gtri.gatech.edu/operational-pilot/trustmark-definitions/fpki-pivi-certified/1.0/
NameFPKI PIV-I Certified
Version1.0
Publication Date2015-06-19
Trustmark Defining Organization
Identifierhttps://trustmark.gtri.gatech.edu/
NameGeorgia Tech Research Institute
PRIMARY Contact
EmailTrustmarkFeedback@gtri.gatech.edu
Telephone404-407-8956
Mailing Address75 5th Street NW, Suite 900, Atlanta, GA 30308
DescriptionThis Trustmark Definition defines a Trustmark that verifies an organization's PIV-I CA has been certified by the Federal Public Key Infrastructure (FPKI) Policy Authority. This may not be a direct certification, but a chain of trust must be traceable to the FPKI Police Authority.
Target StakeholdersThe PIV-I Community and relying parties of PIV-I cards.
Target RecipientsOrganizations that operate a PIV-I CA that is cross certified with the FPKI.
Target Relying PartiesOrganizations that wish to trust organizations operating PIV-I CAs.
Target ProvidersAny organization that is capable of verifying a chain of trust.
Provider CriteriaAny organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
Assessor QualificationsAny individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
Trustmark Revocation CriteriaFor any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
Extension DescriptionThis Trustmark Definition requires no extension data.
Legal NoticeThis document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
NotesThe Georgia Tech Research Institute (GTRI) has published this document with the support of the National Strategy for Trusted Identities in Cyberspace (NSTIC) via the National Institute of Standards and Technology (NIST). The views expressed herein do not necessarily reflect the official policies of GTRI, NIST or NSTIC; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria (1)


1: FPKI-Certified

An organization that has been certified by the FPKI is published to the Approved PIV-I Entities site.

Citation(s)

Assessment Steps (1)


Assessment Steps

1: PIVI-Approved (PIVI_Approved)

Has the organization been approved by the FPKI CA (or bridged to the FPKI CA with a navigatable trust chain)? Be sure to review this site: http://www.idmanagement.gov/approved-piv-i-entities and provide all certs involved in the trust chain if the certification is not direct.

Required Artifact(s)
  • FPKI-Certification

    Provide evidence of their FPKI Certification (including all certs in the chain as required).

Issuance Criteria


yes(ALL)

Sources (1)


Terms (5)


Attribute Provider Organization ( APO )

An identity federation member organization that vets and collects specific attributes about individuals, maintains those attributes in an accurate and timely manner, and provides those attributes to other organizations in the identity federation as needed, subject to applicable attribute release and privacy policies, for access control and auditing purposes. An APO operates one or more Attribute Provider (AP) software entities in an identity federation.

Identity Provider Organization ( IDPO )

An identity federation member organization that vets individuals, collects attributes about these individuals, and maintains those attributes in an accurate and timely manner. The IDPO operates one or more Identity Provider (IDP) entities, and may also operate one or more SAML Assertion Delegate Service (ADS) entities, in an identity federation.

Service Provider Organization ( SPO )

An identity federation member organization that operates one or more SAML Service Provider (SP) and/or Web Service Provider (WSP) software entities in an identity federation.

Personal Identity Verification Interoperable ( PIV-I )

PIV-I Cards are popular way of performing high level of assurance authentication of users. The cards have strongly protected crypto devices and can perform strong authentication of a user.

Federal Public Key Infrastructure Policy Authority ( FPKIPA )

The Federal Public Key Infrastructure (FPKI) Policy Authority is an inter-agency body set up under the CIO Council to enforce digital certificate standards for trusted identity authentication across the federal agencies and between federal agencies and outside bodies, such as universities, state and local governments and commercial entities.