DoD PKI Certificate Policy Management Working Group
Charter

I. Background and Purpose
II. Mission
III. Membership
IV. Roles and Responsibilities
V. Resources

I. Background and Purpose

The DoD PKI Steering Committee was created to provide guidance to DoD agencies, and executive agents concerning issues related to the development of a DoD public key infrastructure. To complete this mission, the DoD PKI Steering Committee chartered three standing working groups which will provide expert advice to the Steering Committee and provide the Steering Committee with recommended actions and tools for addressing technical, business application, and certificate policy questions. This charter establishes the DoD Certificate Policy Management Working Group (CPMWG).

back to top

II. Mission

The DoD CPMWG will advise the DoD PKI Steering Committee to ensure that the DoD Certificate Policies are appropriate to the needs of the Department, and evolve to meet new operational and technical developments, and will advise the DoD PKI Steering Committee on matters regarding certificate policy interpretation and enforcement. The CPMWG will interact and work in cooperation with the DoD PKI Technical Working Group, and Business Working Group. It is understood that interactions between the CPMWG and the other two working groups will include informational exchanges on crosscutting issues, requests for comments, and general research activities. Any CPMWG activities that result in the need for major project action from the other two working groups will be coordinated through the DoD PKI Steering Committee Chair, and as determined by the Chair, presented to the DoD PKI Steering Committee for approval. Final recommendations of the DoD CPMWG to the DoD PKI Steering Committee will be determined by consensus of the voting members present during the time of vote. Other positions presented will be identified.

back to top

III. Membership

The following organizations shall be represented on the CPMWG: NSA, DISA, the Intelligence Community, General Counsel, CINCs, Services, and agencies, Office of the Joint Staff, Office of the DoD Chief Information Officer and other organizations as the DoD PKI Steering Committee may direct. When appropriate, Contractors may attend and participate in the discussions of the CPMWG when directly supporting member organizations, but will not have voting rights.

The DoD PKI Steering Committee may offer membership to any DoD agency who is actively involved in DoD PKI initiatives, and may also remove membership. Representatives of nongovernmental agencies or private companies actively involved in PKI initiatives may attend and participate in the discussions of the CPMWG at the invitation of a Chairman, but may not vote on decisions or recommendations of the CPMWG. To avoid the release of sensitive information or any appearance of conflict of interest or preferential treatment, the members of the CPMWG shall be informed of the presence of contractors.

back to top

IV. Roles and Responsibilities

The DoD PKI Steering Committee will name the chairpersons of the CPMWG and those individuals will serve at the discretion of the DoD PKI Steering Committee. The CPMWG Chairs will coordinate and run CPMWG meetings as required (normally, approximately every six weeks) and report to the DoD PKI Steering Committee during DoD PKI Steering Group Meetings. All organizations represented on the CPMWG will be expected to attend and participate in all CPMWG meetings, and research issues assigned by the CPMWG chairs. CPMWG recommendations will be by consensus. If consensus cannot be achieved, then the CPMWG will prepare a position paper and/or briefing for the DoD PKI Steering Committee describing the issues involved, and the various points of view, and the DoD PKI Steering Committee will make the final decision.

The CPMWG will:

• Evaluate suggested modifications to the policies from the DoD, Services and agencies;
• Generate, coordinate, and maintain a Certificate Policy Planning Document that describes the DoD approach to evolving the DoD Certificate Policy;
• Provide a mechanism to facilitate the timely, responsive, DoD, Service and agency coordination and buy-in to the DoD CP through a consensus-building process;
• Ensure legal review is obtained for the CP and any modifications;
• Review the Certification Practice Statements (CPS) of DoD-operated CAs and commercial CAs that offer to provide services to the DoD. The CPMWG will analyze the CPS documents to ensure that the practices of CAs serving the DoD comply with the DoD CP, and provide the analysis to DoD PKI Steering Committee;
• Analyze Federal, allied, commercial and other certificate policies with respect to DoD certificate policies for purposes of establishing the suitability of the non-DoD policies for use within the DoD (for example, in cases where the technical mechanism of "policy mapping" is being considered) or for purposes of determining the possible interoperability of the DoD and the non-DoD system;
• Ensure that DoD certificate policies evolve to remain consistent with appropriate Federal, commercial, allied and international standards and practices. In particular, the DoD CPMWG will establish a liaison with the Federal PKI Legal and Policy Management Working Group;
• Review the results of CA audits to determine if the CAs are adequately meeting the requirements of approved CPS documents. Make recommendations to the CAs and to the DoD PKI Steering Committee regarding corrective actions or other measures that might be appropriate, such as revocation of CA certificates;
• Offer recommendations to DoD PKI Steering Committee, DoD Program and Project Managers, and DoD Information System Accreditation Authorities regarding the appropriateness of certificates associated with the various DoD certificate policies for specific applications; and
• Otherwise respond to the direction of the DoD PKI Steering Committee to provide CP advice as required.

Each organization may optionally provide operational, legal and technical representatives to the CPMWG as requested by the DoD PKI Steering Committee or the CPMWG. Each member of the CPMWG (except for the legal representatives) represents all of the interests of their agency or department, and is responsible for coordinating a unified agency/department position on issues being considered by the CPMWG. CPMWG members must have the authority to speak on behalf of their agency or department.

back to top

V. Resources

Each CPMWG member will provide her/his own funding. The CPMWG will be expected to rely on the support of working-level personnel within the agencies represented on the CPMWG. Contractor support provided by the organizations represented on the CPMWG may also be used for such tasks as evaluating Certificate Practice Statements (CPS) against the requirements of Certificate Policies, and evaluating policies of potential cross-certification partners.

back to top