Skip Ribbon Commands Skip to main content
  
Download Link
Description
Edit
Unclassified
The documentation included in this zip file contains administration and configuration instructions for 90meter Certificate Issuance Workstation - Batch (CIW-B) v1.0.21.11 as well as troubleshooting and maintenance FAQs. (ZIP Download) Size: 9,260 KB
 
FOUO
90meter Certificate Issuance Workstation (CIW) 1.0.17 RA Version *Downloads available on SIPRNet URL Only
90meter Certificate Issuance Workstation (CIW) 1.0.17 RA Version *Downloads available on SIPRNet URL Only
This zip file contains software and documentation for 90meter Certificate Issuance Workstation (CIW) 1.0.17 RA Version, including full install and upgrade files, an upgrade README, administration guide, release notes, and ADM/ADMX templates for policy settings. (Downloads available on SIPRNet URL http://iase.rel.disa.smil.mil/pki-pke/landing_pages/rlts.html)
 
Unclassified
90meter Certificate Issuance Workstation (CIW) 1.0.17 RA Version Release Notes *PKI
These release notes detail new product features and changes for this release of 90meter Certificate Issuance Workstation (CIW) 1.0.17 RA Version. (PDF Download) Date: 10/31/2014 | Size: 572
 
Unclassified
This guide provides administration and configuration instructions for 90meter Certificate Issuance Workstation (CIW) 1.0.17 RA Version. (PDF Download) Date: 10/31/2014 | Size: 2,264 KB
 
Unclassified
This guide provides instructions for configuring 90meter middleware to exclusively accept SIPR- or NIPR-only hardware tokens. (PDF Download) Date: 09/02/2012 | Size: 395 KB
 
Unclassified
This guide provides instructions for configuring 90meter middleware to allow the user to publish their SIPR hardware certificates to the GAL. The default settings of this middleware do not allow this action to occur. (PDF Download) Date: 09/02/2012 | Size: 425 KB
 
Unclassified
90meter Smart Card Manager
90meter Smart Card Manager
DoD personnel who use up-to-date DoD-approved 90meter Smart Card Manager products on DoD networks must have a valid licensing agreement with 90meter. Due to licensing agreements, DoD cannot provide 90meter Smart Card Manager version 1.4.32S on the IASE website. Users may acquire DoD-approved 90meter products directly from sales1@90meter.com.
 
Unclassified
Interoperability Downloads Description
The Interoperability Downloads section that follows has the latest certificate trust chains, a master document that contains trust chain and assurance level information, the DoD External Interoperability Plan, and other important information.
 
Unclassified
Interoperability Tools Description
DoD PKE offers the following tools to facilitate acceptance of DoD Approved External PKI credentials in accordance with DoD policy.
 
Unclassified
ActivClient 7: Configuration Guide *PKI
The procedures in this document guide the reader in configuring the ActivClient 7 middleware for use on workstations/desktop systems and servers. (PDF Download) Date: 02/22/2013 | Size: 517 KB
 
Unclassified
ActivClient and Spyrus: Changing Smart Card PIN *PKI
This guide instructs users on how to change a valid Personal Identification Number (PIN) in ActivClient and Spyrus Middleware. (PDF Download) Date: 09/02/2012 | Size: 486 KB
 
Unclassified
This guide documents the steps to configure Adobe to leverage MS CAPI for verifying certificate trust and revocation when performing digital signature validation. (PDF Download) Date: 11/20/2013 | Size: 822 KB
 
Unclassified
This slick sheet provides an overview of the DoD Alternate Logon Token (ALT) including what it is used for, why it is needed, who is eligible for one and how to obtain it. (PDF Download) Date: 05/20/2014 | Size: 246 KB
 
Unclassified
An Oracle White Paper: SHA-256 Support Planning Information for Dept of Defense
The purpose of this white paper is to provide the Department of Defense with information to assist in evaluation and planning for its announced transition to SHA-256. Appendix A contains a list of Oracle products and details on versions that support SHA-256. (PDF Download) Date: 10/2011 | Size: 497 KB
 
Unclassified
This slick sheet provides an overview of the X.509 PKI certificates on the Common Access Card (CAC). (PDF Download) Date: 10/09/2012 | Size: 617 KB
 
Unclassified
This slick sheet provides an overview of the logical interfaces of the DoD Common Access Card. (PDF Download) Date: 10/09/2012 | Size: 313 KB
 
Unclassified
Android (Dell): Good Mobile Control and End User S/MIME Configuration *PKI
This appendix to the Android 2.2 (Dell) STIG Technology Overview provides instructions for configuring S/MIME capabilities on Android devices using the Good Mobile Control solution. Both server-side and end user device configuration instructions are provided, including configuring the Good Mobile Control server for use with DoD PKI and S/MIME support, pairing the Dell Android device with a baiMobile 3000MP Bluetooth smart card reader and installing user certificates on the device. (PDF Download) Date: 11/23/2011 | Size: 280 KB
 
Unclassified
This guide provides instructions for PK-enabling Apache HTTP server on Linux using both NSS/mod_nss and OpenSSL/mod_ssl on both NIPRNet and SIPRNet. (PDF Download) Date: 07/09/2015 | Size: 847 KB
 
Unclassified
This guide provides instructions for PK-enabling Apache 2.4 HTTP server on Linux using both NSS/mod_nss and OpenSSL/mod_ssl on both NIPRNet and SIPRNet. (PDF Download) Date: 07/09/2015 | Size: 980 KB
 
Unclassified
Apple iOS: Good Mobile Control and End User S/MIME Configuration *PKI
This appendix to the Apple iOS 4 ISCG Technology Overview provides instructions for configuring S/MIME capabilities on iOS devices (including iPhone, iPad and iPod Touch) using the Good Mobile Control solution. Both server-side and end user device configuration instructions are provided, including configuring the Good Mobile Control server for use with DoD PKI and S/MIME support, pairing the iOS device with a baiMobile 3000MP Bluetooth smart card reader and installing user certificates on the device. (PDF Download) Date: 10/20/2011 | Size: 281 KB
 
Unclassified
This guide provides instructions for configuring Apple's email program (Mail.app) to use DoD PKI certificates for sending and receiving signed and/or encrypted email messages. (PDF Download) Date: 01/04/2013 | Size: 577 KB
 
FOUO
This quick reference guide provides instructions on how to apply PK-enabling guidance developed for NIPRNet to SIPRNet systems and environments. (PDF Download) Date: 08/20/2012 | Size: 224 KB
 
Unclassified/FOUO
Ask the PKE Expert 2012 *PKI
A moderated panel of PKI experts from the DoD Services and Agencies answer the top policy questions and address technical challenges. (PDF Download) Size: 256 KB
 
Unclassified/FOUO
Ask the PKE Expert 2011 *PKI
This presentation was the introduction to a moderated panel with PKI experts from the Services and Agencies; it highlights current top PKE-related issues each panelist's organization faces. (PDF Download) Size: 325 KB
 
Unclassified/FOUO
Authorization and Authentication for Web Servers *PKI
An in-depth discussion of the distinction between authentication and authorization including the principles and definitions of both and the implications to identity management in the big picture. Second half of presentation focuses on practical applications by describing things to look for in a PKE server configuration (trusting roots, TLS, CVC, MDS, CTLs, access control and PKI implications with Server 2k8 release 2). (PDF Download) Size: 1,954 KB
 
Unclassified/FOUO
Axway Desktop Validator 4.12 Workstation and Server Configuration *PKI
 
Axway Desktop Validator 4.12 Workstation and Server Configuration *PKI
 
This guide provides instructions for configuring Axway Desktop Validator 4.12 according to DoD best practices. Configuration files for DoD, ECA, DoD Approved External CAs, and NSS and SIPRNET Legacy CAs are also available as separate downloads. The below configuration files have been prepared by the DoD PKE team to support high-volume servers operating in NIPRNet or SIPRNet environments. These files are intended for servers only. For workstation configuration information, please review the guidance in the Axway configuration guide.
 
FOUO
BlackBerry Desktop Manager: Configuring OCSP and LDAP Servers *PKI
This guide provides instructions on adding and configuring Online Certificate Status Protocol (OCSP) and Lightweight Directory Access Protocol (LDAP) server URLs within the Certificate Synchronization Options of BlackBerry Desktop Manager. (PDF Download) Date: 7/2009 | Size: 263 KB
 
Unclassified
BlackBerry Enterprise Server: DoD Public Key Enabling for System Administrators *PKI
This guide defines the procedures for deploying the BlackBerry DoD Root Certification Authority (CA) application and provides BES administrators with step-by-step guidance on how to verify that the necessary software and drivers are installed, ensure that the correct certificate server settings have been configured on a device, pair a handheld device with a smart card reader, import CAC certificates to a device, and digitally sign/encrypt email. It also discusses how to deploy the BlackBerry Expired OCSP Certificate Remover to address digital signing and encryption issues. (PDF Download) Date: 1/2013 | Size: 1,978 KB
 
Unclassified
BlackBerry Expired OCSP Certificate Remover *PKI
This tool removes expired OCSP signing certificates from BlackBerry devices to prevent digital signature and encryption problems. (ZIP Download) Size: 66 KB
 
Unclassified
BlackBerry: Associating a Secondary Email Address to a Certificate *PKI
This guide provides instructions for sending an encrypted email to a recipient at an email address that does not match the email address in their public certificate. (PDF Download) Date: 08/06/2012 | Size: 231 KB
 
Unclassified
BlackBerry: Certificate Fetching Troubleshooting *PKI
This guide provides troubleshooting steps for instances when BlackBerry devices cannot automatically fetch public certificates for sending encrypted emails. (PDF Download) Date: 08/06/2012 | Size: 233 KB
 
Unclassified
BlackBerry: Deleting Expired OCSP Certificates *PKI
This guide provides instructions for manually removing expired OCSP certificates whose presence will prevent revocation checking from completing successfully. (PDF Download) Date: 04/02/2015 | Size: 357
 
Unclassified
BlackBerry: Importing Smart Card Certificates *PKI
This guide provides instructions on importing smart card certificates to a BlackBerry handheld device using a smart card reader, allowing for secure email signing/encrypting and application authentication using the CAC certificates. (PDF Download) Date: 08/07/2012 | Size: 192 KB
 
Unclassified
BlackBerry: Pairing a BlackBerry Smart Card Reader (SCR) with a BlackBerry Operating System (OS) Handheld *PKI
This guide provides step-by-step instructions for pairing a first generation BlackBerry smart card reader (SCR) with a BlackBerry handheld, running BlackBerry OS, to enable Secure/Multipurpose Internet Mail Extensions (S/MIME) functionality.
 
Unclassified
BlackBerry: Running the BlackBerry Expired OCSP Certificate Remover *PKI
This document provides DoD BlackBerry users step-by-step instructions for using the BlackBerry Expired OCSP Certificate Remover to correct a known error in validating email signatures and sending encrypted email. (PDF Download) Date: 1/2013 | Size: 385 KB
 
FOUO
BlackBerry: Signing and Encrypting Email *PKI
This guide provides instructions on signing and/or encrypting email messages from a BlackBerry device. (PDF Download) Date: 07/2009 | Size: 235 KB
 
Unclassified
This guide provides instructions for configuring Blue Coat ProxySG Security Gateway Operating System (SGOS) 6.3, a commercial authentication proxy appliance, to use DoD PKI. (PDF Download) Date: 06/03/2013 | Size: 2,579 KB
 
Unclassified
Bluecoat, Sidewinder G2 and Squid: Enabling Network Web Caching for CRLs *PKI
This guide provides instructions for configuring various web proxies to cache DoD CRLs to improve local performance and decrease load on GDS. (PDF Download) Date: 08/04/2014 | Size: 165 KB
 
Unclassified 
Unclassified 
FOUO
This guide provides installation and usage instructions for the DoD PKE CertAdmin tool. (PDF Download) Date: 05/20/2009 | Size: 826 KB
 
Unclassified
This tool gives administrators several methods for detecting and managing user certificates published to the Microsoft Exchange GAL that are nearing expiration or have already expired. (ZIP Download) Size: 5.6 MB
 
Unclassified
This slick sheet provides an overview of certificate revocation checking, including methods and implementation best practices. (PDF Download) Date: 10/09/2012 | Size: 333 KB
 
Unclassified
This guide provides basic requirements and best practices for vendors or custom system developers looking to build certificate validation capabilities into their products. (PDF Download) Date: 08/08/2012 | Size: 454 KB
 
Unclassified
Cisco Remote Access VPN: PKE Configuration *PKI
This guide provides instructions for configuring the Cisco Virtual Private Network (VPN) product suite to utilize DoD PKI in accordance with DoD best practices. (PDF Download) Date: 11/01/2013 | Size: 2,105 KB
 
Unclassified
This guide is written for DoD system or network administrators and provides instructions for configuring Cisco switches to support 802.1X authentication using Cisco Identity Services Engine (ISE) utilizing DoD PKI in accordance with DoD best practices. (PDF Download) Date: 11/01/2013 | Size: 2,228 KB
 
Unclassified
This guide provides instructions for configuring Citrix XenDesktop for secure authentication and communications using DoD PKI. (PDF Download) Date: 07/25/2012 | Size: 442 KB
 
Unclassified/FOUO
This memorandum deems the SafeNet Model SC650 smart card tokens "acceptable for use" on the NSS PKI SECRET-high network under the NSS Root CA and provides operational guidance for the use and proper handling of the SIPR token. (PDF Download) Date: 02/17/2011 | Size: 1,953 KB
 
Unclassified
The Committee on National Security Systems Instruction (CNSSI) No. 1300, "Instruction for National Security Systems (NSS) Public Key Infrastructure (PKI) X.509 Certificate Policy, Under CNSS Policy No. 25," states the requirements for issuing and managing certificates that Relying Parties can use in making decisions regarding what assurance they can place in a certificate issued by a NSS PKI CA. (LINK to PDF Download)
 
FOUO
This presentation provides an overview of Coalition PKI and discusses the certificate issuance process, capability demonstrations and the deployment schedule. (PDF Download) Size: 1,752 KB
 
Unclassified
This document describes the process of utilizing a DoD mobile code signing certificate to digitally sign code/software used on the DoD network. (PDF Download) Date: 07/303/2015 | Size: 575 KB
 
Unclassified
Commercial Mobile Devices PKI Capabilities Assessment *PKI
This document provides an overview of observed PKI capabilities on BlackBerry, iOS and Android mobile platforms as of June 2011, addressing support for authentication and Secure/Multi-purpose Internet Mail Extensions (S/MIME) capabilities. Configurability of PKI-related functions is also discussed. (PDF Download) Date: 10/12/2012 | Size: 347 KB
 
Unclassified/FOUO
This document provides step-by-step guidance on configuring CoreStreet Validation Authority (VA) to support various tactical environment scenarios. (PDF Download) Date: 04/19/2013 | Size: 638 KB
 
Unclassified
CRLAutoCache 4.2: System Administrator Guide *PKI
This guide provides installation and configuration instructions for the DoD PKE CRLAutoCache tool. (PDF Download) Date: 04/19/2016 | Size: 1,713 KB
 
Unclassified
CRLAutoCache 4.2: Windows Installers *PKI
 
CRLAutoCache 4.2: Windows Installers *PKI
This tool provides administrators with a flexible solution to create local enclave CRL caches by downloading and publishing CRLs to local LDAP directory servers, web servers, and network file shares. The following Operating Systems are supported (both 32- and 64-bit): Windows XP, Windows Vista, Windows 7, Windows 8.x, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.
 
Unclassified
CRLAutoCache for Linux 2.05 - SIPRNet *PKI
CRLAutoCache for Linux 2.05 - SIPRNet *PKI
The CRLAutoCache for Linux utility provides the capability to download DoD and other certificate revocation lists (CRLs) to a local cache on a Linux machine. The tool also has the ability to process downloaded CRLs for use with OpenSSL-based products, such as Apache web server configured with mod_ssl, and Mozilla Network Security Services (NSS). CRLAutoCache for Linux can be scheduled to periodically download CRLs to a local cache automatically. The SIPRNet version of the tool retrieves the NSS PKI and legacy DoD SIPRNet PKI CRLs by default. (Downloads available on SIPRNet Only - URL http://iase.rel.disa.smil.mil/pki-pke/function_pages/tools.html)
 
Unclassified
CRLAutoCache for Linux 2.06 - NIPRNet *PKI
The CRLAutoCache for Linux utility provides the capability to download DoD and other certificate revocation lists (CRLs) to a local cache on a Linux machine. The tool also has the ability to process downloaded CRLs for use with OpenSSL-based products, such as Apache web server configured with mod_ssl, and Mozilla Network Security Services (NSS). CRLAutoCache for Linux can be scheduled to periodically download CRLs to a local cache automatically. The NIPRNet version of the tool retrieves the DoD PKI NIPRNet CRLs by default. (TAR.GZ Download).
Date: March 2 2018. Size: 10 KB
SHA256 Hash of the file is be852ce21bf8b47df6c10d101d1bc89b62cfa44bf786e185151d67eaaae7d229
 
Unclassified
CRLAutoCache for Linux User Guide *PKI
This guide provides installation and usage instructions for both the NIPRNet and SIPRNet versions of CRLAutoCache for Linux. (PDF Download) Date: 01/03/2018 | Size: 583 KB
 
Unclassified/FOUO
Crypto Migration Team Update on SHA-256: DoD/VA North Chicago Case Study *PKI
This presentation provides a case study on the interoperability issues faced by (and proposed resolution for) DoD and Veterans Affairs systems which need to interoperate in support of the joint medical efforts in the North Chicago area. In particular, the study examines the challenges presented by the VA infrastructure having migrated to SHA-256 while the DoD infrastructure has not. NOTE: This is not the complete session brief from the conference, only the case study portion presented by the PKE team. (PDF Download) Size: 171 KB
 
Unclassified/FOUO
CSP NSS PKI Nomination Form v12 *PKI
This form is the Common Service Provider (CSP) Nomination Form for a Registration Authority Officer. (PDF Download) Date: 02/08/2016 | Size: 249 KB
 
Unclassified/FOUO
CSP NSS PKI Training Registration Form Procedures v9 *PKI
This document includes the CSP Training Registration Form and course information. (PDF Download) Date: 11/04/2015 | Size: 291 KB
 
Unclassified
Department of Defense External Interoperability Plan - Version 1.0
The DoD Public Key Infrastructure (PKI) External Interoperability Plan (EIP) outlines the steps to be accomplished in order for External PKIs to be designated as approved for use with DoD relying parties. (PDF Download) Date: 08/20/2010 | Size: 1,984 KB
 
Unclassified/FOUO
Department of Defense Public Key Enabling 101 *PKI
This presentation introduces the terms and concepts surrounding PK-Enabling while debunking many of the myths and misuse of the terminology. This includes topics like PK-Enabling vice CAC-Enabling, Certificate Validation vice OCSP Enabling, and what it really means to PK-Enable an application or system. (PDF Download) Size: 1,978 KB
 
FOUO
This memorandum establishes and implements policy, assigns responsibilities, and provides deadlines for enhancing the security of the SIPRNet by enabling DISA's SIPRNet networks and applications to use the SIPRNet token for authentication, digital signature, and encryption. (PDF Download) 91 KB
 
Unclassified
DISA Guidance links page (Web Link)
 
Unclassified
DoD and ECA CRL Distribution Points (CRLDPs)
This file provides a listing of all DoD and ECA CRLDPs. CRLDPs are represented by HTTP URLs that are asserted in the CRL Distribution Points certificate extension. CRLDPs are one of the mechanisms used by DoD relying party applications to validate certificates. (TXT Download) Date: 08/05/2014 | Size: 3 KB
 
Unclassified
DoD and ECA Cross Certificates (Reference Purposes) *PKI
This zip file contains cross certificates for DoD and ECA for reference purposes. (ZIP Download) Date: 08/18/2011 | Size: 9 KB
 
Unclassified
DoD Approved Assurance Levels from External Partner PKIs *PKI
This file provides a listing of all DoD approved assurance levels from approved partner PKIs. Assurance levels are represented by Certificate Policy Object Identifiers (OIDs) which are asserted in the Certificate Policies x509 certificate extension. DoD relying party applications can only accept certificates with OIDs that map to FBCA medium hardware assurance level or higher (includes PIV and PIV-I OIDs). (TXT Download) Date: 3/5/2018 | Size: 12 KB
 
Unclassified
DoD Approved External CRL Distribution Points (CRLDPs)
This file provides a listing of all DoD approved CRLDPs from approved partner PKIs. CRLDPs are represented by HTTP URLs that are asserted in the CRL Distribution Points certificate extension. CRLDPs are one of the mechanisms used by DoD relying party applications to validate certificates. (TXT Download) Date: 08/22/2014 | Size: 5 KB
 
Unclassified
DoD Approved External PKI Certificate Trust Chains - Version 4.6.1 *PKI
This zip file contains certificate trust chains for DoD Approved External PKIs.(ZIP Download) Date: 08/22/2014 | Size: 198 KB
 
Unclassified
DoD Approved External PKIs Master Document - Version 4.6.1
This document provides Certification Authority (CA) certificate trust chain and assurance level information for all Department of Defense (DoD) approved Public Key Infrastructures (PKIs). (PDF Download) Date: 08/22/2014 | Size: 1,520 KB
 
Unclassified
DoD CIO Memo on Migration to Stronger Cryptographic Algorithms *PKI
This DoD CIO memo, dated 14 October 2010, directs all Combatant Command, Service and Agency (CC/S/A) CIOs to begin evaluation of their system portfolios in anticipation of the federal mandate to transition to using the SHA-256 hashing algorithm. (PDF Download) Date: 10/14/2010 | Size: 836 KB
 
Unclassified
DoD CIO memo providing DoD CMD Interim Policy
This January 2012 DoD CIO memo defines interim policy and establishes responsibilities to increase mission capabilities of CMDs while adhering to DoD security policies. Attachment 1 addresses configuring optimal security settings in the BlackBerry STIG to improve user acceptance and functionality. Attachment 2 discusses requirements for the use of non-enterprise activated CMDs. Attachment 3 outlines interim steps to support CMD applications in the DoD.
 
Unclassified
DoD CIO memo regarding Use of Commercial Mobile Devices (CMD) in the DoD
This April 2011 DoD CIO memo emphasizes the importance of adhering to existing security policies for the use of commercial mobile devices in the DoD, outlines current challenges and provides requirements and potential mitigations for limited use pilots and mission-critical applications of devices that do not currently have approved Security Technical Implementation Guides (STIGs).
 
Unclassified
DoD CIO SIPRNet PKI Cryptographic Logon and PKE of SIPRNet Applications and Web Servers *PKI
This memorandum outlines several key deadlines related to PK-enablement of SIPRNet including completing issuance of the SIPRNet token, configuring and enforcing cryptographic logon using the SIPRNet Token, and enabling SIPRNet applications and web servers to support cryptographic authentication. (PDF Download) Date: 10/14/2011 | Size: 104 KB
 
Unclassified
This document describes the functional interface to the Department of Defense (DoD) Public Key Infrastructure to support development of applications capable of interacting with the DoD PKI. (PDF Download) Date: 9/2010 | Size: 877 KB
 
Unclassified
DoDI 8520.02 is a re-release of DoDI 8520.2 that establishes the availability of the Coalition PKI for Combatant Commands (COCOMS), refers to the SIPRNET PKI that will be transitioned to operate under Committee for National Security Systems (CNSS) authority, provides specific guidance on issuance of alternate logon tokens (ALTs) to Flag-level officers or Senior Executives, and incorporates the DoD CIO "Approval of External PKIs" memorandum (circa July 2008) into the instruction. It also contains two other major changes. The first is that all policy related to authentication requirements has been moved to DoDI 8520.03. The second major change impacts pursuing waivers to DoDI 8520.02. Previously, Component CIOs had the authority to approve waivers to the instruction.
 
Unclassified
DoDI 8520.03 is a new instruction that requires that all authentications of users be conducted with an appropriate credential that is approved for use by a DoD authority and has been verified as active (not revoked) and not expired by the credential issuing authority. It defines four levels of data sensitivity granularity for sensitive but unclassified information, and three levels of data sensitivity granularity for Secret or Confidential information. It then provides specific requirements for authentication credentials based on these levels of sensitivity. Policy related to authentication requirements was previously found in DoDI 8520.2 which has been obsoleted by DoDI 8520.02.DoD Instruction 8520.03, Identity Authentication for Information Systems (Web Link)
 
Unclassified
The official DoD web site for DoD Issuances including Directives, Instructions and Memos.DOD Issuances (Link)
 
Unclassified/FOUO
This Certification Practice Statement (CPS) covers the operation of PKI Online Certificate Status Protocol (OCSP) Responders that are operated by the Defense Information Systems Agency (DISA) to provide DoD Enterprise-wide PKI certificate validation services. (PDF Download) Date: 02/14/2011 | Size: 947 KB
 
Unclassified
DoD Memorandum - Department of Defense Acceptance and Use of Personal Identity Verification-Interoperable (PIV-I) Credentials
This DoD Memorandum permits acceptance of PIV-I credentials for authentication and access when DoD relying parties, installation commanders, and facility coordinators determine that granting access is appropriate and the appropriate vetting requirements are met. (PDF Download) Date: 06/28/2012 | Size: 663 KB
 
Unclassified
DoD Memorandum - Department of Defense Requirements for Accepting Non-Federally Issued Identity Credentials
This DoD Memorandum provides Federal Government Guidance on acceptance and use of Non-Federal Issuer (NFI) identity credentials and specific DoD policies and practices for accepting credentials for logical access to DoD applications and websites. (PDF Download) Date: 03/04/2013 | Size: 2,465 KB
 
Unclassified/FOUO
DoD NSS PKI Nomination Letter v15 *PKI
This template provides DoD/NSS PKI Nomination Letters for a Registration Authority. (PDF Download) Date: 02/08/2016 | Size: 281 KB
 
Unclassified/FOUO
DoD NSS PKI Token Supported Workstation Configuration Guidance v1.3 *PKI
The NSS PKI Token PMO Confirmed Supported Configurations guide provides recommended workstation configurations for the National Security Systems (NSS) PKI tokens within the DoD computing environment. (PDF Download) Date: 09/16/2014 | Size: 653 KB
 
Unclassified/FOUO
DoD NSS PKI Training Registration Form Procedures v11 *PKI
This document includes the DoD/NSS PKI Training Registration Form and course information. (PDF Download) Date: 11/04/2015 | Size: 379 KB
 
Unclassified
DoD Partner PKI Interoperabilty Test Plan - Version 2.0 *PKI
In addition to the requirements specified in the aforementioned documents, each intended external PKI must be tested and evaluated by JITC to prove it is technically interoperable prior to approval for use in DoD. This document provides the guidance and steps necessary to conduct Public Key Enabled interoperability testing of external partner Public Key Infrastructures (PKIs) with which the DoD desires to interoperate. This document focuses on usage of both the direct trust model and the cross certification trust model as the means of achieving interoperability. Results of all JITC Partner PKI testing are available on the JITC DoD PKI Interagency/Partner Interoperable Testing page at http://jitc.fhu.disa.mil/pki/pke_lab/partner_pki_testing/partner_pki_status.html (link). IDManagement.gov provides a one-stop shop for citizens, businesses, and government entities interested in identity management activities, including topics related to Homeland Security Presidential Directive 12 (HSPD-12); Federal Public Key Infrastructure (FPKI); Identity, Credential, and Access Management (ICAM); and Acquisitions. http://www.idmanagement.gov/ (link) (PDF Download) Date: 11/15/2010 | Size: 1,640 KB
 
Unclassified/FOUO
DoD PKE Tools Expo *PKI
What tools are available to enable systems to use DoD and DoD-approved PKI? This presentation provides an overview of the current tool offerings from DoD PKE. (PDF Download) Size: 1,898 KB
 
FOUO
DoD PKI Basic Overview v5.5 *PKI
This training module provides an overview of basic PKI concepts and the DoD PKI.

 
Unclassified
DoD PKI End User Training
This training presents separate PKI Overview and Using PKI Certificates courses, each with its own course completion certificate. Upon completing the PKI Overview course, Department of Defense (DoD) information systems users will be able to identify what PKI is and why it is important to the DoD, as well as which pieces of Congressional legislation, Federal policy, and DoD guidance mandate the use of PKI. This presentation identifies the different components of PKI and how they are implemented in the DoD. When DoD information system users have completed the Using PKI Certificates course, they will understand how to safely and securely authenticate their identity to access DoD unclassified networks using the PKI certificates contained on their Common Access Card or Alternate Token. (Link)

 
Unclassified
This white paper discusses various interoperability trust models (direct trust, direct cross certification, and cross certification with a bridge), describes the steps necessary to accept external PKI certificates, identifies the risks associated with accepting external PKI certificates, and provides best practices for achieving interoperability. (PDF Download) Date: 2/2009 | Size: 476 KB
 
Unclassified
This document contains the procedures DOD PKI LRA operations closing down must perform in order to comply with the requirements stated in the DOD RA/LRA SOP and the Reference RA/LRA CPS. (PDF Download) Date: 04/09/2015 | Size: 144 KB
 
Unclassified/FOUO
DoD PKI LRA-PB Nomination Letter v5 *PKI
This template provides Purebred Agent Nomination Letters for Purebred Agent Local Registration Authority officers. (PDF Download) Date: 09/28/2016 | Size: 282 KB
 
Unclassified/FOUO
This memorandum from the DoD PKI Program Management Office provides additional clarification guidance for the DoD regarding CNSS Memo CNSS-014-2011: Approval of Continued Use of SC650 Token-Decision Memorandum, issued 17 Feb 2011. (PDF Download) Date: 3/28/2011 | Size: 1,338 KB
 
Unclassified
This document contains the procedures Service or Agency DOD PKI RA operations closing down must perform in order to comply with the requirements stated in the DOD RA SOP, the DOD PKI Reference RA CPS and the Service or Agency approved CPS. (PDF Download) Date: 04/09/2015 | Size: 147 KB
 
Unclassified
DoD PKI Registration Authority/Local Registration Authority Certification Practice Statement *PKI
This Certification Practice Statement (CPS) defines the practices, policies and procedures under which the DoD Registration Authorities (RAs) and Local Registration Authorities (LRAs) operate. It also specifies security, nomination and credential issuance procedures for Non-Person Entity (NPE) Verifying Officials (NVOs). (PDF Download) Date: 05/20/2015 | Size: 1,018 KB
 
Unclassified
This slick sheet provides an overview of DoD PKI resources for end users, system administrators, PKI sponsors, RAs, LRAs, and KRAs. (PDF Download) Date: 02/28/2014 | Size: 401 KB
 
Unclassified
This document contains the DoD Certification Practice Statement (CPS) for the Second Layer of Certification Authorities (CAs). (PDF Download) Date: 04/24/2013 | Size: 1,386 KB
 
Unclassified/FOUO
DoD RA KRA Training v2 *PKI
This training module provides instruction on certificate issuance, revocation, suspension and restoration processes and the duties of a Registration Authority (RA) on both NIPRNet and SIPRNet. It also provides instruction on key recovery processes and the duties of a Key Recovery Agent (KRA) on both NIPRNet and SIPRNet. (PDF Download) Date: 09/15/2016 | Size: 19,774 KB
 
Unclassified
DoD SHA-256 Assessment and Test Process *PKI
This document serves as the testing strategy document referenced in the Attachment to the DoD CIO Memo regarding DoD's Migration to Use of Stronger Crytographic Algorithms, dated October 14 2010. It provides additional detail regarding how the evaluation efforts will be conducted and coordinated. (PDF Download) Date: 11/18/2010 | Size: 213 KB
 
Unclassified
Domain Controller Certificate Request Generation
 
  • NIPR Download *PKI
  • SIPR Download *Downloads available on SIPRNet URL Only
Domain Controller Certificate Request Generation
 
This script can be used to generate domain controller certificate requests. The script generates a PKCS10 request and displays the domain controller GUID information.
  • NIPR Download *PKI - (ZIP Download) Size: 11 KB
  • SIPR Download *Downloads available on SIPRNet URL Only - (ZIP Download) Size: 9 KB
    (Download available on SIPRNet URL http://iase.rel.disa.smil.mil/pki-pke/landing_pages/siprnet_pki.html)
 
Unclassified
Domain Controller Certificate Request Generation *Downloads available on SIPRNet URL Only
Domain Controller Certificate Request Generation *Downloads available on SIPRNet URL Only
This script can be used to generate domain controller certificate requests. The script generates a PKCS10 request and displays the domain controller GUID information. (Download available on SIPRNet URL http://iase.rel.disa.smil.mil/pki-pke/landing_pages/siprnet_pki.html)
 
Unclassified
This memorandum provides an extension for CCEB nations to implement classified domain PKI and outlines current progress reporting requirements. (PDF Download) Date: 05/19/2014 | Size: 49 KB
 
Unclassified
This guide is provides instructions for configuring the F5 Networks BIG-IP Local Traffic Manager (LTM), a commercial load balancer and authentication proxy, to use DoD PKI in accordance with DoD best practices. (PDF Download) Date: 07/09/2013 | Size: 2,211 KB
 
Unclassified
FAQ: "Configuration Not Supported" Message in Firefox While Downloading Certificates
This FAQ discusses a configuration error received by Registration Authorities (RAs) and end users while trying to download certificates in Firefox. (PDF Download) Date: 07/31/2015 | Size: 132 KB
 
Unclassified
This FAQ discusses causes and recommended resolution to I/O errors experienced by the BlackBerry Enterprise Server (BES) when trying to communicate with RCVS (http://ocsp.disa.mil). (PDF Download) Date: 07/31/2012 | Size: 124 KB
 
Unclassified
FAQ: Blackberry I/O Error While Communicating with Proxy *PKI
This FAQ discusses causes and recommended resolution to I/O errors experienced by the BlackBerry Enterprise Server (BES) when trying to communicate with RCVS (http://ocsp.disa.mil). (PDF Download) Date: 07/31/2012 | Size: 124 KB
 
Unclassified
This FAQ discusses the issue of DoD certificates chaining improperly to cross-certificates or the Common Policy Root Certification Authority (CA), and provides steps to resolve the issue. (PDF Download) Date: 04/24/2013 | Size: 237 KB
 
Unclassified/FOUO
This FAQ discusses common usage scenarios and handling requirements for group/role certificates. (PDF Download) Date: 07/31/2012 | Size: 132 KB
 
Unclassified
This FAQ discusses the enforcement of a password on the domain controller private key causing smart card logon errors. (PDF Download) Date: 07/31/2012 | Size: 158 KB
 
Unclassified/FOUO
This FAQ provides troubleshooting tips and steps for the scenario in which the LRA application is not recognizing a USB printer. (PDF Download) Date: 07/31/2012 | Size: 171 KB
 
Unclassified
This FAQ addresses questions on several topics, including general PKI/PKE , DoD-specific PKI, interoperability, policy and implementation. (PDF Download) Size: 450 KB
 
Unclassified
This FAQ provides preliminary guidance on configuration of RA workstations on the Windows Vista and Windows 7 operating systems. (PDF Download) Date: 07/31/2012 | Size: 124 KB
 
Unclassified
FAQ: Smart Card Logon Fails Due to Certificates Missing from the NTAuth Store *PKI
This FAQ discusses an issue with the disablement of Windows Task Scheduler preventing proper certificate replication to the NTAuth store, causing smart card logon failure. (PDF Download) Date: 04/30/2012 | Size: 159 KB
 
Unclassified
This FAQ discusses the usage of alternate tokens for administrator account logon. (PDF Download) Date: 10/16/2012 | Size: 180 KB
 
Unclassified
This FAQ discusses common causes for logon issues with new CACs. Smart card logon typically fails with the message "Your credentials could not be verified." (PDF Download) Date: 07/31/2012 | Size: 170 KB
 
Unclassified
FBCA Cross-Certificate Remover 1.15
 
This tool removes certificates which cause the cross-certificate chaining issue for DoD (and optionally ECA) users from Microsoft Local Computer and User Certificate stores. The following Operating Systems are supported: Windows Server 2003, Windows Server 2003R2, Windows Server 2008, Windows Server 2008R2, Windows Server 2012, Windows Server 2012R2, Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, and Windows 10. (ZIP Download) Size: 49 KB
 
Unclassified
FBCA Cross-Certificate Remover 1.15 User Guide
 
This guide provides usage instructions for the FBCA Cross-Certificate Remover tool. (PDF Download) Date: 09/19/2017 | Size: 235 KB
 
Unclassified
IPS PUB 140-2 specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting sensitive but unclassified information in computer and telecommunication systems. FIPS PUB 140-2, Security Requirements for Cryptographic Modules (Download Link)
 
Unclassified
FIPS PUB 201-1 specifies Personal Identity Verification (PIV) requirements for Federal employees and contractors. This standard specifies a PIV system within which a common identity credential can be created and later used to verify a claimed identity.FIPS PUB 201-1, Personal Identity Verification (PIV) of Federal Employees and Contractors (Download Link)
 
Unclassified
(WMV Download) Size: 18,704 KB
 
Unclassified
This guide provides instructions for resetting a Personal Identification Number (PIN) associated with a SIPR hardware token. This process differs from the method followed for Common Access Card as it requires intervention by a higher-level person with specific system privileges. (PDF Download) Date: 08/08/2012 | Size: 120 KB
 
Unclassified
Generating a Server Certificate Request using OpenSSL *PKI
 
This guide provides instructions for using openssl to generate a private key and server certificate request, then uploading the server certificate request to a DoD Certification Authority (CA) for signing. (PDF Download) Date: 05/04/2015 | Size: 486 KB
 
Unclassified
Generating a Server Certificate Using Network Security Services (NSS) *PKI
The purpose of this reference document is to provide guidance on obtaining a DoD/SIPR NSS PKI server certificate for use on a DoD NIPRNet or SIPRNet server using the Network Security Services (NSS) toolset. (PDF Download) Date: 06/12/2015 | Size: 411 KB
 
Unclassified
This guide provides instructions for configuring thin clients that utilize the HP ThinPro operating system. (PDF Download) Date: 12/17/2013 | Size: 444 KB
 
Unclassified
HSPD 12 is a presidential directive requiring all Federal Executive Departments and Agencies to implement a government-wide standard for secure and reliable forms of identification for employees and contractors, for access to Federal facilities and information systems.HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors (Download Link)
 
Unclassified/FOUO
IDAM 101 *PKI
This presentation focuses on introducing the terms and concepts surrounding Identity and Access Management. (PDF Download) Size: 1,064 KB
 
Unclassified/FOUO
The inspection of TLS is becoming an increasing topic of conversation. Commercial products exist to allow for TLS inspection but potentially place identity management at risk. This presentation explores various options and discusses concerns. (PDF Download) Size: 2,799 KB
 
Unclassified
InstallRoot 5.2: NIPR Windows Installer
 
InstallRoot 5.2: NIPR Windows Installer
This tool allows users to install DoD production PKI, Joint Interoperability Test Command (JITC) test PKI, and External Certification Authority (ECA) CA certificates into their Windows and Firefox certificate stores. InstallRoot 5.1 is packaged with a command line version as well as an InstallRoot service, which can check for updated Trust Anchor Management Protocol (TAMP) messages that contain the latest certificate information from DoD. The following operating systems are supported: Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.
 
Unclassified
InstallRoot 5.2: SIPR Windows Installer *Downloads available on SIPRNet URL Only
InstallRoot 5.2: SIPR Windows Installer *Downloads available on SIPRNet URL Only
This tool allows users to install the National Security Systems (NSS) PKI root, intermediate and subordinate CA certificates into their Windows and Firefox certificate stores. InstallRoot 5.2 is packaged with a command line version as well as an InstallRoot service, which can check for updated Trust Anchor Management Protocol (TAMP) messages that contain the latest certificate information from DoD. The following operating systems are supported: Windows XP, Vista, Windows 7, Windows 8 and 8.1, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. This version should only be run on machines connected to Secret networks, and is only available from the DoD PKE SIPRNET site.
 
Unclassified
InstallRoot 5.2: User Guide
This guide provides installation and usage instructions for the DoD PKE InstallRoot 5.2 tool. (PDF Download) Date: 11/20/2017 | Size: 2.6 MB
 
Unclassified
Interfacing with DoD Partners *PKI
This slick sheet discusses solutions to common issues DoD partners may experience in communicating via email with DoD personnel and accessing DoD web sites. (PDF Download) Date: 10/12/2012 | Size: 243 KB
 
Unclassified/FOUO
Interoperability with Department of State *PKI
An informative presentation on the DoD and DoS PKI Programs covering the history, interoperability operational requirements, processes for establishing interoperability with the DoD and DoS PKIs, and achievements and efforts to date. (PDF Download) Size: 803 KB
 
Unclassified
iPad 3: Pairing with a baiMobile 3000MP Smart Card Reader (SCR) *PKI
This guide provides step-by-step instructions for pairing a baiMobile 3000MP SCR with an iPad 3 to enable the smart card digital signature and encryption functionality of the Good for Enterprise email client. (PDF Download) Date: 06/13/2012 | Size: 865 KB
 
Unclassified
iPhone 4S: CAC-Enabled Web Browsing Using the Thursby PKard Reader Smart Card Reader (SCR) and the Thursby PKard Reader Application *PKI
This guide provides step-by-step instructions for initial setup and basic CAC-enabled web browsing on an iOS device using the Thursby PKard Reader Smart Card Reader (SCR) and the Thursby PKard Reader Application (App). (PDF Download) Date: 09/17/2012 | Size: This guide provides step-by-step instructions for initial setup and basic CAC-enabled web browsing on an iOS device using the Thursby PKard Reader Smart Card Reader (SCR) and the Thursby PKard Reader Application (App). (PDF Download) Date: 09/17/2012 | Size: 1,045 KB
 
Unclassified
iPhone 4S: Pairing with a baiMobile 3000MP Smart Card Reader (SCR) *PKI
This guide provides step-by-step instructions for pairing a baiMobile 3000MP SCR with an iPhone 4S to enable the smart card digital signature and encryption functionality of the Good for Enterprise email client. (PDF Download) Date: 06/13/2012 | Size: 883 KB
 
Unclassified/FOUO
Java and Public Key Enablement 2011 *PKI
This presentation provides an overview of Java's PKI capabilities and how they are configured. It will include discussion of options for revocation-checking configuration in light of Java's limited CRL size support, and configuration for FIPS 140-2 compliance. (PDF Download) Size: 617 KB
 
Unclassified/FOUO
Java and Public Key Enabling 2012 *PKI
This presentation provides an overview of Java’s PKI capabilities and how they are configured. It includes a discussion of options for revocation-checking configuration in light of Java’s limited CRL size support, and configuration for FIPS 140-2 compliance. (PDF Download) Size: 629 KB
 
Unclassified
Java Keystore: Obtaining a DoD PKI Certificate *PKI
This guide provides instructions for obtaining a DoD or NSS PKI certificate for use with Java-based servers and applications (e.g. Apache Tomcat, Oracle WebLogic, IBM Websphere) that rely on Java keystores for certificate management. (PDF Download) Date: 06/30/2015 | Size: 535 KB
 
Unclassified
The purpose of this document is to describe the security and authentication requirements to implement key recovery operation for the External Certificate Authorities (ECAs). (PDF Download) Date: 06/04/2003 | Size: 467 KB
 
Unclassified
KeyShare Reference for iOS
Purebred's KeyShareConsumer Reference implementation is available on github at https://github.com/Purebred/KeyShareConsumer (Web Link)
 
Unclassified/FOUO
KRA Training for NSS and DoD PKI v5.2.0 *PKI
This training module provides instruction on key recovery processes and the duties of a Key Recovery Agent (KRA) on both NIPRNet and SIPRNet. (PDF Download) Date: 3/26/2015 | Size: 6,646 KB
 
Unclassified
This guide aids in configuring Firefox and Thunderbird on Linux operating systems for use with DoD websites and S/MIME capabilities using the CAC and/or SIPRNet Token with the CoolKey PKCS #11 module. (PDF Download) Date: 07/24/2013 | Size: 1,164 KB
 
Unclassified
The procedures in this document guide the reader in configuring Linux for Smart Card Login (SCL) using Centrify Suite 2012.4. (PDF Download) Date: 02/12/2014 | Size: 466 KB
 
Unclassified
Linux: OpenSSH Public Key Authentication *PKI
The procedures in this document guide the reader in configuring OpenSSH to use public key authentication. (PDF Download) Date: 02/17/2016 | Size: 556 KB
 
Unclassified/FOUO
LRA Training for NSS and DoD PKI v5.2.0 *PKI
This training module provides instruction on certificate issuance processes and the duties of a Local Registration Authority (LRA) on both NIPRNet and SIPRNet. (PDF Download) Date: 03/26/2015 | Size: 14,934 KB
 
Unclassified
The procedures in this document guide the reader in configuring Mac OS X for Smart Card Logon (SCL) using the Centrify Suite of products. (PDF Download) Date: 02/12/2014 | Size: 444 KB
 
Unclassified
Mac OS X: Enabling Smart Card Logon Using Thursby ADmitMac PKI *PKI
The procedures in this document guide the reader in configuring Mac OS X for smart card logon (SCL) using the Thursby ADmitMac PKI software. (PDF Download) Date: 12/19/2014 | Size: 526 KB
 
Unclassified
This guide provides installation and usage instructions for the DoD PKE MailCrypt tool. (PDF Download) Date: 07/13/2016 | Size: 1,072 KB
 
Unclassified
MailCrypt 3.1 Windows Installers *PKI
 
MailCrypt 3.1 Windows Installers *PKI
This tool performs bulk decryption and re-encryption of Microsoft Outlook message stores, giving users the ability to update old encrypted email to be accessible using a new CAC. The following Operating Systems are supported: Windows Vista, 7, and 8.x. 64-bit support requires a 64-bit version of Microsoft Office. If you are running a 64-bit version of Windows with a 32-bit installation of Microsoft Office, the 32-bit installer is required; otherwise please select the installer that matches your Windows installation.
 
Unclassified
This document provides guidance on configuring the Microsoft CAPI2 native OCSP client component to support various DoD/National Security Systems (NSS) environments. (PDF Download) Date: 05/19/2014 | Size: 430 KB
 
Unclassified
Microsoft Internet Information Services (IIS) 6.0: Public Key Enabling *PKI
This guide provides instructions for PK-enabling Microsoft IIS 6.0 on both NIPRNet and SIPRNet. (PDF Download) Date: 08/11/2014 | Size: 875 KB
 
Unclassified
This guide provides instructions for PK-enabling Microsoft IIS 7.0/7.5 on both NIPRNet and SIPRNet. (PDF Download) Date: 08/11/2014 | Size: 854 KB
 
Unclassified
This guide provides instructions for PK-enabling Microsoft IIS 8.0 on both NIPRNet and SIPRNet. (PDF Download) Date: 08/11/2014 | Size: 881 KB
 
Unclassified/FOUO
Microsoft OCSP Responder: Public Key Enabling *PKI
This guide provides instructions for configuring the Microsoft OCSP Responder for use as a local OCSP responder to provide revocation status for DoD and/or NSS PKI certificates to local enclaves. (PDF Download) Date: 08/13/2014 | Size: 477 KB
 
FOUO
This guide provides instructions on how to configure your Microsoft Outlook 2003 Client for use with the DoD PKI Email Certificates on your Common Access Card (CAC). These steps should be followed whenever a user replaces, renews, or updates their CAC with new e-mail certificates. (PDF Download) Date: 8/2008 | Size: 195 KB
 
Unclassified
This guide provides instructions for configuring Microsoft Outlook 2007 to use DoD PKI certificates to support sending and receiving signed and/or encrypted email messages. (PDF Download) Date: 08/16/2012 | Size: 706 KB
 
Unclassified
This guide provides instructions for configuring Microsoft Outlook 2010 to use DoD PKI certificates to support sending and receiving signed and/or encrypted email messages. (PDF Download) Date: 08/16/2012 | Size: 805 KB
 
Unclassified
Microsoft Outlook 2013: Configuring to Use DoD PKI Certificates *PKI
This guide provides instructions for configuring Microsoft Outlook 2013 for use with Common Access Card (CAC) PKI certificates and to support sending and receiving signed and/or encrypted email messages. (PDF Download) Date: 04/12/2013 | Size: 654 KB
 
Unclassified
This guide provides instructions for configuring Name Check Suppression (NCS) for Microsoft Outlook. (PDF Download) Date: 04/12/2013 | Size: 581 KB
 
Unclassified
This guide provides instructions for configuring Microsoft Remote Desktop Gateway (RDG) for secure authentication and communications using DoD PKI. (PDF Download) Date: 01/11/2013 | Size: 576 KB
 
Unclassified
This guide provides instructions for configuring Microsoft Remote Desktop Infrastructure on Red Hat Enterprise Virtualization (RHEV) for secure authentication and communications using DoD PKI. (PDF Download) Date: 01/14/2013 | Size: 443 KB
 
Unclassified
This guide provides instructions for configuring Microsoft Remote Desktop Services (RDS) for secure authentication and communications using DoD PKI. (PDF Download) Date: 01/21/2013 | Size: 1,149 KB
 
Unclassified
This guide provides instructions for configuring Microsoft Remote Desktop Web Access (RWA) for secure authentication and communications using DoD PKI. (PDF Download) Date: 01/17/2013 | Size: 618 KB
 
Unclassified
This guide provides guidance on the process to Secure Socket Layer (SSL)/Transport Layer Security (TLS)-enable a Microsoft SharePoint 2010 server.(PDF Download) Date: 06/09/2014 | Size: 547 KB
 
Unclassified
Microsoft Threat Management Gateway (TMG): Public Key Enabling *PKI
This guide provides instructions for configuring Microsoft Threat Management Gateway (TMG) 2010, a commercial authentication proxy, to use DoD PKI in accordance with DoD best practices. (PDF Download) Date: 08/20/2014 | Size: 1,232 KB
 
Unclassified
Microsoft Windows Server 2003: Enabling Smart Card Logon *PKI
 
This guide provides instructions for configuring Windows Server 2003 for Smart Card Login on both NIPRNet and SIPRNet. (PDF Download) Date: 09/27/2017 | Size: 680 KB
 
Unclassified
Microsoft Windows Server 2008: Enabling Smart Card Logon *PKI
 
This guide provides instructions for configuring Windows Server 2008 for Smart Card Login on both NIPRNet and SIPRNet. (PDF Download) Date: 09/27/2017 | Size: 648 KB
 
Unclassified
Microsoft Windows Server 2012: Enabling Smart Card Logon *PKI
 
The procedures in this document guide the reader in configuring Windows Server 2012 for smart card logon (SCL). (PDF Download) Date: 09/27/2017 | Size: 583 KB
 
Unclassified
The guide provides steps for deploying certificates to Windows operating system trust stores using Windows Group Policy. (PDF Download) Date: 09/21/2012 | Size: 376 KB
 
Unclassified
This guide provides step-by-step instructions for recovering and installing an old email encryption key pair. Following this guide will enable old email encrypted using the recovered key to be read. (PDF Download) Date: 06/09/2014 | Size: 1,298 KB
 
Unclassified
Motorola Droid Razr: Pairing with a baiMobile 3000MP Smart Card Reader (SCR) *PKI
This guide provides step-by-step instructions for pairing a baiMobile 3000MP SCR with a Motorola Droid Razr to enable the smart card digital signature and encryption functionality of the Good for Enterprise email client. (PDF Download) Date: 06/11/2012 | Size: 576 KB
 
Unclassified
This guide provides instructions for using DeleteKey, a batch file that clears the master password, removes user certificates, and returns the kiosk installation of Firefox to a clean state after software certificate retrieval and installation. (PDF Download) Date: 09/27/2012 | Size: 192 KB
 
Unclassified
This guide provides instructions for installing your certificates, using the CAC, and configuring certificate validation for Firefox. (PDF Download) Date: 09/16/2013 | Size: 602 KB
 
Unclassified
Mozilla Thunderbird: Enabling for DoD PKI Secure Mail *PKI
This guide provides step-by-step instructions for configuring the Mozilla Thunderbird email client to use PKI certificates for signing and encrypting email. (PDF Download) Date: 03/11/2015 | Size: 492 KB
 
Unclassified
This slick sheet contains information about the test materials available to support NIPRNet PK-enablement and how to obtain them. (PDF Download) Date: 08/19/2013 | Size: 224 KB
 
Unclassified
NIST SP 800-63-2 provides technical guidelines to agencies to allow an individual person to remotely authenticate his/her identity to a Federal Information Technology (IT) system. These technical guidelines supplement OMB guidance, E-Authentication Guidance for Federal Agencies [OMB M-04-04]. NIST 800-63-2, Electronic Authentication Guideline (Download Link)
 
Unclassified
NIST SP 800-78-3 specifies the cryptographic algorithms and key sizes for PIV systems and is a companion document to FIPS 201.NIST SP 800-78-3, Cryptographic Algorithms and Key Sizes for PIV (Download Link)
 
FOUO
Non Person Entity (NPE) RA and Sponsor Overview Training *PKI
NPE training provides a system overview for Registration Authorities (RA) and PKI Sponsors (all other users) on provisioning device certificates. Upon completing the NPE Overview course, Department of Defense (DOD) information systems users will be able to request certificates for devices. RAs will have the ability to approve device certificates and approve users for automatic device approval.

PKI Sponsor Training provides an overview on certificate application submissions via Web, Bulk or Protocol based enrollment. The course will identify the differences between registered and non-registered PKI Sponsors. Additionally the course will provide an introduction to user management, search, and certificate application management.

RA Training will cover all concepts of PKI Sponsor training, as well as, functions specifically related to an RA, including additional Search, PKI Sponsor Registration Management, and Certificate Application Management.

 
Unclassified/FOUO
NSS LRA RA KRA Training v2 *PKI
This training module provides instruction on certificate issuance, revocation, suspension and restoration processes and the duties of a Registration Authority (RA) on both NIPRNet and SIPRNet. It also provides instruction on certificate issuance processes and the duties of a Local Registration Authority (LRA) on both NIPRNet and SIPRNet as well as the key recovery processes and the duties of a Key Recovery Agent (KRA) on both NIPRNet and SIPRNet. (PDF Download) Date: 09/15/2016 | Size: 19,594 KB
 
Unclassified/FOUO
NSS PKI CSP Registration Practice Statement v1.2 *PKI
This Registration Practice Statement (RPS) defines the practices, policies and procedures under which the National Security Systems (NSS) Public Key Infrastructure (PKI) Common Service Provider (CSP) Registration Authorities (RAs) operate. It also specifies security, nomination and credential issuance procedures for Non-Person Entity (NPE) Verifying Officials (NVOs) under the Common Service Providers. (PDF Download) Date: 12/11/2015 | Size: 621 KB
 
Unclassified
NSS PKI DoD and CSP Subordinate Certification Authority System Certification Practice Statement *PKI
This document defines the practices and procedures under which the United States (US) Department of Defense (DoD) National Security Systems (NSS) Public Key Infrastructure (PKI) Subordinate Certification Authority Systems (CAS) operates. (PDF Download) Date: 12/18/2014 | Size: 1,218 KB
 
Unclassified
This RPS applies to all Registration Authorities (RA) from the CC/S/A that participate in the issuance process for all certificates issued under the DoD NSS PKI. This RPS also applies to the individuals responsible for these certificates, persons operating an RA System, and Trusted Agents (TAs) appointed by an RA Officer operating under this RPS. (PDF Download) Date: 12/19/2014 | Size: 958 KB
 
Unclassified/FOUO
NSS PKI Token Handling Best Practices Guide *PKI
The National Security Systems (NSS) Public Key Infrastructure (PKI) Token Handling Best Practices Guide includes best practices related to the usage and storage of NSS PKI tokens. (PDF Download) Date: 08/13/2014 | Size: 249 KB
 
Unclassified/FOUO
NSS PKI Token Troubleshooting Procedures Guide *PKI
The NSS PKI Token Troubleshooting Procedures Guide provides steps for troubleshooting and analysis of NSS PKI tokens as well as the NSS Token Troubleshooting Form. (PDF Download) Date: 11/25/2014 | Size: 527 KB
 
Unclassified
This script facilitates population of trusted Certification Authority (CA) certificates in an NSS database on Linux operating systems. The script extracts all certificates from a specified PKCS#7 file, converts them to PEM format as necessary, then loads them into a specified NSS database. (ZIP Download) Size: 2 KB
 
Unclassified
This guide provides installation and usage instructions for the NSSdb CertLoader script for Linux environments. (PDF Download) Date: 07/09/2015 | Size: 333 KB
 
Unclassified
This script facilitates population of trusted Certification Authority (CA) certificates in an NSS database on Windows operating systems. The script extracts all certificates from a specified PKCS#7 file, converts them to PEM format as necessary, then loads them into a specified NSS database. (ZIP Download) Size: 2 KB
 
Unclassified
This guide provides installation and usage instructions for the NSSdb CertLoader script for Windows environments. (PDF Download) Date: 07/09/2015 | Size: 331 KB
 
Unclassified
This guide describes the process for requesting and obtaining a DoD mobile code signing certificate to digitally sign code/software used on the DoD network. (PDF Download) Date: 07/02/2013 | Size: 534 KB
 
Unclassified/FOUO
 
This guide provides instructions for obtaining a PKI certificate for a unclassified or secret DoD server, including submitting a certificate signing request, requesting approval from your organization's Registration Authority (RA), and retrieving the issued certificate. (PDF Download) Date: 09/27/2017​ | Size: 622 KB
 
Unclassified
OMB M-04-04 requires requires agencies to review new and existing electronic transactions to ensure that authentication processes provide the appropriate level of assurance. It establishes and describes four levels of identity assurance for electronic transactions requiring authentication.OMB Memorandum 04-04, E-Authentication Guidance for Federal Agencies (Download Link)
 
Unclassified
OMB Memorandum 11-11, Continued Implementation of HSPD-12
OMB M-11-11 requires that all federal agencies continue implementing the requirements outlined in Homeland Security Presidential Directive (HSPD) 12 to enable agency-wide use of the Personal Identity Verification (PIV) card. This includes enabling agency IT systems, applications, and facilities to be capable of using the PIV card as the mechanism for granting user access.OMB M-11-11, Continued Implementation of HSPD-12 (Download Link)
 
Unclassified
This OMB Memorandum requires agencies to begin leveraging externally-issued credentials, in addition to continuing to offer federally-issued credentials. The use of externally-issued credentials (i.e., those that have been issued by an entity other than the federal government) will decrease the burden on uses of government information systems and reduce costs associated with managing credentials.OMB's Requirements for Accepting Externally-Issued Identity Credentials (Download Link)
 
Unclassified
Online Certificate Status Protocol (OCSP) Test Suite *PKI
The OCSP Test Suite is designed to facilitate testing commonly used features and standards compliance of OCSP clients. This installer is used to install test artifacts and, optionally, test responders. The test artifacts include trust anchors, CA certificates, end entity certificate, CRLs, and PKCS12 files. (MSI Download) Date: 11/10/2014 | Size: 5,616 KB
 
Unclassified
Online Certificate Status Protocol (OCSP) Test Suite User Guide *PKI
This document provides test assertions and test cases for testing OCSP client software behavior with the OCSP Test Suite. Tests focus on commonly used features and standards compliance. (PDF Download) Date: 11/10/2014 | Size: 1,065 KB
 
Unclassified
Online Certificate Status Protocol (OCSP) Test Utilities *PKI
The OCSP Test Utilities facilitate using the OCSP Test Suite with OCSP clients integrated with Microsoft CAPI. This installer includes two utilities: CapiRevStatusTest and CapiRevStatusTestCleaner. CapiRevStatusTest initiates a certificate validation action through Microsoft CAPI and CapiRevStatusTestCleaner is used to "clean up" test artifacts after the CapiRevStatusTest utility has been executed. (MSI Download) Date: 11/10/2014 | Size: 944 KB
 
Unclassified
Oracle Weblogic Server: Public Key Enabling
The purpose of this reference guide is to provide guidance to the DoD user community on the process to secure and Secure Socket Layer (SSL)/Transport Layer Security (TLS)-enable an Oracle Weblogic server. (PDF Download) Date: 03/04/2015 | Size: 399 KB
 
Unclassified
This guide provides instructions for configuring Microsoft Outlook for Mac 2011 to use DoD PKI certificates to support sending and receiving signed and/or encrypted email messages. (PDF Download) Date: 12/21/2012 | Size: 833 KB
 
Unclassified/FOUO
This slick sheet provides information on the Pass-the-Hash (PtH) attack and steps that can be taken to mitigate the risks of being compromised. (PDF Download) Date: 01/30/2014 | Size: 301 KB
 
Unclassified/FOUO
The DoD PKE Password Hash Refresh script can be used to periodically change passwords (and by extension, their associated hashes) for smart card-enforced accounts within specific OU containers and Groups in Microsoft Active Directory (AD). (ZIP Download) Size: 2 KB
 
Unclassified/FOUO
This guide provides step-by-step instructions for using the DoD PKE Password Hash Refresh script to periodically change passwords (and by extension, their associated hashes) for smart card enforced accounts. (PDF Download) Date: 02/11/2014 | Size: 686 KB
 
Unclassified/FOUO
PKE 101 *PKI
This presentation focuses on introducing the terms and concepts surrounding PK-Enabling while debunking many of the myths and misuse of the terminology. This includes topics like PK-Enabling vice CAC-Enabling, Certificate Validation vice OCSP-Enabling, and what it really means to PK-Enable an application or system. (PDF Download) Size: 1,892 KB
 
Unclassified
This slick sheet provides a checklist of common steps necessary to PK-enable applications. (PDF Download) Date: 10/12/2012 | Size: 409 KB
 
Unclassified
PKE Post: Summer 2016 *PKI
This newsletter includes topics such as "DoD's Migration to SHA-256", "Initial Findings from Software Certificate Testing at DISA", and "InstallRoot 5.0: A Whole New InstallRoot". (PDF Download) Date: 07/27/2016 | Size: 1,478 KB
 
Unclassified
This newsletter includes topics such as "Authentication vs Content Inspection", "PKE for Mac", "Bouncy Castle, Spongy Castle, and Android", It's Time to Update Your Trust Stores!", and "Choosing the Right Data for Certificate Mapping". (PDF Download) Date: 04/2013 | Size: 1,563 KB
 
Unclassified
This newsletter includes topics such as "SIPRNET Hardware Token Pilot Begins," "The Non-Person Entity (NPE) Initiative," "Using CRLAutoCache to Locally Cache CRLs," and "Using Your BlackBerry: How to Send and Receive Secure Email."(PDF Download) Date: 12/2009 | Size: 459 KB
 
Unclassified
This newsletter includes topics such as "Enforcing Certificate Assurance Levels for Secure Interoperability," Missing Encryption Certificates in Outlook 2007," "Wireless Update," "InstallRoot Overview" and "DoD PKI Test Certificates."(PDF Download) Date: 12/2010 | Size: 2,274 KB
 
Unclassified
This newsletter includes topics such as "New SIPRNet PK-Enablement Deadlines", "Cross-Certificate Chaining Issue Recap", "Time to Update Your Trust Store!", "Combined Endeavor 2011", "Updated 90meter Evaluation and Distribution Process" and "Testing Thin Client Support for the SIPRNet Token". (PDF Download) Date: 01/2012 | Size: 1,079 KB
 
Unclassified
This newsletter includes topics such as "Smart Phones Need Smart Security", "Combined Endeavor", "Risks of Software Certificates", and "Alternate Revocation Checking Options".(PDF Download) Date: 11/2012 | Size: 1,313 KB
 
Unclassified
This newsletter includes topics such as "DoD's Migration to SHA-256", "Ensuring Security and Interoperability with DoD Partners: 2048-bit RSA Certificates", "Security Awareness", "Wireless Update", and "OCSP Trust Models". (PDF Download) Date: 04/2011 | Size: 1,655 KB
 
Unclassified
This newsletter includes topics such as "PIV-I: A Primer", "Evaluating Thin Clients for SIPRNet", "New Rich Revocation Checking Capabilities for Weblogic Server", and "Wireless Update". (PDF Download) Date: 08/2012 | Size: 1,408 KB
 
Unclassified
This newsletter includes topics such as "Authentication is having an Identity Crisis," "PKE Support for External PKIs," "Smartphones Need Smart Security," "Mobile Code Signing Certificates," "When a Good Card Goes Bad," and "ActivClient and Remote Desktop Protocol."(PDF Download) Date: 7/2010 | Size: 842 KB
 
Unclassified
This newsletter includes topics such as "New DoD Authentication Policy", "JPAS Transitioning to Certificate-Based Authentication", "Federal Bridge 2.0", "SIPRNet RCVS DTM Migration", "Air Force Offline Certificate Request Tool", and "DoD PKE Web Site Refresh". (PDF Download) Date: 09/2011 | Size: 2,538 KB
 
Unclassified
This newsletter includes topics such as "Why isn't my favorite touch screen device part of a DOD approved unclassified mobile messaging solution?," "New SECRET level PKI for the DOD and our Federal Partners," "Coalition PKI," "The DoD External Certification Authority (ECA) Program," and "The Combined Endeavor Experience."(PDF Download) Date: 3/2010 | Size: 537 KB
 
Unclassified
This newsletter includes topics such as "New PKE Tools Roundup", "Working Toward a More Streamlined CAC", "New DOD-Approved External PKIs", and "Thin Client SIPRNet Token Support".(PDF Download) Date: 03/2012 | Size: 2,024 KB
 
Unclassified
PK-Enabling Mobile Devices with DoD PKI Credentials *PKI
This brief provides Purebred’s goals, fundamentals, status, workflows, and technical details on its background. (PDF Download) Date: 04/20/2016 | Size: 2,148 KB
 
Unclassified
PKI CA Certificate Bundles: PKCS#7
 
PKI CA Certificate Bundles: PKCS#7
These zip files contain three PKCS#7 files that contain all the Certification Authority (CA) certificates for the specified PKI in different formats. One PKCS#7 file contains the certificates in DER format, another in PEM, and the last also in PEM but with a signature applied to the PKCS#7 file. Instructions for verifying the integrity of all three files using OpenSSL are included in the README
 
Unclassified
PKI Interoperability Application Testing Methodology and Test Report - Version 1.2 *PKI
The PKI Interoperability Application Testing Methodology and Test Report provides results for common DoD application and their ability to support cross certificate trust by building and validating certification paths through a bridge such as the Federal Bridge Certificate Authority (FBCA). (PDF Download) Date: 07/11/2010 | Size: 653 KB
 
Unclassified
PKI Interoperability Test Tool (PITT): 2.0.6 Linux Installer *PKI
PKI Interoperability Test Tool (PITT): 2.0.6 Linux Installer *PKI
The PKI Interoperability Test Tool version 2 (PITTv2) is a utility intended to assist with evaluating interoperability alternatives to establish trust with prospective partner PKIs and to troubleshoot certification path processing problems. The following operating systems are supported: Red Hat Enterprise Linux 5.x and 6.x.
 
Unclassified
PKI Interoperability Test Tool (PITT): 2.0.6 User Guide
This guide provides usage instructions for PITT. (PDF Download) Date:09/02/2015 | Size: 1,928 KB
 
Unclassified
PKI Interoperability Test Tool (PITT): 2.0.6 Windows Installer *PKI
PKI Interoperability Test Tool (PITT): 2.0.6 Windows Installer *PKI
The PKI Interoperability Test Tool version 2 (PITTv2) is a utility intended to assist with evaluating interoperability alternatives to establish trust with prospective partner PKIs and to troubleshoot certification path processing problems. The following operating systems are supported: Windows Server 2003, Windows Server 2008, Windows Server 2008R2, Windows Server 2012, Windows 7 and Windows 8.
 
Unclassified/FOUO
PKI Interoperability: What Every DAA and System Owner Needs to Know *PKI
This presentations provides an overview of the policies surrounding interoperability in the DoD, discusses how interoperability works, and what implementation considerations and current tools exist to help. (PDF Download) 1,139 KB
 
Unclassified
This training module provides an overview of the general responsibilities and PKI responsibilities of privileged users. Privileged User IA Responsibilities (Link)
 
Unclassified
This FAQ discusses steps for secure handling of P12/PFX files. (PDF Download) Date: 10/12/2012 | Size: 266 KB
 
Unclassified/FOUO
Public Key Enabling SIPRNet *PKI
This presentation covers considerations and steps for configuring SIPRNet systems to use NSS PKI, with a focus on how PK-enabling on SIPRNet differs from PK-enabling on NIPRNet. (PDF Download) Size: 621 KB
 
Unclassified/FOUO
Public Key Enabling the SIPRNet *PKI
This presentation covers considerations and steps for configuring SIPRNet systems to use NSS PKI, with a focus on how PK-enabling on SIPRNet differs from PK-enabling on NIPRNet. (PDF Download) 857 KB
 
FOUO
Purebred Agent FAQs *PKI
This guide covers Purebred Agent frequently asked questions. (PDF Download) Date: 11/22/2017 | Size: 123 KB
 
Unclassified
Purebred Agent Guide *PKI
This guide walks through all necessary steps for Purebred agents enrolling handsets in Purebred, issuing device certificates, assigning handsets to users, and managing configuration profiles. Individual mobility deployments may have tailored instructions for their particular environment. (PDF Download) Date: 04/18/2018 | Size: 2.4 MB​
 
FOUO
Purebred Agent Milbook Collaboration Site *PKI
Milbook site for Purebred agents to collaborate nd share information.
 
FOUO
Purebred Agent Nomination Directions *PKI
This guide explains how the Purebred Agent nomination form should be completed. (PDF Download) Date: 02/20/2018 | Size: 229 KB
 
FOUO
Purebred Agent Nomination Form *PKI
This form is to be completed for new Purebred Agent nominations to be added to the system. (PDF Download) Date: 11/22/2017 | Size: 1616 KB
 
FOUO
Purebred Agent Training Slides - Appendix *PKI
These training slides explain all tasks a Purebred Agent does to enroll and credential mobile devices with Purebred. (PDF Download) Date: 2/20/2018 | Size: 1645 KB
 
FOUO
Purebred Agent Training Slides *PKI
These training slides explain all tasks a Purebred Agent does to enroll and credential mobile devices with Purebred. (PDF Download) Date: 2/20/2018 | Size: 2989 KB
 
FOUO
Purebred Agent Troubleshooting Decision Trees *PKI
This guide explains how Purebred Agents should decide to use certain configurations on Purebred to support their users. (PDF Download) Date: 11/22/2017 | Size: 362 KB
 
Unclassified
Purebred for Android *PKI
Purebred Registration for Android is available Note: This app is for mobility administrators to distribute to user devices. End users should download Purebred from their organization's app store--such as DoD apps.
 
Unclassified
Purebred for Blackberry *PKI
Purebred Registration for Blackberry 10.3.3 1.0.0 is available Note: This app is for mobility administrators to distribute to user devices. End users should download Purebred from their organization's app store--such as DoD apps.
 
FOUO
Purebred for iOS *PKI
Purebred Registration for Apple iOS 1.3 (6) is available to support iOS 12. Note: This app is for mobility administrators to distribute to user devices. End users should download Purebred from their organization's app store--such as DoD apps.
 
Unclassified
Purebred for Windows *PKI
Purebred for Windows *PKI
Purebred Registration for Windows 10 UWP 1.0.118 is available. Please contact dodpke@mail.mil for access if piloting Windows 10 tablets.
 
Unclassified/FOUO
Purebred Information Brief - Mar 2018 *PKI
This high-level brief explains what Purebred is, lists supported mobile device platforms, status, and shows sample screenshots. (PPTX Download) Date: 03/28/2018 | Size: 2752 KB
 
Unclassified
Purebred Registration App Version History *PKI
Purebred Registration change log and version history information.
 
Unclassified
Purebred Resolve Ambiguous Persona *PKI
This guide explains how Purebred Agents can resolve ambiguous personas when multi-persona user enrollments do not work by default. (PDF Download) Date: 11/22/2017 | Size: 378 KB
 
Unclassified
Purebred User Guide *PKI
This guide walks through all necessary steps for Purebred users generating derived credentials and retrieving encryption certificates. Individual mobility deployments may have tailored instructions for their particular​ environment. (PDF Download) Date: 04/18/2018 | Size: 2116 KB
 
FOUO
Purebred: Android User Slick Sheet *PKI
This slick sheet provides information on how a user enrolls with Purebred on Android. (PDF Download) Date: 11/22/2017 | Size: 445 KB
 
Unclassified
Purebred: Blackberry User Slick Sheet *PKI
This slick sheet provides information on how a user enrolls with Purebred on Blackberry. (PDF Download) Date: 11/22/2017 | Size: 466 KB
 
Unclassified
Purebred: Enabling Custom Apps *PKI
This slick sheet provides information for app developers planning to use derived credentials on iOS platforms. The iOS platform necessitates use of Purebred’s Key Share to provide credentials to apps signed by other developers. (PDF Download) Date: 03/29/2016 | Size: 106 KB
 
FOUO
Purebred: iOS User Slick Sheet *PKI
This slick sheet provides information on how a user enrolls with Purebred on iOS. (PDF Download) Date: 11/22/2017 | Size: 480 KB
 
Unclassified
Purebred: Planning for Derived Credentials *PKI
This slick sheet provides information for mission partners planning to deploy derived credentials as part of their mobility offering through Purebred. (PDF Download) Date: 03/29/2016 | Size: 1,939 KB
 
FOUO
Purebred: Windows User Slick Sheet *PKI
This slick sheet provides information on how a user enrolls with Purebred on Windows. (PDF Download) Date: 09/05/2018​ | Size: 225 KB
 
Unclassified/FOUO
RA Training for NSS and DoD PKI v5.2.0 *PKI
This training module provides instruction on certificate issuance, revocation, suspension and restoration processes and the duties of a Registration Authority (RA) on both NIPRNet and SIPRNet. (PDF Download) Date: 03/26/2015 | Size: 18,751 KB
 
Unclassified
Red Hat Enterprise Linux: Configuring Local Smart Card Logon *PKI
The procedures in this document guide the reader in configuring Red Hat Enterprise Linux (RHEL) smart card logon (SCL) to a local Linux user account. (PDF Download) Date: 07/14/2015 | Size: 374 KB
 
n/a 
Unclassified/FOUO
This DoD Memorandum provides instructions for the issuance and use of Non-Person Entity (NPE) PKI certificates for devices both within and outside of key terrain. (PDF Download) Date: 05/10/2013 | Size: 461 KB
 
Unclassified
This guide is written for DoD system or network administrators and provides instructions for configuring Riverbed Stingray Traffic Manager 8.0 (formerly known as Zeus), a commercial authentication proxy, to use DoD PKI in accordance with DoD best practices. (PDF Download) Date: 09/10/2012 | Size: 1,187 KB
 
Unclassified/FOUO
This slick sheet provides an overview of the capabilities provided by the Robust Certificate Validation Services (RCVS). (PDF Download) Date: 03/26/2014 | Size: 453 KB
 
Unclassified
Secure Email in DoD *PKI
This slick sheet provides an overview of how and when to use PKI capabilities (digital signature and encryption) for email. (PDF Download) Date: 03/15/2013 | Size: 312 KB
 
Unclassified
SHA-256 Assessment Period System Data Aggregation Form *PKI
This is the form referenced in the SHA-256 Assessment and Test Process document which should be used to report SHA-impacted system information to the DoD CIO coordination cell. Details as to what content should be included in each field are contained in Appendix B of the Assessment and Test Process document. (XLS Download) Date: 11/18/2010 | Size: 30 KB
 
Unclassified
SHA-256 Compatible Products List *PKI
This document lists SHA-256 compatibility information for common products used throughout DoD. This information was consolidated by the DoD CIO SHA-256 coordination cell and will be updated on a periodic basis. (PDF Download) Date: 10/16/2011 | Size: 233 KB
 
Unclassified
This slick sheet provides an overview of the SIPR hardware token and addresses frequently asked questions about its distribution and use. (PDF Download) Date: 10/15/2013 | Size: 551 KB
 
Unclassified/FOUO
The metrics identified in the SIPRNet PKE Reporting Metrics Template for token issuance and cryptographic logon replace reporting in the Vulnerability Management System (VMS) as originally directed in USCYBERCOM TASKORD J3-12-0863. (XLSX Download) Date: 06/2013 | Size: 18 KB
 
Unclassified/FOUO
This document is provided as a supplement to USCYBERCOM TASKORD J3-12-0863 and as clarification to the DoD CIO Memorandum: DoD SIPRNet Public Key Infrastructure Cryptographic Logon and Public Key Enablement of SIPRNET applications and Web Servers. (PDF Download) Date: 06/14/2013 | Size: 438 KB
 
Unclassified
This slick sheet contains information about the test materials available to support SIPRNet PK-enablement and how to obtain them. (PDF Download) Date: 08/15/2012 | Size: 205 KB
 
Unclassified
Smart Card Logon (SCL) Troubleshooting Tool 1.0 *PKI
The SCL troubleshooting Tool is designed to identify and diagnose SCL problems that are present on an Active Directory domain controller. The following operating systems are supported: Windows Server 2008, 2008 R2, 2012, and 2012 R2 . (MSI Download) Date: 02/26/2016 | Size: 14,161 KB
 
Unclassified
Smart Card Logon (SCL) Troubleshooting Tool 1.0 User Guide *PKI
This guide provides usage instructions for the Smart Card Logon (SCL) Troubleshooting Tool. (PDF Download) Date: 02/26/2016 | Size: 605 KB
 
Unclassified
Solaris 10/11: SSH Public Key Authentication *PKI
The procedures in this document guide the reader in configuring SSH on Solaris to use public key authentication. (PDF Download) Date: 06/06/2016 | Size: 514 KB
 
Unclassified
This guide provides instructions for configuring Squid 2.6, an open-source caching proxy, to cache DoD CRLs. (PDF Download) Date: 10/02/2012 | Size: 491 KB
 
Unclassified
SSH Clients Authentication with Smart Cards *PKI
The procedures in this document guide the reader in configuring several SSH clients to use smart cards to authenticate with SSH servers. (PDF Download) Date: 02/22/2016 | Size: 513 KB
 
Unclassified/FOUO
State of Commercial Mobile Devices (CMD) in the DoD PKI *PKI
This presentation discusses the current state of CMDs in the DoD and the challenges enabling the use of the DoD PKI on CMDs. (PDF Download) 610 KB
 
Unclassified/FOUO
TACT: Trust Anchor Constraints Tool *PKI
TACT is a set of web server plugins and management applications for Microsoft Internet Information Services (IIS) and Apache HTTPD servers that aim to enable interoperability and enhance security when using mutually authenticated SSL/TLS. This presentation introduces TACT and provides an overview on when and how to use the tool. (PDF Download) Size: 2,216 KB
 
Unclassified/FOUO
This white paper discusses the approach to implementing revocation checking in various limited and unique network environments. (PDF Download) Date: 08/07/2013 | Size: 944 KB
 
Unclassified
The DoD and SHA-256 *PKI
This slick sheet provides some helpful facts about the DoD and SHA-256. (PDF Download) Date: 01/02/2014 | Size: 329 KB
 
Unclassified
The DoD PKI External Interoperability Landscape - Version 4.3
This diagram provides an overview of the Federal PKI Interoperability Landscape and illustrates the cross certificate trust relationships between DoD PKI and External PKIs. (PDF Download) Date: 08/01/2014 | Size: 428 KB
 
Unclassified
This slick sheet discusses general configuration considerations for OCSP clients. It also describes the different trust models that OCSP responder infrastructures can employ, their configuration implications, and which are in use in the DoD today. (PDF Download) Date: 10/12/2012 | Size: 505 KB
 
Unclassified
The DoD PKE team is currently evaluating a variety of thin clients for usability with the SIPRNet Hardware Token as well as consolidating information from evaluation efforts across the DoD community. Please contact dodpke@mail.mil if your organization is evaluating a thin client or if you don't see your thin client on the list. (PDF Download) Size: 248 KB
 
Unclassified/FOUO
Thin Client Use with SIPRNet PKI *PKI
This presentation discusses thin clients in use throughout the DoD and their current functionality with the new DoD SIPRNet hardware token. (PDF Download) Size: 765 KB
 
Unclassified/FOUO
Token Management System (TMS) Training *PKI
This training is for TMS users who want information on how to use the TMS Release 5/6. These topics include Inventory, Group Update, Rekey, and Advance Reporting System
 
Unclassified
This slick sheet provides an overview of the Trust Anchor Constraints Tool (TACT). TACT is a set of web server plug-ins and management applications that facilitates interoperability, enhances security and enables DoDI 8520.02 and 8520.03 compliance for web servers using TLS to authenticate DoD and DoD-approved external partners. (PDF Download) Date: 08/15/2012 | Size: 312 KB
 
Unclassified
Trust Anchor Constraints Tool (TACT): 1.2.6 Installation Instructions
This guide provides installation instructions for TACT. (PDF Download) Date: 09/02/2015 | Size: 785 KB
 
Unclassified/FOUO
Trust Anchor Constraints Tool (TACT): 1.2.6 Linux Installer *PKI
 
Trust Anchor Constraints Tool (TACT): 1.2.6 Linux Installer *PKI
 
This installer provides a web server plug-in and management applications to enable Apache 2.2 and 2.4 to authenticate DoD and DoD-approved external partner certificates with fewer client-side interoperability issues and with enhanced security. TACT allows administrators to configure the web server to enforce additional PKI constraints during the authentication process. The following operating systems are supported: Red Hat Enterprise Linux 5.x and 6.x.
 
Unclassified
Trust Anchor Constraints Tool (TACT): 1.2.6 User Guide
This guide provides usage instructions for TACT. (PDF Download) Date: 09/02/2015 | Size: 2,313 KB
 
Unclassified/FOUO
Trust Anchor Constraints Tool (TACT): 1.2.6 Windows Installer *PKI
 
Trust Anchor Constraints Tool (TACT): 1.2.6 Windows Installer *PKI
This installer provides a web server plug-in and management applications to enable IIS 6, 7, and 8, and Apache 2.2 and 2.4 (on selected platforms) to authenticate DoD and DoD-approved external partners with fewer client-side interoperability issues and with enhanced security. TACT allows administrators to configure the web server to enforce additional PKI constraints during the authentication process. The following operating systems are supported: Windows Server 2008, Windows Server 2008R2, Windows Server 2012, Windows 7 and Windows 8.
 
Unclassified/FOUO
Trust Store Management *PKI
This presentation focuses on the various PKI certificate trust stores a system can leverage for PK-enabling applications and services. This will include topics of how to manage (add/remove, lockdown, control) PKI Root and Subordinate CA certificates, and which applications/services leverage which trust stores. (PDF Download) 1,737 KB
 
Unclassified/FOUO
Tumbleweed Desktop Validator 4.10/4.11 Workstation and Server Configuration
 
Tumbleweed Desktop Validator 4.10/4.11 Workstation and Server Configuration
 
This guide provides instructions for configuring Tumbleweed Desktop Validator 4.10 according to DoD best practices. Configuration files for DoD, ECA, DoD Approved External CAs, and NSS and SIPRNET Legacy CAs are also available as separate downloads. The below configuration files have been prepared by the DoD PKE team to support high-volume servers operating in NIPRNet or SIPRNet environments. These files are intended for servers only. For workstation configuration information, please review the guidance in the Axway/Tumbleweed configuration guide.
 
Unclassified
Tumbleweed Validation Authority: Configuring for Tactical Environments *PKI
This document provides step-by-step guidance on configuring Axway (Tumbleweed) Validation Authority (VA) to support various tactical environment scenarios. (PDF Download) Date: 01/06/2015 | Size: 626 KB
 
Unclassified
United States Department of Defense External Certification Authority X.509 Certificate Policy
 
This Certificate Policy (CP) governs the operation of the ECA Public Key Infrastructure (PKI), consisting of products and services that provide and manage X.509 certificates for public-key cryptography. The United States (US) DoD has established the External Certification Authority (ECA) program to support the issuance of DoD-approved certificates to industry partners and other external entities and organizations. The ECA program is designed to provide the mechanism for these entities to securely communicate with the DoD and authenticate to DoD Information Systems. (PDF Download) Date: 01/10/2015 | Size: 1,232 KB
 
Unclassified
The S-Interoperability Certificate Policy outlines the policy for the secret level multi-domain Public Key Infrastructure created by the S-Interop Root CA and defines the procedures for the approval and issuance of cross-certificates to member Certification Authorities. (PDF Download) Date: 01/05/2012 | Size: 449 KB
 
Unclassified
The United States Department of Defense Certificate Policy (CP) is the unified policy under which a Certification Authority (CA) operated by a DoD component is established and operates. This document defines the creation and management of Version 3 X.509 public key certificates for use in applications requiring communication between networked computer-based systems. (PDF Download) Date: 01/23/2013 | Size: 894 KB
 
Unclassified
US Cyber Command Orders and Directives links page.US Cyber Command Orders and Directives (Web Link)
 
Unclassified/FOUO
(U//FOUO) This CAM outlines activities that DoD Components must undertake to prepare for the rollout and use of the SIPRNet PKI tokens. A future document will be released establishing compliance dates. CAM 11_004 (LINK to PDF Download)
 
Unclassified
USCYBERCOM GENADMIN 16-0073 *PKI
This message provides a revised schedule and additional details on the migration. (PDF Download)
 
Unclassified
This slick sheet provides an overview of how PKI technology can be used within WLANs. (PDF Download) Date: 10/12/2012 | Size: 795 KB
 
Unclassified
Using Your BlackBerry with a First-Generation Smart Card Reader *PKI
This slick sheet describes how to pair a BlackBerry device with a first-generation smart card reader to digitally sign and encrypt email using your CAC certificates. (PDF Download) Date: 10/12/2012 | Size: 396 KB
 
Unclassified
Using Your BlackBerry with a Second-Generation Smart Card Reader *PKI
This slick sheet describes how to pair a BlackBerry device with a second-generation smart card reader to digitally sign and encrypt email using your CAC certificates. (PDF Download) Date: 10/12/2012 | Size: 394 KB
 
Unclassified
This guide provides step-by-step instructions to quickly verify the digital signature on DoD PKE tools. (PDF Download) Date: 01/29/2014 | Size: 442 KB
 
Unclassified 
Unclassified
(WMV Download) Size: 24,655 KB
 
Unclassified
VMWare Horizon View v5.2/5.3: Configuring for Use with DoD PKI
This guide is written for DoD system or network administrators and provides instructions for configuring the VMware Horizon View product suite to utilize DoD PKI in accordance with DoD best practices. (PDF Download) Date: 11/05/2014 | Size: 413 KB
 
Unclassified
This guide provides instructions for configuring VMware View for secure authentication and communications using DoD PKI. (PDF Download) Date: 01/08/2013 | Size: 386 KB
 
Unclassified
This white paper discusses methods for improving the efficiency of the revocation checking portion of the certificate validation process. (PDF Download) Date: 10/2012 | Size: 309 KB
 
Unclassified
Why is my BlackBerry not working? *PKI
This slick sheet discusses common BlackBerry email error messages, their causes and resolutions. (PDF Download) Date: 08/15/2012 | Size: 277 KB
 
Unclassified
This guide provides instructions for configuring thin clients that run the Windows 7 Embedded Operating System (OS) for secure communications on SIPRNet. (PDF Download) Date: 01/27/2013 | Size: 596 KB
 
Unclassified
This guide provides instructions for configuring thin clients that run the Windows XP Embedded Operating System (OS) for secure communications on SIPRNet. (PDF Download) Date: 01/27/2013 | Size: 597 KB
 
Unclassified
This guide provides instructions for configuring a smart card logon-enabled Active Directory domain for authenticating users that connect via a wireless local area network (WLAN). (PDF Download) Date: 09/21/2012 | Size: 881 KB
 
Unclassified
Working with External PKIs - Version 5.5
This slick sheet provides an overview of the Federal PKI/Federal Bridge and discusses the usage of External PKIs within the DoD. (PDF Download) Date: 06/09/2016 | Size: 376 KB
 
Unclassified
X.509 Certificate Policy for the Federal Bridge Certification Authority (FBCA)
This Certificate Policy (CP) defines ten certificate policies for use by the Federal Bridge Certification Authority (FBCA) to facilitate interoperability between the FBCA and other Entity PKI domains. The FBCA enables interoperability among Entity PKI domains in a peer-to-peer fashion. The FBCA issues certificates only to those CAs designated by the Entity operating that PKI (called Principal CAs). The DoD Interoperability Root Certificate Authority (IRCA) is one such Principle CA.
 
Unclassified
This Certificate Policy (CP) defines ten certificate policies for use by the Federal Bridge Certification Authority (FBCA) to facilitate interoperability between the FBCA and other Entity PKI domains. The FBCA enables interoperability among Entity PKI domains in a peer-to-peer fashion. The FBCA issues certificates only to those CAs designated by the Entity operating that PKI (called Principal CAs). The DoD Interoperability Root Certificate Authority (IRCA) is one such Principle CA.
 
Unclassified
This guide provides instructions for configuring Oracle Sun Ray Session Server (SRSS)-based and PCoIP zero clients for use with the SIPRNet hardware token. Specific instructions for the Sun Ray 2FS, GD Tadpole M1500, and Teradici zero clients are included. (PDF Download) Date: 01/27/2013 | Size: 546 KB