Overview of the NIST Public Key Infrastructure Program  working towards the development of a Federal PKI    The National Institute of Standards and Technology (NIST) is taking a leadership role in the development of a Federal Public Key Infrastructure that supports digital signatures and other public key-enabled security services. In doing this, NIST is coordinating with industry and technical groups developing PKI technology such as the Federal PKI Steering Committee and its Technical Working Group (TWG), CommerceNet, Internet's PKIX, and the Open Group. NIST chairs the TWG, which is composed of technical representatives from Federal agencies and industry. Active since October 1994, the TWG has developed initial versions of a requirements document, a concept of operations, a technical security policy, an X509 v3 certificate profile, and an interoperability report. These documents are available below. NIST is represented in the Federal PKI Steering Committee chaired by the Government Information Technology Services (GITS) IT10.03 and maintains contact with the Federal PKI Business Working Group.   In addition to work within the TWG, NIST has several laboratory-based activities. The first activity is developing a Minimum Interoperability Specification for PKI Components (MISPC). This activity involved industry participants through Cooperative Research and Development Agreements (CRADAs). During this activity the NIST PKI Team (1) exercised implementations of PKI components provided by CRADA participants and examining their features, (2) identified a minimum set of desirable features, and (3) drafted the specification. Industry participants had a review period to examine the draft specification and comment on its feasibility. The PKI Team evaluated the comments received, made appropriate changes. and released a draft for public comment.   Additional laboratory activities include the development of a Reference Implementation and the initial implementation of a root Certification Authority (CA) for the Federal PKI. The purpose of the Reference Implementation is to have a proof of concept for the MISPC that will be available for testing of commercial implementations. The Reference Implementation need not be as efficient and robust as an operational system but it must be well-behaved and function correctly. The initial implementation of a root CA involves the development of a procurement specification for a CA based on the MISPC and the procurement of an operational CA. The purpose of this root CA is to examine hierarchical and non-hierarchical CA relationships, scalability, and other operational issues. In addition, the minimum interoperability specification will be available to companies and to Government agencies developing their own procurement specifications for PKI components and/or services.   NIST envisions a follow on activity that will develop a test suite for conformance to the MISPC. The test suite may be used in establishing an interoperability validation service for PKI components. Although many details regarding this service remain to be defined, it is likely that independent commercial entities would be accredited to perform the tests.

 

NIST PKI Home Page     CSRC Home Page   NIST's Homepage  NIST Security Division