Department of Navy Chief Information Officer - Policy: Update to DoD CIO Memorandum on Commercial Public Key Infrastructure Certificates on Public-Facing DoD Websites

Update to DoD CIO Memorandum on Commercial Public Key Infrastructure Certificates on Public-Facing DoD Websites

DoD CIO Memo - Publish Date: 10/04/18

This memorandum updates and replaces DoD Chief Information Officer (CIO) Memorandum, "Commercial Public Key Infrastructure Certificates on Public-Facing DoD Websites," January 5, 2018. It provides clarification on where commercial certificates may be purchased and expands the policy for use of commercial certificates on DoD Mobile Device Management (MOM) systems.

Most commercial web browsers and operating systems do not explicitly trust DoD Public Key Infrastructure (PKI) certificates. This results in external users receiving an untrusted certificate message when trying to access DoD public facing websites. DoD and the Federal PKI program office are working together to implement a joint PKI which will be trusted by most widely-used commercial web browsers and operating systems. This should be available within the next 18 months. Until this capability is fully implemented, DoD Components may use commercial Secure Socket Layer device certificates in accordance with the attached criteria. Commercial device certificates may be installed on unclassified public-facing DoD websites and unclassified DoD MDM systems. DoD Components may also use commercial code-signing certificates to certify code on their websites.

This memorandum will remain in effect for two years from the date it is signed. The DoD CIO retains the discretion to modify the memorandum's terms and conditions, as well as its effective term. The point of contact for this matter is Mr. Andy Seymour at: (571) 372-6990, charles.a.seymour.civ@mail.miI.

TAGS: Cybersecurity, PKI

DON Public Key Infrastructure Implementation Guidance

Audit Readiness of IT Systems (3)	DIACAP (8)	Information Assurance (54)	NMCI (28)
Awards (45)	DON Enterprise Architecture (33)	Information Sharing (40)	Open Source (2)
Business Case Analysis (11)	Enterprise Licensing Agreements (13)	IT Asset Management (14)	Performance Measurement (1)
CIO Authorities (68)	Enterprise Services (27)	IT Efficiencies (100)	Personal Electronic Device (15)
Civil Liberties (22)	Enterprise Software Initiative (35)	IT Expenditure Approval Authority (12)	Printing and Imaging (Copiers/MFDs) (17)
Clinger-Cohen Act Compliance (12)	FISMA (5)	IT Governance (34)	Privacy (275)
Cloud Computing (30)	Forms/Reports (12)	IT Infrastructure (12)	Public Key Infrastructure (11)
Common Access Card (6)	Freedom of Information Act (28)	IT Investment Management (51)	Records Management (33)
Cybersecurity (235)	Functional Area Manager (6)	IT Portfolio Management (1)	Section 508 (9)
Cyberspace/IT Workforce (40)	GIG Standards (12)	Knowledge Management (31)	Social Media (29)
DADMS/DITPR-DON (30)	Governance (13)	Naval Enterprise Networks (32)	Spectrum (78)
Data at Rest (5)	Green IT (6)	Naval Networking Environment (9)	Telecommunications (67)
Data Center Consolidation (34)	Identity Management (98)	NGEN (20)	Wireless (70)
Data Strategy (16)	IM/IT Strategy (30)

Trending

Update to DoD CIO Memorandum on Commercial Public Key Infrastructure Certificates on Public-Facing DoD Websites

DoD CIO Memo - Publish Date: 10/04/18

TAGS: Cybersecurity, PKI

DON CIO Information

Online Services & Community