Update to DoD CIO Memorandum on Commercial Public Key Infrastructure Certificates on Public-Facing DoD Websites

DoD CIO Memo - Publish Date: 10/04/18


download PDF

This memorandum updates and replaces DoD Chief Information Officer (CIO) Memorandum, "Commercial Public Key Infrastructure Certificates on Public-Facing DoD Websites," January 5, 2018. It provides clarification on where commercial certificates may be purchased and expands the policy for use of commercial certificates on DoD Mobile Device Management (MOM) systems.

This memorandum updates and replaces DoD Chief Information Officer (CIO) Memorandum, "Commercial Public Key Infrastructure Certificates on Public-Facing DoD Websites," January 5, 2018. It provides clarification on where commercial certificates may be purchased and expands the policy for use of commercial certificates on DoD Mobile Device Management (MOM) systems.

Most commercial web browsers and operating systems do not explicitly trust DoD Public Key Infrastructure (PKI) certificates. This results in external users receiving an untrusted certificate message when trying to access DoD public facing websites. DoD and the Federal PKI program office are working together to implement a joint PKI which will be trusted by most widely-used commercial web browsers and operating systems. This should be available within the next 18 months. Until this capability is fully implemented, DoD Components may use commercial Secure Socket Layer device certificates in accordance with the attached criteria. Commercial device certificates may be installed on unclassified public-facing DoD websites and unclassified DoD MDM systems. DoD Components may also use commercial code-signing certificates to certify code on their websites.

This memorandum will remain in effect for two years from the date it is signed. The DoD CIO retains the discretion to modify the memorandum's terms and conditions, as well as its effective term. The point of contact for this matter is Mr. Andy Seymour at: (571) 372-6990, charles.a.seymour.civ@mail.miI.

TAGS: Cybersecurity, PKI

Related CHIPS Magazine