Department of Navy Chief Information Officer - Policy: Update to DoD CIO Memorandum on Commercial Public Key Infrastructure Certificates on Public-Facing DoD Websites

Update to DoD CIO Memorandum on Commercial Public Key Infrastructure Certificates on Public-Facing DoD Websites

DoD CIO Memo - Publish Date: 10/04/18

This memorandum updates and replaces DoD Chief Information Officer (CIO) Memorandum, "Commercial Public Key Infrastructure Certificates on Public-Facing DoD Websites," January 5, 2018. It provides clarification on where commercial certificates may be purchased and expands the policy for use of commercial certificates on DoD Mobile Device Management (MOM) systems.

Most commercial web browsers and operating systems do not explicitly trust DoD Public Key Infrastructure (PKI) certificates. This results in external users receiving an untrusted certificate message when trying to access DoD public facing websites. DoD and the Federal PKI program office are working together to implement a joint PKI which will be trusted by most widely-used commercial web browsers and operating systems. This should be available within the next 18 months. Until this capability is fully implemented, DoD Components may use commercial Secure Socket Layer device certificates in accordance with the attached criteria. Commercial device certificates may be installed on unclassified public-facing DoD websites and unclassified DoD MDM systems. DoD Components may also use commercial code-signing certificates to certify code on their websites.

This memorandum will remain in effect for two years from the date it is signed. The DoD CIO retains the discretion to modify the memorandum's terms and conditions, as well as its effective term. The point of contact for this matter is Mr. Andy Seymour at: (571) 372-6990, charles.a.seymour.civ@mail.miI.

TAGS: Cybersecurity, PKI

DON Public Key Infrastructure Implementation Guidance

Audit Readiness of IT Systems (2)	DIACAP (8)	IM/IT Strategy (30)	NGEN (20)
Awards (44)	DON Enterprise Architecture (32)	Information Assurance (50)	NMCI (28)
Business Case Analysis (11)	Enterprise Licensing Agreements (13)	Information Sharing (39)	Open Source (2)
CIO Authorities (50)	Enterprise Services (23)	IT Asset Management (13)	Personal Electronic Device (13)
Civil Liberties (21)	Enterprise Software Initiative (32)	IT Efficiencies (91)	Printing and Imaging (Copiers/MFDs) (18)
Clinger-Cohen Act Compliance (11)	FISMA (4)	IT Expenditure Approval Authority (12)	Privacy (257)
Cloud Computing (30)	Forms/Reports (11)	IT Governance (34)	Public Key Infrastructure (10)
Common Access Card (6)	Freedom of Information Act (25)	IT Infrastructure (12)	Records Management (31)
Cybersecurity (229)	Functional Area Manager (6)	IT Investment Management (49)	Section 508 (9)
Cyberspace/IT Workforce (36)	GIG Standards (12)	IT Portfolio Management (1)	Social Media (27)
DADMS/DITPR-DON (26)	Governance (11)	Knowledge Management (28)	Spectrum (73)
Data at Rest (5)	Green IT (6)	Naval Enterprise Networks (30)	Telecommunications (62)
Data Center Consolidation (34)	Identity Management (93)	Naval Networking Environment (8)	Wireless (66)
Data Strategy (13)

Trending

Update to DoD CIO Memorandum on Commercial Public Key Infrastructure Certificates on Public-Facing DoD Websites

DoD CIO Memo - Publish Date: 10/04/18

TAGS: Cybersecurity, PKI

DON CIO Information

Online Services & Community