SC-17 Public Key Infrastructure Certificates
System and Communications Protection
Description
The organization issues public key certificates under an appropriate certificate policy or obtains public key certificates under an appropriate certificate policy from an approved service provider.\n
Supplemental Guidance
For user certificates, each agency either establishes an agency certification authority cross-certified with the Federal Bridge Certification Authority at medium assurance or higher or uses certificates from an approved, shared service provider, as required by OMB Memorandum 05-24. NIST Special Publication 800-32 provides guidance on public key technology. NIST Special Publication 800-63 provides guidance on remote electronic authentication.\n
Changes from Rev 4
Adds text to include only approved trust anchors in trust stores or certificate stores managed by the organization Discussion expanded to address trust anchors
Enhancements
(0) None.\n