gsa / fpki-guides Goto Github PK
View Code? Open in Web Editor NEWThis is the old location for the FPKI Playbook. New location below.
Home Page: https://playbooks.idmanagement.gov/fpki/
License: Other
This is the old location for the FPKI Playbook. New location below.
Home Page: https://playbooks.idmanagement.gov/fpki/
License: Other
Need to add additional content pertaining to FPKI CRLs and Certificates
A content page that includes links to the common FPKI artificats agencies request for download. Also provides an overview of information about FPKI CRLs and Certificates.
https://github.com/GSA/fpki-guides/blob/staging/pages/fpki_crls.md
This would be new -- not based on any particular existing document. Target audience is agency relying parties and their staff. Guide would address topics such as:
Indicators have been added to highlight key pieces of information - I like it
Should we align the format with icons and colors from US Web Design Standards?
https://standards.usa.gov/alerts/
Thoughts? If so, and you want to update - I can also pull the styles / merge with the ficam-arch style updates; then we can push packages to each repo en masse
This derives from Issue #29
This would be new -- not based on any particular existing document. Target audience is agency relying parties....
Educate / facilitate agency end user populations obtaining FPKI credentials
LaChelle: obtaining credentials? Low priority.
This playbook would be new -- not derived from an existing document. The playbook would explain the various contexts and steps for a citizen to obtain a credential to access a federal system. This might include a TFS scenario, PIV-I Card scenario, direct from agency scenario, etc. The target audience is primarily citizens, but others (e.g., credential issuers, relying parties) might also be interested.
@MattKing1 is developing a playbook to explain how to use the FPKI Overlay of NIST SP 800-53
This playbook provides guidance to Affiliates on how to complete the Certificate Request Form when requesting a new certificate from the FPKI
This would be new -- not a conversion of an existing document. The FPKI has two different mapping tables. The FPKI Applicant Certification Mapping Tableis used by non-SSPs to map their Certificate Policy against the FBCA Certificate Policy. The FPKI Common Policy Framework CPS Evaluation Table is for SSPs to map their Certification Practice Statement against FCPCA Certificate Policy The mapping tables are used during the application (full mapping) process and subsequent audits (delta mappings). This playbook will explain the differences between the mapping tables, when to use, and how to use.
Target audience are FPKI Affiliates/SSPs who must complete the applicable mapping tables, as well as auditors that will facilitate use of the mapping tables and review completed mappings.
Need a clear and concise introduction for the FPKI-Guides Playbook.
Add more details to current intro page. A visitor to the site may not know what playbooks or the FPKI is so a clear intro explaining the two is needed.
Leverage, where possible, the wording and structure of other playbook introductions.
A content page that explains what playbooks are as well as FPKI in a clear and concise manner. The page should be understandable by both Program Managers and System Engineers.
https://github.com/GSA/fpki-guides/blob/staging/pages/fpki_intro.md
This derives from Issue #29
This would be new -- not based on any particular existing document. Target audience is agency relying parties.....
How to configure agency system to accept the selected credentials
LaChelle: is being covered elsewhere (slowly) and most certainly can't be covered in one generic guide!
I am converting this document into a play.
https://www.idmanagement.gov/IDM/servlet/fileField?entityId=ka0t0000000TNOEAA4&field=File__Body__s
Currently the index.html in the root directory of FPKI Guides has an include pointing to _includes/index.md. Should we use this for the intro content instead of /pages/fpki_intro.md? Otherwise, should we copy the way the intro page is setup in PIV-Guides?
Currently, there are 2 intro pages, the /index.html is being served first, then the /pages/fpki_intro.md page is served when a user clicks on the Introduction side menu link.
Public Key Infrastructure topics are needed to help program managers and engineers understand what a Public Key Infrastructure is, and what the Federal Public Key Infrastructure contains.
A content page that includes topics and information about what Public Key Infrastructure is, what it contains, and what it is used for.
https://github.com/GSA/fpki-guides/blob/staging/pages/fpki_pki.md
#29 breakdown
This would be new -- not based on any particular existing document. Target audience is agency relying parties. Guide would address topics such as:
Making agencies aware of different types of FPKI credentials
@dasgituser thoughts?
Add an Issue template
Purpose: to gather good information for each issue opened
NIST 800-63-3 (https://github.com/usnistgov/800-63-3/issues?q=is%3Aopen+is%3Aissue) has an example to review and modify
Include info decided for #20
Will be a compilation of material in various places including the existing PIV-I FAQ. Will also leverage / build upon similar playbook LaChelle has already started. Target audience is agency relying parties. FAQ content would include things such as:
This would be new -- not based on any particular existing document. Target audience is agency relying parties. Guide would address topics such as:
This playbook provides an overview of the FPKI Trust Infrastructure
Derives from Issue #29
This would be new -- not based on any particular existing document. Target audience is agency relying parties....
Determine which to accept for their applications
LaChelle: which to accept? No priority for now. This is based on risk assessments and we want to align with 800-63-3 draft and forward thinking changes in progress.
Need a list of FAQs most common to the Federal PKI
A content page that contains FPKI related FAQs as well as links to other topics related to FPKI
This playbook provides a description of how to use the FPKI X.509 Certificate and CRL Extensions Profile
This playbook provides a description of how to use the SSP X.509 Certificate and CRL Extensions Profile. This will help Shared Service Providers operating within the FPKI to better understand and utilize the Profile, which is essential for establishing commonality and interoperability within the FPKI. This how-to playbook will be new (not from an existing document). The SSP X.509 Certificate and CRL Extensions Profile document will also be converted into markdown for publication on github.
The FPKI Management Authority's Community Interoperability Test Environment (CITE) Participation Guidance will be converted into a playbook. CITE provides the FPKI Community with
a test environment to: (1) identify and resolve technical issues across Affiliates PKIs, and (2) ensure proper functionality of respective system changes prior to deploying them in a production environment. The Guidance document informs and instructs FPKI Affiliates how to access and use CITE. Encourageing use (and proper use) helps create more robust/reliable FPKI consistency and proper functioning.
This playbook provides guidance on how FPKI Compliance Audit results can be leveraged to show compliance with C&A requirements
@dasgituser (Dave Silver) is converting document to a play - https://www.idmanagement.gov/IDM/servlet/fileField?entityId=ka0t0000000TNHNAA4&field=File__Body__s
Add or modify content on the Overview Page
Current content is already posted on this page. Determine what else can be added to give a general overview of FPKI and then add the new content.
A content page that provides an overview of FPKI in a clear and concise manner.
https://github.com/GSA/fpki-guides/blob/staging/pages/fpki_overview.md
This playbook provides a description of how to use the PIV-I X.509 Certificate and CRL Extensions Profile. This will help PIV-I Card Issuers operating within the FPKI to better understand and utilize the Profile, which is essential for establishing commonality and interoperability within the FPKI. This how-to playbook will be new (not from an existing document). The PIV-I X.509 Certificate and CRL Extensions Profile document will also be converted into markdown for publication on github.
@dasgituser (Dave Silver) and @tkpk (Giuseppe Cimmino) are converting the FPKI Management Authority''s Trust Store Management Guide to a playbook. The Federal Public Key Infrastructure Management Authority designed and created the Trust Store Management Guide as an education resource for Department, Agency, corporate, and other organizational system level administrators and managers who use the Federal Public Key Infrastructure (FPKI) as part of regular business practices.
Save the Common Policy (FCPCA) root certificate to your system:
http://http.fpki.gov/fcpca/fcpca.crt
The DN for the Common Policy CA is:
cn=Federal Common Policy CA, ou=FPKI, o=U.S. Government, c=US
The sha1 Thumbprint is:
90 5f 94 2f d9 f2 8f 67 9b 37 81 80 fd 4f 84 63 47 f6 45 c1
Inside FireFox click on the menu bars in the top right corner,
select options,
select advanced,
select View Certificates
Select the Authorities Tab
Click import
Browse to where you have saved the FCPCA self-signed certificate.
Select the file and click open
Highlight the certificate and click Edit Trust
Select
This certificate can identify websites and
This certificate can identity mail users
Click OK
Derives from Issue #29
Make agencies aware of different types of FPKI credentials
LaChelle: different types? This is a perfect, small, short, no acronym section. Medium to high priority?
Need an overview of Trust Stores that explains what they are, the different types of trust stores, etc.
There is already a trust store page on PIV-Guides. Reference this page and see what else we could add.
A content page that includes an overview of Trust Stores
https://github.com/GSA/fpki-guides/blob/staging/pages/fpki_truststores.md
This playbook provides an overview of the historical purpose and plan for the FPKI and FBCA
This playbook provides guidance to agencies on how to leverage the C&A conducted by GSA when the agency completes its FISMA assessment of the agency's SSP
This playbook provides guidance to PIV Card Issuers on how to complete annual Card Testing
This derives from Issue #29
This would be new -- not based on any particular existing document. Target audience is agency relying parties.....
PKI-specific enrollment/activation (if not fully covered in another playbook that we are aware of)
LaChelle: needs more info
@dasgituser: how-to guide describing what a relying party application needs to do to map the asserted identity to some provisioned account in the system. I believe FICAM Roadmap discusses this topic in general, so we might leverage that material and frame it in terms of PKI certificates.
@dasgituser will convert the PIV-I for NFI document to a playbook (started but currently on hold). The playbook provides solutions for overcoming the barriers to federal reliance on non-federal identity cards, and summarizes some of the core PIV-I requirements. Better understanding the PIV-I concept and associated core requirements, as well as knowing where to go for the full set of PIV-I requirements should help potential PIV-I Providers as well as federal relying parties.
This playbook provides guidance for issuing device certificates.
Need to update current Certificate Authorities page to include more information about the FPKI certificate authorities.
A content page that includes basic information about the FPKI Certificate Authorities including links to policies.
https://github.com/GSA/fpki-guides/blob/staging/pages/fpki_cas.md
A glossary that includes an alphabetical list of terms or words found throughout the FPKI Guides Playbook
http://pki.treas.gov/glossary.htm
A content page that includes a glossary for FPKI Guide Playbook
https://github.com/GSA/fpki-guides/blob/staging/pages/fpki_glossary.md
(I work in GSA IT, Office of the CTO. I am submitting this as part of our work to ensure GSA complies with the new Federal Source Code Policy.)
GSA needs to create an inventory of all agency source code, whether open source or closed source. The inventory we create will appear on Code.gov. The inventory will contain basic information about each source code repository, but will not include the source code itself. Please read the implementation guide and use it to submit this repository to the inventory by December 5.
Basically, please do one of the following, the details of which are described in the implementation guide:
.codeinventory.yml
or .codeinventory.json
) to this repository (optionally, use this tool to generate a metadata file)Let me know if you would like me to open a PR with an example .codeinventory.yml
file.
Please let me know if you have any questions.
Thanks!
References:
This playbook provides an overview of the registration Authority (RA), and the relationship of the PKI Shared Service Providers (SSPs) with the RA function
This playbook provides guidance to PIV-I providers for testing of PIV-I credentials
Need a landing page for all tools useful for FPKI.
Include tools including links to software, checklists, other useful guides, etc.
A content page that includes useful links to PKI tools.
https://github.com/GSA/fpki-guides/blob/staging/pages/fpki_tools.md
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.