diff --git a/_data/fpkidocs.yml b/_data/fpkidocs.yml index cef6d7bc..e6f4afbc 100644 --- a/_data/fpkidocs.yml +++ b/_data/fpkidocs.yml @@ -4,6 +4,8 @@ # Status Post - Post it to the website; # Status Archive - Document is three years old or no longer valid. The document is actually retained in this repository, but not posted to the website. # Remove - Date to change status from post to archive. This could be three years for change proposals or three years from when a document was replaced. +# +# Used on: https://www.idmanagement.gov/fpki/ - category: FPKIMA Audit Letter numberProposal: 2023 @@ -325,14 +327,6 @@ status: post remove: 05/06/2025 -- category: Supplementary Guidance - numberProposal: 1.01 - name: FPKI Annual Audit Review Guidelines v1.01 - date: 09/29/2021 - url: /docs/archived/fpki-annual-review-requirements_v1.01_20210929.pdf - status: post - remove: 09/29/2024 - - category: Supplementary Guidance numberProposal: 2.0.1 name: Personal Identity Verification Interoperability for Issuers v2.0.1 @@ -951,14 +945,6 @@ status: post remove: 06/28/2024 -- category: Supplementary Guidance - numberProposal: 1.0 - name: FPKI Annual Audit Review Guidelines v1.0 - date: 04/11/2017 - url: /docs/archived/fpki-annual-review-requirements-v1-20170411.pdf - status: post - remove: 09/30/2024 - - category: Supplementary Guidance numberProposal: 2.0 name: NIST SP 800-53 Security Controls Overlay for PKI Systems v2.0 @@ -1014,3 +1000,27 @@ url: /docs/archived/us-federal-public-trust-tls-cp-v1-0-final.pdf status: post remove: 02/06/2026 + +- category: Annual Review Guidance + numberProposal: 1.2 + name: FPKI Annual Review Requirements v1.2 + date: 05/06/2022 + url: /docs/archived/fpki-annual-review-requirements_v1.2_20240913.pdf + status: post + remove: 09/13/2027 + +- category: Annual Review Guidance + numberProposal: 1.01 + name: FPKI Annual Review Requirements v1.01 + date: 09/29/2021 + url: /docs/archived/fpki-annual-review-requirements_v1.01_20210929.pdf + status: post + remove: 09/29/2024 + +- category: Annual Review Guidance + numberProposal: 1.0 + name: FPKI Annual Review Requirements v1.0 + date: 04/11/2017 + url: /docs/archived/fpki-annual-review-requirements_v1.0_20170411.pdf + status: post + remove: 09/30/2024 diff --git a/_ficampmo/fpki.md b/_ficampmo/fpki.md index 56bbef8e..67c5e7ce 100644 --- a/_ficampmo/fpki.md +++ b/_ficampmo/fpki.md @@ -64,7 +64,7 @@ Independent compliance audits are the primary way that the Federal Public Key In Audits are required annually for supporting functions and elements of each entity. Annual review packages should be submitted to [fpki@gsa.gov](mailto:fpki@gsa.gov). -- [FPKI Annual Review Requirements (PDF, May 2022)]({{site.baseurl}}/docs/fpki-annual-review-requirements.pdf){:target="_blank"}{:rel="noopener noreferrer"} – This document includes requirements for performing and reporting annual compliance audits. +- [FPKI Annual Review Requirements (PDF, September 2024)]({{site.baseurl}}/docs/fpki-annual-review-requirements.pdf){:target="_blank"}{:rel="noopener noreferrer"} – This document includes requirements for performing and reporting annual compliance audits. - [RA Audit Guidance Memorandum (PDF, October 2022]({{site.baseurl}}/docs/fpki-ra-audit-guidance.pdf){:target="_blank"}{:rel="noopener noreferrer"} – This FPKIPA Memorandum reiterates the necessity of RA audits in supporting PKI operations, normalizes differing terminology used across various references, and provides options for reducing potential duplication of RA audit efforts, as applicable to PIV issuers. - Annual PIV and PIV-I Credential Issuer (PCI) Test Report: This test report supports the FPKI Annual Reviews and can be done either in person at the GSA FIPS 201 lab or remotely by the package submitter. Further details related to the Annual PCI Testing are located [here]({{site.baseurl}}/fips201ep/#personal-identity-verification-credentials). - [Non-Compliance Management Framework For The Federal Public Key Infrastructure (FPKI) (PDF, January 2016)]({{site.baseurl}}/docs/fpki-nmf.pdf){:target="_blank"}{:rel="noopener noreferrer"} - This document provides guidance for the FPKI Policy Authority (FPKIPA) for responding to situations in which an FPKI FBCA member is not meeting their Memorandum of Agreement (MOA) requirements and obligations. diff --git a/docs/archived/fpki-annual-review-requirements-v1-20170411.pdf b/docs/archived/fpki-annual-review-requirements_v1.0_20170411.pdf similarity index 100% rename from docs/archived/fpki-annual-review-requirements-v1-20170411.pdf rename to docs/archived/fpki-annual-review-requirements_v1.0_20170411.pdf diff --git a/docs/archived/fpki-annual-review-requirements_v1.2_20240913.pdf b/docs/archived/fpki-annual-review-requirements_v1.2_20240913.pdf new file mode 100644 index 00000000..8997f696 Binary files /dev/null and b/docs/archived/fpki-annual-review-requirements_v1.2_20240913.pdf differ diff --git a/docs/fpki-annual-review-requirements.pdf b/docs/fpki-annual-review-requirements.pdf index 5f86aaca..f84ead06 100644 Binary files a/docs/fpki-annual-review-requirements.pdf and b/docs/fpki-annual-review-requirements.pdf differ