Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

0913-annual-review-requirements-update #1156

Merged
merged 9 commits into from
Oct 3, 2024
42 changes: 26 additions & 16 deletions _data/fpkidocs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@
# Status Post - Post it to the website;
# Status Archive - Document is three years old or no longer valid. The document is actually retained in this repository, but not posted to the website.
# Remove - Date to change status from post to archive. This could be three years for change proposals or three years from when a document was replaced.
#
# Used on: https://www.idmanagement.gov/fpki/

- category: FPKIMA Audit Letter
numberProposal: 2023
Expand Down Expand Up @@ -325,14 +327,6 @@
status: post
remove: 05/06/2025

- category: Supplementary Guidance
numberProposal: 1.01
name: FPKI Annual Audit Review Guidelines v1.01
date: 09/29/2021
url: /docs/archived/fpki-annual-review-requirements_v1.01_20210929.pdf
status: post
remove: 09/29/2024

- category: Supplementary Guidance
numberProposal: 2.0.1
name: Personal Identity Verification Interoperability for Issuers v2.0.1
Expand Down Expand Up @@ -951,14 +945,6 @@
status: post
remove: 06/28/2024

- category: Supplementary Guidance
numberProposal: 1.0
name: FPKI Annual Audit Review Guidelines v1.0
date: 04/11/2017
url: /docs/archived/fpki-annual-review-requirements-v1-20170411.pdf
status: post
remove: 09/30/2024

- category: Supplementary Guidance
numberProposal: 2.0
name: NIST SP 800-53 Security Controls Overlay for PKI Systems v2.0
Expand Down Expand Up @@ -1014,3 +1000,27 @@
url: /docs/archived/us-federal-public-trust-tls-cp-v1-0-final.pdf
status: post
remove: 02/06/2026

- category: Annual Review Guidance
numberProposal: 1.2
name: FPKI Annual Review Requirements v1.2
date: 05/06/2022
url: /docs/archived/fpki-annual-review-requirements_v1.2_20240913.pdf
status: post
remove: 09/13/2027

- category: Annual Review Guidance
numberProposal: 1.01
name: FPKI Annual Review Requirements v1.01
date: 09/29/2021
url: /docs/archived/fpki-annual-review-requirements_v1.01_20210929.pdf
status: post
remove: 09/29/2024

- category: Annual Review Guidance
numberProposal: 1.0
name: FPKI Annual Review Requirements v1.0
date: 04/11/2017
url: /docs/archived/fpki-annual-review-requirements_v1.0_20170411.pdf
status: post
remove: 09/30/2024
2 changes: 1 addition & 1 deletion _ficampmo/fpki.md
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ Independent compliance audits are the primary way that the Federal Public Key In

Audits are required annually for supporting functions and elements of each entity. Annual review packages should be submitted to [fpki@gsa.gov](mailto:fpki@gsa.gov).

- [FPKI Annual Review Requirements (PDF, May 2022)]({{site.baseurl}}/docs/fpki-annual-review-requirements.pdf){:target="_blank"}{:rel="noopener noreferrer"} – This document includes requirements for performing and reporting annual compliance audits.
- [FPKI Annual Review Requirements (PDF, September 2024)]({{site.baseurl}}/docs/fpki-annual-review-requirements.pdf){:target="_blank"}{:rel="noopener noreferrer"} – This document includes requirements for performing and reporting annual compliance audits.
- [RA Audit Guidance Memorandum (PDF, October 2022]({{site.baseurl}}/docs/fpki-ra-audit-guidance.pdf){:target="_blank"}{:rel="noopener noreferrer"} – This FPKIPA Memorandum reiterates the necessity of RA audits in supporting PKI operations, normalizes differing terminology used across various references, and provides options for reducing potential duplication of RA audit efforts, as applicable to PIV issuers.
- Annual PIV and PIV-I Credential Issuer (PCI) Test Report: This test report supports the FPKI Annual Reviews and can be done either in person at the GSA FIPS 201 lab or remotely by the package submitter. Further details related to the Annual PCI Testing are located [here]({{site.baseurl}}/fips201ep/#personal-identity-verification-credentials).
- [Non-Compliance Management Framework For The Federal Public Key Infrastructure (FPKI) (PDF, January 2016)]({{site.baseurl}}/docs/fpki-nmf.pdf){:target="_blank"}{:rel="noopener noreferrer"} - This document provides guidance for the FPKI Policy Authority (FPKIPA) for responding to situations in which an FPKI FBCA member is not meeting their Memorandum of Agreement (MOA) requirements and obligations.
Expand Down
Binary file not shown.
Binary file modified docs/fpki-annual-review-requirements.pdf
Binary file not shown.