Merge pull request #496 from GSA/staging

Production Update 0828

_data/fpkinotifications.yml

@@ -27,6 +27,156 @@
 # ee_ocsp_uri:
 
 
+- notice_date: August 18, 2023
+  change_type: CA Certificate Issuance
+  system: FPKI Trust Infrastructure - Federal Common Policy CA G2
+  change_description: FCPCAG2 issued a certificate to the Entrust Managed Services Root CA certificate on July 14, 2023 in preperation for rekeys of the Entrust Managed Services CAs.
+  contact: fpki dash help at gsa.gov
+  ca_certificate_hash: d6be623683f2b47e94452c04fa1ab3ab631e83eb
+  ca_certificate_issuer: CN = Federal Common Policy CA G2, OU = FPKI, O = U.S. Government, C = US
+  ca_certificate_subject: OU = Entrust Managed Services Root CA, OU = Certification Authorities, O = Entrust, C = US
+  cdp_uri: http://repo.fpki.gov/fcpca/fcpcag2.crl
+  aia_uri: http://repo.fpki.gov/fcpca/caCertsIssuedTofcpcag2.p7c
+  sia_uri: http://rootweb.managed.entrust.com/SIA/CertsIssuedByEMSRootCA.p7c
+  ocsp_uri: N/A
+  ee_cdp_uri: http://rootweb.managed.entrust.com/CRLs/EMSRootCA4.crl
+  ee_ocsp_uri: N/A
+
+- notice_date: August 18, 2023
+  change_type: CA Certificate Issuance
+  system: Entrust PKI Shared Service Provider
+  change_description: Entrust issued a new certificate to the Entrust Managed Services SSP CA certificate, in support of a CA rekey.
+  contact: support at entrust dot com
+  ca_certificate_hash: 19fea49c468760edce9600a9da9657b484734d24
+  ca_certificate_issuer: OU = Entrust Managed Services Root CA, OU = Certification Authorities, O = Entrust, C = US
+  ca_certificate_subject: OU = Entrust Managed Services SSP CA, OU = Certification Authorities, O = Entrust, C = US
+  cdp_uri: http://rootweb.managed.entrust.com/CRLs/EMSRootCA4.crl
+  aia_uri: http://rootweb.managed.entrust.com/AIA/CertsIssuedToEMSRootCA.p7c
+  sia_uri: N/A
+  ocsp_uri: http://ocsp.managed.entrust.com/OCSP/EMSRootCAResponder
+  ee_cdp_uri: http://sspweb.managed.entrust.com/CRLs/EMSSSPCA4.crl
+  ee_ocsp_uri: http://ocsp.managed.entrust.com/OCSP/EMSSSPCAResponder
+
+- notice_date: August 18, 2023
+  change_type: CA Certificate Issuance
+  system: DoD Interoperability Root CA 2
+  change_description: The DoD Interoperability Root CA 2 issued a certificate to the DoD Root CA 6 on July 19, 2023.
+  contact: dodpke at mail dot mil
+  ca_certificate_hash: 917f2ef14bcb85bb6e7a20a0ce2e4055688fdce6
+  ca_certificate_issuer: CN=DoD Interoperability Root CA 2, OU=PKI, OU=DoD, O=U.S. Government, C=US
+  ca_certificate_subject: CN = DoD Root CA 6, OU = PKI, OU = DoD, O = U.S. Government, C = US
+  cdp_uri: http://crl.disa.mil/crl/DODINTEROPERABILITYROOTCA2.crl
+  aia_uri: http://crl.disa.mil/issuedto/DODINTEROPERABILITYROOTCA2_IT.p7c
+  sia_uri: http://crl.disa.mil/issuedby/DODINTEROPERABILITYROOTCA2_IB.p7c
+  ocsp_uri: http://ocsp.disa.mil/
+  ee_cdp_uri: http://crl.disa.mil/crl/DODROOTCA6.crl
+  ee_ocsp_uri: http://ocsp.disa.mil/
+
+- notice_date: August 18, 2023
+  change_type: CA Certificate Issuance
+  system: DoD Root CA 6
+  change_description: DoD Root CA 6 issued a certificate to DOD ID CA-73.
+  contact: dodpke at mail dot mil
+  ca_certificate_hash: d70c595bacc31b5a2948eb9cf259caf9d049d21f
+  ca_certificate_issuer: CN=DoD Root CA 6, OU=PKI, OU=DoD, O=U.S. Government, C=US
+  ca_certificate_subject: CN=DOD ID CA-73, OU=PKI, OU=DoD, O=U.S. Government, C=US
+  cdp_uri: http://crl.disa.mil/crl/DODROOTCA3.crl
+  aia_uri: http://crl.disa.mil/issuedto/DODROOTCA6_IT.p7c
+  sia_uri: N/A
+  ocsp_uri: http://ocsp.disa.mil
+  ee_cdp_uri: http://crl.disa.mil/crl/DODIDCA_73.crl
+  ee_ocsp_uri: http://ocsp.disa.mil
+
+- notice_date: August 18, 2023
+  change_type: CA Certificate Issuance
+  system: DoD Root CA 6
+  change_description: DoD Root CA 6 issued a certificate to DOD ID CA-72.
+  contact: dodpke at mail dot mil
+  ca_certificate_hash: ce68b25fa532d959935aeb2c29e1358531903535
+  ca_certificate_issuer: CN=DoD Root CA 6, OU=PKI, OU=DoD, O=U.S. Government, C=US
+  ca_certificate_subject: CN=DOD ID CA-72, OU=PKI, OU=DoD, O=U.S. Government, C=US
+  cdp_uri: http://crl.disa.mil/crl/DODROOTCA3.crl
+  aia_uri: http://crl.disa.mil/issuedto/DODROOTCA6_IT.p7c
+  sia_uri: N/A
+  ocsp_uri: http://ocsp.disa.mil
+  ee_cdp_uri: http://crl.disa.mil/crl/DODIDCA_72.crl
+  ee_ocsp_uri: http://ocsp.disa.mil
+
+- notice_date: August 18, 2023
+  change_type: CA Certificate Issuance
+  system: DoD Root CA 6
+  change_description: DoD Root CA 6 issued a certificate to DOD ID CA-70.
+  contact: dodpke at mail dot mil
+  ca_certificate_hash: 6005f7e39bd475ce11dd4b74bc85b9c7182b9a53
+  ca_certificate_issuer: CN=DoD Root CA 6, OU=PKI, OU=DoD, O=U.S. Government, C=US
+  ca_certificate_subject: CN=DOD ID CA-70, OU=PKI, OU=DoD, O=U.S. Government, C=US
+  cdp_uri: http://crl.disa.mil/crl/DODROOTCA3.crl
+  aia_uri: http://crl.disa.mil/issuedto/DODROOTCA6_IT.p7c
+  sia_uri: N/A
+  ocsp_uri: http://ocsp.disa.mil
+  ee_cdp_uri: http://crl.disa.mil/crl/DODIDCA_70.crl
+  ee_ocsp_uri: http://ocsp.disa.mil  
+
+- notice_date: August 18, 2023
+  change_type: CA Certificate Issuance
+  system: DoD Root CA 6
+  change_description: DoD Root CA 6 issued a certificate to DOD EMAIL CA-73.
+  contact: dodpke at mail dot mil
+  ca_certificate_hash: e1a523712ed8a5c581ce5fa6fef646cd1daf0b46
+  ca_certificate_issuer: CN=DoD Root CA 6, OU=PKI, OU=DoD, O=U.S. Government, C=US
+  ca_certificate_subject: CN=DOD EMAIL CA-73, OU=PKI, OU=DoD, O=U.S. Government, C=US
+  cdp_uri: http://crl.disa.mil/crl/DODROOTCA3.crl
+  aia_uri: http://crl.disa.mil/issuedto/DODROOTCA6_IT.p7c
+  sia_uri: N/A
+  ocsp_uri: http://ocsp.disa.mil
+  ee_cdp_uri: http://crl.disa.mil/crl/DODEMAILCA_73.crl
+  ee_ocsp_uri: http://ocsp.disa.mil    
+
+- notice_date: August 18, 2023
+  change_type: CA Certificate Issuance
+  system: DoD Root CA 6
+  change_description: DoD Root CA 6 issued a certificate to DOD EMAIL CA-72.
+  contact: dodpke at mail dot mil
+  ca_certificate_hash: 8c16e4e39988e295b84f29f80d16094ee4279c47
+  ca_certificate_issuer: CN=DoD Root CA 6, OU=PKI, OU=DoD, O=U.S. Government, C=US
+  ca_certificate_subject: CN=DOD EMAIL CA-72, OU=PKI, OU=DoD, O=U.S. Government, C=US
+  cdp_uri: http://crl.disa.mil/crl/DODROOTCA3.crl
+  aia_uri: http://crl.disa.mil/issuedto/DODROOTCA6_IT.p7c
+  sia_uri: N/A
+  ocsp_uri: http://ocsp.disa.mil
+  ee_cdp_uri: http://crl.disa.mil/crl/DODEMAILCA_72.crl
+  ee_ocsp_uri: http://ocsp.disa.mil   
+
+- notice_date: August 18, 2023
+  change_type: CA Certificate Issuance
+  system: DoD Root CA 6
+  change_description: DoD Root CA 6 issued a certificate to DOD EMAIL CA-70.
+  contact: dodpke at mail dot mil
+  ca_certificate_hash: d9e0eef2ed4ca189eace2535e4765267a5c368d0
+  ca_certificate_issuer: CN=DoD Root CA 6, OU=PKI, OU=DoD, O=U.S. Government, C=US
+  ca_certificate_subject: CN=DOD EMAIL CA-70, OU=PKI, OU=DoD, O=U.S. Government, C=US
+  cdp_uri: http://crl.disa.mil/crl/DODROOTCA3.crl
+  aia_uri: http://crl.disa.mil/issuedto/DODROOTCA6_IT.p7c
+  sia_uri: N/A
+  ocsp_uri: http://ocsp.disa.mil
+  ee_cdp_uri: http://crl.disa.mil/crl/DODEMAILCA_70.crl
+  ee_ocsp_uri: http://ocsp.disa.mil  
+
+- notice_date: August 18, 2023
+  change_type: CA Certificate Issuance
+  system: DoD Root CA 6
+  change_description: DoD Root CA 6 issued a certificate to DOD SW CA-74.
+  contact: dodpke at mail dot mil
+  ca_certificate_hash: 2941efe0f6521f186d006931efda110b97dc8248
+  ca_certificate_issuer: CN=DoD Root CA 6, OU=PKI, OU=DoD, O=U.S. Government, C=US
+  ca_certificate_subject: CN=DOD SW CA-70, OU=PKI, OU=DoD, O=U.S. Government, C=US
+  cdp_uri: http://crl.disa.mil/crl/DODROOTCA3.crl
+  aia_uri: http://crl.disa.mil/issuedto/DODROOTCA6_IT.p7c
+  sia_uri: N/A
+  ocsp_uri: http://ocsp.disa.mil
+  ee_cdp_uri: http://crl.disa.mil/crl/DODSWCA_74.crl
+  ee_ocsp_uri: http://ocsp.disa.mil  
+
 - notice_date: July 21, 2023
   change_type: Intent to Issue a CA Certificate
   system: CertiPath Bridge CA

_data/navigation.yml

@@ -15,7 +15,7 @@ partners:
   - text: Program Managers 
     href: /program-managers/
   - text: FIPS 201 - Approved Product List
-    href: /fips201/#approved-products---physical-access-control-systems # url updated to list everywhere?
+    href: /fips201/
   # - text: Phishing-Resistant Product Criteria
   #   href: /phish-criteria/
   - text: Federal Workforce Identity Services

_data/playbooks.yml

@@ -100,7 +100,7 @@
 - title: Windows Hello for Business Playbook
   type: Webpage
   pubdate: 2022-12
-  description: Windows Hello for Business (WHfB) is a playbook to guide administrators through planning, configuring, testing, and implemention.
+  description: Windows Hello for Business (WHfB) is a playbook to guide administrators through planning, configuring, testing, and implementation.
   url: "/playbooks/whfb/"
   header: "/assets/playbooks/headers/playbook_05.png"
   target: _self

_ficampmo/ficampmo.md

@@ -42,12 +42,12 @@ Through this four-part framework, the GSA FICAM Program leads or coordinates the
    2. NIST Special Publication 800-63
    3. GSA FIPS 201 Functional Requirements and Test Cases
 3. Recognition
-   1. Workforce identity trust services
-   2. FIPS 201 Approved Product List
+   1. [Workforce identity trust services]({{site.baseurl}}/trust-services) - The current service providers that have an identity federation agreement with the U.S. government.
+   2. [FIPS 201 Approved Product List]({{site.baseurl}}/fips201/) - List of tested and certified products from the FIPS 201 Evaluation Program.
    3. [GSA PKI Shared Service Provider Program]({{site.baseurl}}/gsapkissp/) - Manage commercial PKI service providers that issue Federally-compliant digital certificates.
 4. Compliance
-   1. [FIPS 201 Evaluation Program]({{site.baseurl}}/fips201/) - Tests and certify services and commercial products used in PIV credentialing systems and physical access control systems.
-   2. Federal PKI Annual Review Process
+   1. [FIPS 201 Evaluation Program]({{site.baseurl}}/fips201ep/) - Tests and certify services and commercial products used in PIV credentialing systems and physical access control systems.
+   2. [Federal PKI Annual Review Process]({{site.baseurl}}/fpki/#annual-review-requirements-for-all-certification-authorities) - Independent compliance audit requirement and schedule of Federal PKI Certification Authorities.
 
 # ICAM Governance Bodies
 

_ficampmo/gsapkissp.md

@@ -84,7 +84,7 @@ If a vendor fails to be added to the Multiple Award Schedule, GSA will rescind t
 ### Should My Company Apply to the Program?
 There are multiple advantages to becoming a GSA PKI SSP. They are as follows:
 
-- You will leverage your existing PKI platform to also offer federal PKI certificates.
+- You will provide a platform to offer federal digital certificates.
 - Your Federal Government customers will want to procure your services with a GSA Multiple Award Schedule.
 - You will expand your federal customer footprint by marketing your service through the GSA Multiple Award Schedule (MAS).
 

_implement/certs/Entrust_Managed_Services_Root_CA_rekey.cer

@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIG3DCCBMSgAwIBAgIUJdo8yqoeFsUFD+qtnnEvG4ypDDowDQYJKoZIhvcNAQEM
+BQAwXDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsG
+A1UECxMERlBLSTEkMCIGA1UEAxMbRmVkZXJhbCBDb21tb24gUG9saWN5IENBIEcy
+MB4XDTIzMDcxNDE0NTExNVoXDTMwMTIyODE4MDAwMFowbjELMAkGA1UEBhMCVVMx
+EDAOBgNVBAoTB0VudHJ1c3QxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
+aXRpZXMxKTAnBgNVBAsTIEVudHJ1c3QgTWFuYWdlZCBTZXJ2aWNlcyBSb290IENB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4fJ53Nt5d8qcRoHFw9Xh
+TGDMSn9Mfo5hEZ7ite0QgTTDqFvgAhpTy2nCWTMZczbryHqWiNmmCa+AN5cu2oQh
+4gh5rokMj6TyrIMDK6fu47ry+nbMeocmV3XDvNFDufKcuJeRMZoED3utfy15YIOz
+EStJ8ZFkQZsKdzPs0Fhohk0ajPA3psE1kNsXO/MJeXrRG3/B+cbT3J6xuv+0WXLV
+15ltdqL957ELAZ8qXnYiXBOY6+om3JcEZADCXEgqpcop8f9zXe2Y62AryyTKpSdf
+4wcuZGWrkN0vTIGG82g3sZ0MMN2C+Dz0DANQWRgs3Oy+mG2T1lA1lMqRy5zui/mX
+NQIDAQABo4ICgjCCAn4wHQYDVR0OBBYEFBwh9eOVsXV+BodOt7DoM7HYigtlMB8G
+A1UdIwQYMBaAFPQnXKnDfEf0+qansFmXqt01JhfjMA4GA1UdDwEB/wQEAwIBBjAP
+BgNVHRMBAf8EBTADAQH/MIGzBgNVHSAEgaswgagwDAYKYIZIAWUDAgEDEjAMBgpg
+hkgBZQMCAQMTMAwGCmCGSAFlAwIBAxQwDAYKYIZIAWUDAgEDBjAMBgpghkgBZQMC
+AQMHMAwGCmCGSAFlAwIBAwgwDAYKYIZIAWUDAgEDJDAMBgpghkgBZQMCAQMNMAwG
+CmCGSAFlAwIBAxEwDAYKYIZIAWUDAgEDJzAMBgpghkgBZQMCAQMoMAwGCmCGSAFl
+AwIBAykwXQYIKwYBBQUHAQsEUTBPME0GCCsGAQUFBzAFhkFodHRwOi8vcm9vdHdl
+Yi5tYW5hZ2VkLmVudHJ1c3QuY29tL1NJQS9DZXJ0c0lzc3VlZEJ5RU1TUm9vdENB
+LnA3YzASBgNVHSQBAf8ECDAGgAEAgQEAMA0GA1UdNgEB/wQDAgEAMFEGCCsGAQUF
+BwEBBEUwQzBBBggrBgEFBQcwAoY1aHR0cDovL3JlcG8uZnBraS5nb3YvZmNwY2Ev
+Y2FDZXJ0c0lzc3VlZFRvZmNwY2FnMi5wN2MwNwYDVR0fBDAwLjAsoCqgKIYmaHR0
+cDovL3JlcG8uZnBraS5nb3YvZmNwY2EvZmNwY2FnMi5jcmwwVwYDVR0hBFAwTjAY
+BgpghkgBZQMCAQMSBgpghkgBZQMCAQMtMBgGCmCGSAFlAwIBAxMGCmCGSAFlAwIB
+Ay4wGAYKYIZIAWUDAgEDFAYKYIZIAWUDAgEDLzANBgkqhkiG9w0BAQwFAAOCAgEA
+EjcGr/eD9saDMxxCdooXp0XDItqJKjW9qdCMdHBxYvp4Hpus6PMuiB6Q9SEDfBGs
+Yy00Ld1nsqwyM7CA4J+51cLIzhMv7fq7DJycT7uMytdD5OseozoDR4HUzYH4eod2
+CnZbYmD4OYRSAyNvqhlWPe5gsMGwLb5fi1cf/xiVQXgSQx1viSUVzEcFN1XEg8Un
+ZDAMxA/c38au5dS4ehKeumxqnzI1MXWM5O6Zo6WCqIyu7N5omvt8jL71enK1P0zG
+bqQ9tkw7WfNtEe1nwnKa32aaLv2MLTaXgyEDVM8aI0HXPdjtETBx+w0lc+TaWYsy
+1aJXsifkPgCeXOGbpybpH92Ooz95evjBiXe31e5vf1G4jUAea/ptPkXUsbVzZ8zB
+MPfwwyvyWUYIcIUHJtqnP+zFXNHpvuym4zhZQqb9kEdVmNTQUnavq5OgN2haXf8S
+Fo1SaNUtEkSa/eX2uyhpWW7OTkmZUYCfvB+tslnTJE/RII2Ch5Qe4R/HjAL0Q9W0
+psVjXjwA7mnwUX02DkrjU+6g8MGyVOuohS+dCm4tt7FckCIUmxeTqI+HdBeiUvCw
+xQiSTKXzHtRut008dwNVjwo62XMTlHTSnpaUFHfphNzLe7uF61MFsLYOajp2lGo/
+f31vFr9+rBX3mJmZRwG7HAqRuSiegYOuYOEuInCWnhQ=
+-----END CERTIFICATE-----

_implement/distribute-fcpca.md

@@ -881,6 +881,15 @@ The following certificates are published in the Federal Common Policy CA certifi
 
 #### Issued to: Entrust Managed Services Root CA
 
+| Certificate Attribute | Value |
+| :--------  | :-------- |
+| Distinguished Name | OU=Entrust Managed Services Root CA, OU=Certification Authorities, O=Entrust, C=US |
+| Validity | July 14, 2023 to December 28, 2030 |
+| Serial Number | 25da3ccaaa1e16c5050feaad9e712f1b8ca90c3a |
+| SHA-1 Thumbprint | d6be623683f2b47e94452c04fa1ab3ab631e83eb |
+| SHA-256 Thumbprint | 34e433cdd7c647820e607d695a564bc8559ca01866633fc65b2762427a496eb3 |
+| Download Location | Click [here]({{site.baseurl}}/implement/certs/Entrust_Managed_Services_Root_CA_rekey.cer) |
+
 | Certificate Attribute | Value |
 | :--------  | :-------- |
 | Distinguished Name | OU=Entrust Managed Services Root CA, OU=Certification Authorities, O=Entrust, C=US |