New PIV-I Configurations

[idmken]

We are encountering a few xTec PIV I credentials, via the “WidePoint ORC NFI 4” CA. Not to be confused with: https://playbooks.idmanagement.gov/fpki/pivcas-and-agencies/#orc-ssp-4

Here are some quick notes: https://playbooks.idmanagement.gov/fpki/pivcas-and-agencies/

• xTec has switched from the Entrust NFI CA to “WidePoint ORC NFI 4” for most of their PIV-I offerings (as far as I’m aware).
• Judicial Branch agencies are receiving PIV-I from xTec.
• Federal Reserve Banks (all districts) also receive their credentials from xTec.

Although we have not observed a credential yet, we are also hearing that “District of Columbia Courts” have recently received PIV-I.

• https://www.dccourts.gov/
• When we are made aware of the issuer, I will pass along
• Otherwise, I do not see the Supreme Court (https://www.supremecourt.gov/) within the list above.

[maxwellfunk]

WidePoint ORC NFI 4

Subject: CN = WidePoint ORC NFI 4, OU = Certification Authorities, O = WidePoint, C = US Issuer: CN = WidePoint NFI Root 2, OU = Certification Authorities, O = WidePoint, C = US Serial #: 3581750bd6e26757bcb9e0a4513da84946587ebf Validity: February 18, 2020 to February 18, 2030 SHA-1 Hash: 5a95aea990a7aec492134a5b437cf3324f260793

[maxwellfunk]

We may need to include two entries for those organizations that are in the process of migration from one PIV-I PKI provider to another... an example of this is veterans affairs (migrating from verizon to treasury):

branch: Executive agency: Department of Veterans Affairs credentialProvider: Internal and USAccess ssp: Verizon Federal SSP and Treasury ca: Veterans Affairs User CA B1 and Department of Veterans Affairs CA

[maxwellfunk]

Per Annual PIV-I report submissions from WidePoint, we can also include National Science Foundation (NSF) to the list of Xtec / Widepoint PIV-I customers.