| Texas Department of Public Safety | Status | Issue Date | Expiration Date |
|---|
| NIEF Member Organization | EXPIRED | 2021 February 09 | 2021 September 16 |
| NIEF Full Disclosure Requirements for SPOs | EXPIRED | 2021 February 09 | 2021 September 16 |
| FICAM SAML Authentication Context Requirements for RPs | EXPIRED | 2021 February 09 | 2021 September 16 |
| NIEF Attributes for IDPOs | EXPIRED | 2017 November 08 | 2020 November 08 |
| NIEF Identity Provider Organization | EXPIRED | 2021 February 09 | 2021 September 16 |
| FICAM SAML SSO Requirements for CSPs | EXPIRED | 2018 July 02 | 2021 July 02 |
| FICAM SAML SSO Requirements for RPs | EXPIRED | 2020 January 21 | 2020 October 21 |
| NIEF SAML Authentication Context Requirements for IDPs | EXPIRED | 2021 February 09 | 2021 September 16 |
| FICAM SAML Attribute Encoding Requirements for CSPs | EXPIRED | 2021 February 09 | 2021 September 16 |
| NIEF SAML Presentation and UI Requirements for SPs | EXPIRED | 2021 February 09 | 2021 September 16 |
| NIEF Full Disclosure Requirements for IDPOs | EXPIRED | 2021 February 09 | 2021 September 16 |
| Organizational Bona Fides Requirements | EXPIRED | 2021 February 09 | 2021 September 16 |
| NIEF Attribute Encoding Requirements for IDPs and APs | EXPIRED | 2021 February 09 | 2021 September 16 |
| NIEF SAML Presentation and UI Requirements for IDPs | EXPIRED | 2018 April 17 | 2021 April 17 |
| NIEF Service Provider Organization | EXPIRED | 2018 July 02 | 2021 July 02 |
| NIEF Attributes for SPOs | EXPIRED | 2018 July 02 | 2021 July 02 |
| FICAM SAML Metadata Import and Consumption Requirements | EXPIRED | 2019 April 03 | 2022 April 03 |
| FICAM SAML SSO for RP | EXPIRED | 2020 January 21 | 2020 October 21 |
| SAFECOM/NCSWIC SAML SP Requirements - User Interface | EXPIRED | 2019 June 26 | 2022 June 24 |
| SAFECOM/NCSWIC Federated ICAM Endpoint Cryptographic Requirements | EXPIRED | 2019 June 26 | 2022 June 24 |
| SAFECOM/NCSWIC Federated ICAM RP ABAC Reqirements | EXPIRED | 2019 June 26 | 2022 June 24 |
| SAFECOM/NCSWIC SAML SP Requirements - Basic | EXPIRED | 2019 June 26 | 2022 June 24 |
| SAML SSO IDP Discovery for SP | EXPIRED | 2019 June 24 | 2022 June 24 |
| SAML UI for SP-Initiated SSO | EXPIRED | 2019 June 24 | 2022 June 24 |
| SAML Trust and Security | EXPIRED | 2019 June 24 | 2022 June 24 |
| NIEF SPO Requested Attributes | EXPIRED | 2019 June 24 | 2022 June 24 |
| FICAM SAML SSO for RP | EXPIRED | 2019 June 24 | 2022 June 24 |
| Regional Information Sharing Systems | Status | Issue Date | Expiration Date |
|---|
| NIEF Member Organization | EXPIRED | 2021 February 09 | 2021 September 16 |
| NIEF Full Disclosure Requirements for IDPOs | EXPIRED | 2018 March 20 | 2021 March 20 |
| Organizational Bona Fides Requirements | EXPIRED | 2021 February 09 | 2021 September 16 |
| FICAM SAML Attribute Encoding Requirements for CSPs | EXPIRED | 2021 February 09 | 2021 September 16 |
| NIEF Attributes for IDPOs | EXPIRED | 2018 July 02 | 2021 July 02 |
| FICAM SAML SSO Requirements for CSPs | EXPIRED | 2018 July 02 | 2021 July 02 |
| NIEF Attributes for SPOs | EXPIRED | 2018 July 02 | 2021 July 02 |
| NIEF SAML Authentication Context Requirements for IDPs | EXPIRED | 2021 February 09 | 2021 September 16 |
| NIEF SAML Presentation and UI Requirements for SPs | EXPIRED | 2021 February 09 | 2021 September 16 |
| FICAM SAML SSO Requirements for RPs | EXPIRED | 2021 February 09 | 2021 September 16 |
| FICAM Privacy Activity Tracking Requirements for CSPs and BAE Responders | EXPIRED | 2020 January 21 | 2020 October 21 |
| FICAM SAML Authentication Context Requirements for RPs | EXPIRED | 2021 February 09 | 2021 September 16 |
| NIEF Identity Provider Organization | EXPIRED | 2021 February 09 | 2021 September 16 |
| NIEF Attribute Encoding Requirements for IDPs and APs | EXPIRED | 2021 February 09 | 2021 September 16 |
| NIEF SAML SSO IDP Discovery Requirements for SPs | EXPIRED | 2021 February 09 | 2021 September 16 |
| NIEF Service Provider Organization | EXPIRED | 2021 February 09 | 2021 September 16 |
| NIEF Full Disclosure Requirements for SPOs | EXPIRED | 2021 February 09 | 2021 September 16 |
| SAFECOM/NCSWIC Federated ICAM RP ABAC Reqirements | EXPIRED | 2019 June 26 | 2022 June 24 |
| SAFECOM/NCSWIC SAML SP Requirements - Basic | EXPIRED | 2019 June 26 | 2022 June 24 |
| SAFECOM/NCSWIC SAML SP Requirements - User Interface | EXPIRED | 2019 June 26 | 2022 June 24 |
| SAFECOM/NCSWIC Federated ICAM Endpoint Cryptographic Requirements | EXPIRED | 2019 June 26 | 2020 March 24 |
| SAML Trust and Security | EXPIRED | 2020 February 25 | 2023 February 25 |
| NIEF SPO Requested Attributes | EXPIRED | 2019 June 24 | 2022 June 24 |
| SAML IDP-Initiated SSO for RP | EXPIRED | 2019 June 24 | 2022 June 24 |
| FICAM SAML SSO for RP | EXPIRED | 2019 June 24 | 2022 June 24 |
| SAML UI for SP-Initiated SSO | EXPIRED | 2019 June 24 | 2022 June 24 |
| SAML SSO IDP Discovery for SP | EXPIRED | 2019 June 24 | 2022 June 24 |
| Tennessee Dangerous Drugs Task Force | Status | Issue Date | Expiration Date |
|---|
| NIEF SPO Requested Attributes | EXPIRED | 2018 August 27 | 2021 August 27 |
| NIEF Full Disclosure - IDPO | EXPIRED | 2018 August 27 | 2021 August 27 |
| FICAM SAML Trust and Security Requirements | EXPIRED | 2018 August 27 | 2021 August 27 |
| NIEF Member Organization | EXPIRED | 2018 August 27 | 2021 August 27 |
| SAML IDP-Initiated SSO for RP | EXPIRED | 2018 August 27 | 2021 August 27 |
| NIEF IDP and AP Attribute Encoding | EXPIRED | 2018 August 27 | 2021 August 27 |
| FICAM SAML SSO for CSP | EXPIRED | 2018 August 27 | 2021 August 27 |
| NIEF Full Disclosure - SPO | EXPIRED | 2018 August 27 | 2021 August 27 |
| SAML UI for SP-Initiated SSO | EXPIRED | 2018 August 27 | 2021 August 27 |
| NIEF SPO | EXPIRED | 2018 August 27 | 2021 August 27 |
| NIEF IDPO | EXPIRED | 2018 August 27 | 2021 August 27 |
| SAML SSO IDP Discovery for SP | EXPIRED | 2018 August 27 | 2021 August 27 |
| NIEF IDPO Asserted Attributes | EXPIRED | 2018 August 27 | 2021 August 27 |
| SAML Attribute NameFormat URI for CSP | EXPIRED | 2018 August 27 | 2021 August 27 |
| FICAM SAML SSO for RP | EXPIRED | 2018 August 27 | 2021 August 27 |
| SAFECOM/NCSWIC SAML IDP Requirements - Attributes | EXPIRED | 2019 June 26 | 2022 June 20 |
| SAFECOM/NCSWIC SAML SP Requirements - User Interface | EXPIRED | 2019 June 26 | 2022 June 24 |
| SAFECOM/NCSWIC SAML IDP Requirements - Attributes | EXPIRED | 2019 June 26 | 2022 June 20 |
| SAFECOM/NCSWIC SAML SP Requirements - Basic | EXPIRED | 2019 June 26 | 2022 June 24 |
| SAFECOM/NCSWIC Federated ICAM RP ABAC Reqirements | EXPIRED | 2019 June 26 | 2022 June 24 |
| SAFECOM/NCSWIC Federated ICAM Endpoint Cryptographic Requirements | EXPIRED | 2019 June 26 | 2022 June 24 |
| SAFECOM/NCSWIC SAML IDP Requirements - Basic | EXPIRED | 2019 June 26 | 2022 June 20 |
| NIEF Sworn Law Enforcement Officer Indicator Attribute | EXPIRED | 2019 June 24 | 2022 June 24 |
| NIEF IDP and AP Attribute Encoding | EXPIRED | 2019 June 24 | 2022 June 20 |
| SAML SSO IDP Discovery for SP | EXPIRED | 2019 June 24 | 2022 June 24 |
| SAML Attribute NameFormat URI for CSP | EXPIRED | 2019 June 24 | 2022 June 20 |
| FICAM SAML SSO for RP | EXPIRED | 2019 June 24 | 2022 June 24 |
| NIEF Assurance Level Attribute | EXPIRED | 2019 June 24 | 2022 June 24 |
| NIEF Simple Attribute | EXPIRED | 2019 June 24 | 2022 May 29 |
| SAML UI for SP-Initiated SSO | EXPIRED | 2019 June 24 | 2022 June 24 |
| NIEF SPO Requested Attributes | EXPIRED | 2019 June 24 | 2022 June 24 |
| SAML Trust and Security | EXPIRED | 2019 June 24 | 2022 June 24 |
| FICAM SAML SSO for CSP | EXPIRED | 2019 June 24 | 2022 June 20 |
| Authentication - No Allowance of Unlocking a Mobile Device as a Valid Authentication Factor | EXPIRED | 2019 June 26 | 2022 June 26 |
| Authentication - Use of Approved Cryptography for Cryptographic Authenticators | EXPIRED | 2019 June 26 | 2022 June 26 |
| Federation - Protection of Assertion Integrity via Digital Signature Using Approved Cryptography | EXPIRED | 2019 June 26 | 2022 June 26 |
| Federation - Protection of Assertion Confidentiality via Assertion Encryption | EXPIRED | 2019 June 26 | 2022 June 26 |
| Authentication - CSP Instructions to Subscribers on Protecting Authenticators Against Theft or Loss | EXPIRED | 2019 June 26 | 2022 June 26 |
| Federation - Acceptance of RP Registration Only via Manual Processes | EXPIRED | 2019 June 26 | 2022 June 26 |
| Federation - Secure Exchange of Cryptographic Keys During IdP-RP Registration | EXPIRED | 2019 June 26 | 2022 June 26 |
| Authentication - Use of Authenticated Protected Channel between Claimant and Verifier | EXPIRED | 2019 June 26 | 2022 June 26 |
| Authentication - Acceptable Use of Attestation | EXPIRED | 2019 June 26 | 2022 June 26 |
| ID Proofing - Attribute Collection - Minimum Necessary Collection of PII | EXPIRED | 2019 June 26 | 2022 June 26 |
| Federation - Communication of Authentication Event Time to RP | EXPIRED | 2019 June 26 | 2022 June 26 |
| ID Proofing - Protection of Collected PII | EXPIRED | 2019 June 26 | 2022 June 26 |
| Federation - Support for Generation of Bearer Assertions Only | EXPIRED | 2019 June 26 | 2022 June 26 |
| Authentication - Enforcement of an Acceptable Maximum Session Duration | EXPIRED | 2019 June 26 | 2022 June 26 |
| Federation - Uniqueness of Assertion Identifier | EXPIRED | 2019 June 26 | 2022 June 26 |
| Authentication - CSP Mechanism for Authenticator Revocation or Suspension Upon Theft or Loss | EXPIRED | 2019 June 26 | 2022 June 26 |
| Authentication - Use of Multi-Factor Cryptographic Software | EXPIRED | 2019 June 26 | 2022 June 26 |
| Federation - Protection of Assertion Signing and Encryption Keys as Per FIPS 140 Level 1 Where Required | EXPIRED | 2019 June 26 | 2022 June 26 |
| Federation - Use of Assertion Audience Restriction | EXPIRED | 2019 June 26 | 2022 June 26 |
| Federation - No Use of Assertion Lifetime to Limit Length of Subscriber Session with RP | EXPIRED | 2019 June 26 | 2022 June 26 |
| Authentication - Acceptable Management of Reauthentication | EXPIRED | 2019 June 26 | 2022 June 26 |
| Federation - Minimization of Attributes Transmitted | EXPIRED | 2019 June 26 | 2022 June 26 |
| Authentication - Use of Authenticator Types Without Rate Limiting Requirements | EXPIRED | 2019 June 26 | 2022 June 26 |
| Federation - Limitations on IdP Transmission of Subscriber Information to RPs | EXPIRED | 2019 June 26 | 2022 June 26 |
| Federation - Use of Authenticated Protected Channels | EXPIRED | 2019 June 26 | 2022 June 26 |
| Authentication - Acceptable Use of Biometrics | EXPIRED | 2019 June 26 | 2022 June 26 |
| Bona Fide Non-US Federal Government Agency or Organization | EXPIRED | 2019 June 26 | 2022 June 26 |
| Authentication - Enforcement of Periodic Subscriber Reauthentication | EXPIRED | 2019 June 26 | 2022 June 26 |
| Federation - Authorization of RPs via Whitelist | EXPIRED | 2019 June 26 | 2022 June 26 |
| Authentication - Replay Resistance | EXPIRED | 2019 June 26 | 2022 June 26 |
| ID Proofing - Written Policy or Practice Statement | EXPIRED | 2019 June 26 | 2022 June 26 |
| Federation - No Support for Back-Channel Assertion Presentation with Assertion References | EXPIRED | 2019 June 26 | 2022 June 26 |
| Federation - No Assumption of Propagated Termination of Subscriber Sessions | EXPIRED | 2019 June 26 | 2022 June 26 |
| Federation - Baseline Assertion Metadata Requirements | EXPIRED | 2019 June 26 | 2022 June 26 |
| Authentication - Acceptable Verifier-CSP Communications | EXPIRED | 2019 June 26 | 2022 June 26 |
| Los Angeles County Information Systems Advisory Body | Status | Issue Date | Expiration Date |
|---|
| NIEF SAML Presentation and UI Requirements for SPs | EXPIRED | 2015 January 20 | 2018 January 20 |
| NIEF SAML SSO IDP Discovery Requirements for SPs | EXPIRED | 2015 January 20 | 2018 January 20 |
| NIEF Member Organization | EXPIRED | 2021 February 09 | 2021 September 16 |
| NIEF Full Disclosure Requirements for SPOs | EXPIRED | 2021 February 09 | 2021 September 16 |
| FICAM SAML Authentication Context Requirements for RPs | EXPIRED | 2015 January 20 | 2018 January 20 |
| FICAM SAML SSO Requirements for RPs | EXPIRED | 2016 February 23 | 2016 August 22 |
| NIEF Attributes for SPOs | EXPIRED | 2021 February 09 | 2021 September 16 |
| NIEF Service Provider Organization | EXPIRED | 2021 February 09 | 2021 September 16 |
| NIEF Health Monitoring Requirements for SPs | EXPIRED | 2015 January 20 | 2018 January 20 |
| Organizational Bona Fides Requirements | EXPIRED | 2021 February 09 | 2021 September 16 |
| Los Angeles County Sheriff's Department | Status | Issue Date | Expiration Date |
|---|
| FICAM SAML Authentication Context Value Requirements for
CSPs | EXPIRED | 2015 May 06 | 2018 April 20 |
| NIEF Attributes for IDPOs | EXPIRED | 2015 March 07 | 2018 March 03 |
| FICAM SAML SSO Requirements for CSPs | EXPIRED | 2016 February 23 | 2016 August 22 |
| Organizational Bona Fides Requirements | EXPIRED | 2021 February 09 | 2021 September 16 |
| NIEF Attribute Encoding Requirements for IDPs and APs | EXPIRED | 2015 March 07 | 2018 March 03 |
| NIEF SAML Authentication Context Requirements for IDPs | EXPIRED | 2015 March 07 | 2018 March 03 |
| FICAM SAML Attribute Encoding Requirements for CSPs | EXPIRED | 2015 March 07 | 2018 March 03 |
| Pennsylvania Justice Network | Status | Issue Date | Expiration Date |
|---|
| FICAM SAML SSO Requirements for CSPs | EXPIRED | 2020 July 21 | 2021 April 21 |
| NIEF Attribute Encoding Requirements for IDPs and APs | EXPIRED | 2018 November 19 | 2021 November 19 |
| SAML Trust and Security | EXPIRED | 2019 February 25 | 2022 February 25 |
| NIEF SAML Authentication Context Requirements for IDPs | EXPIRED | 2018 November 19 | 2021 November 19 |
| FICAM SAML Attribute Encoding Requirements for CSPs | EXPIRED | 2018 November 19 | 2021 November 19 |
| NIEF Attributes for IDPOs | EXPIRED | 2019 February 25 | 2022 February 25 |
| Apiary from GTRI | Status | Issue Date | Expiration Date |
|---|
| FICAM SAML SSO Requirements for RPs | EXPIRED | 2014 November 13 | 2017 October 27 |
| NIEF Attributes for SPOs | EXPIRED | 2014 November 13 | 2017 October 27 |
| Homeland Security Information Network | Status | Issue Date | Expiration Date |
|---|
| SAML UI for SP-Initiated SSO | EXPIRED | 2019 February 25 | 2022 February 25 |
| NIEF SPO | EXPIRED | 2019 February 25 | 2022 February 25 |
| SAML Trust and Security | EXPIRED | 2019 November 11 | 2022 November 11 |
| FICAM SAML SSO for RP | EXPIRED | 2019 February 25 | 2022 February 25 |
| NIEF Full Disclosure - SPO | EXPIRED | 2019 February 25 | 2022 February 25 |
| NIEF Member Organization | EXPIRED | 2019 February 25 | 2022 February 25 |
| SAML SSO IDP Discovery for SP | EXPIRED | 2019 February 25 | 2022 February 25 |
| SAML IDP-Initiated SSO for RP | EXPIRED | 2019 February 25 | 2022 February 25 |
| NIEF FICAM SAML RP Authentication Context Request | EXPIRED | 2019 February 25 | 2022 February 25 |
| NIEF SPO Requested Attributes | EXPIRED | 2018 October 01 | 2021 October 01 |
| NIEF IDP and AP Attribute Encoding | EXPIRED | 2019 May 08 | 2022 May 08 |
| FICAM SAML SSO for CSP | EXPIRED | 2020 July 21 | 2021 April 21 |
| SAML IDP-Initiated SSO for IDP | EXPIRED | 2019 May 08 | 2022 May 08 |
| SAML Attribute NameFormat URI for CSP | EXPIRED | 2019 May 08 | 2022 May 08 |
| NIEF SAML IDP Authentication Context Value | EXPIRED | 2019 May 08 | 2022 May 08 |
| NIEF IDPO Asserted Attributes | EXPIRED | 2020 July 21 | 2021 April 21 |
| Alabama Secure Sharing Utility for Recidivism Elimination | Status | Issue Date | Expiration Date |
|---|
| NIEF Member Organization | EXPIRED | 2019 April 03 | 2022 April 03 |
| NIEF Full Disclosure - IDPO | EXPIRED | 2019 April 03 | 2022 April 03 |
| SAML IDP-Initiated SSO for RP | EXPIRED | 2019 April 03 | 2022 April 03 |
| SAML Attribute NameFormat URI for CSP | EXPIRED | 2019 April 03 | 2022 April 03 |
| SAML UI for SP-Initiated SSO | EXPIRED | 2019 April 03 | 2022 April 03 |
| NIEF Full Disclosure - SPO | EXPIRED | 2019 April 03 | 2022 April 03 |
| NIEF SAML IDP Authentication Context Value | EXPIRED | 2019 April 03 | 2022 April 03 |
| NIEF IDPO Asserted Attributes | EXPIRED | 2019 April 03 | 2022 April 03 |
| FICAM SAML SSO for RP | EXPIRED | 2019 April 03 | 2022 April 03 |
| Bona Fides for US Organizations | EXPIRED | 2019 April 03 | 2022 April 03 |
| SAML Trust and Security | EXPIRED | 2019 April 03 | 2022 April 03 |
| NIEF SPO | EXPIRED | 2019 April 03 | 2022 April 03 |
| NIEF FICAM SAML RP Authentication Context Request | EXPIRED | 2019 April 03 | 2022 April 03 |
| FICAM SAML SSO for CSP | EXPIRED | 2019 April 03 | 2022 April 03 |
| NIEF SPO Requested Attributes | EXPIRED | 2019 April 03 | 2022 April 03 |
| NIEF IDPO | EXPIRED | 2019 April 03 | 2022 April 03 |
| NIEF IDP and AP Attribute Encoding | EXPIRED | 2019 April 03 | 2022 April 03 |
| Tennessee Integrated Criminal Justice Portal | Status | Issue Date | Expiration Date |
|---|
| NIEF SPO | EXPIRED | 2019 April 03 | 2022 April 03 |
| SAML IDP-Initiated SSO for RP | EXPIRED | 2019 April 03 | 2022 April 03 |
| NIEF IDP and AP Attribute Encoding | EXPIRED | 2019 April 03 | 2022 April 03 |
| SAML IDP-Initiated SSO for IDP | EXPIRED | 2019 April 03 | 2022 April 03 |
| SAML Attribute NameFormat URI for CSP | EXPIRED | 2019 April 03 | 2022 April 03 |
| NIEF SPO Requested Attributes | EXPIRED | 2019 April 03 | 2022 April 03 |
| NIEF IDPO | EXPIRED | 2019 April 03 | 2022 April 03 |
| NIEF Full Disclosure - IDPO | EXPIRED | 2019 April 03 | 2022 April 03 |
| NIEF Member Organization | EXPIRED | 2019 April 03 | 2022 April 03 |
| NIEF IDPO Asserted Attributes | EXPIRED | 2019 April 03 | 2022 April 03 |
| NIEF SAML IDP Authentication Context Value | EXPIRED | 2019 April 03 | 2022 April 03 |
| NIEF Full Disclosure - SPO | EXPIRED | 2019 April 03 | 2022 April 03 |
| FICAM SAML SSO for CSP | EXPIRED | 2019 April 03 | 2022 April 03 |
| National Law Enforcement Telecommunication System Inc. | Status | Issue Date | Expiration Date |
|---|
| NIEF FICAM SAML RP Authentication Context Request | EXPIRED | 2020 February 25 | 2023 February 25 |
| NIEF SPO Requested Attributes | EXPIRED | 2020 February 25 | 2023 February 25 |
| SAML IDP-Initiated SSO for RP | EXPIRED | 2020 February 25 | 2023 February 25 |
| FICAM SAML SSO for RP | EXPIRED | 2020 July 21 | 2021 April 21 |
| SAML UI for SP-Initiated SSO | EXPIRED | 2020 February 25 | 2023 February 25 |
| SAML SSO IDP Discovery for SP | EXPIRED | 2020 February 25 | 2023 February 25 |
| SAML Trust and Security | EXPIRED | 2020 February 25 | 2023 February 25 |
| Foundation for Trusted Identity | Status | Issue Date | Expiration Date |
|---|
| PKI Compliance Discrepancies Are Documented | EXPIRED | 2019 June 26 | 2022 June 25 |
| Names Used In Certificates Identify The Person Or Object To Which They Are Assigned | EXPIRED | 2019 June 26 | 2022 June 25 |
| End-entity PKI Certificate Minimum DSA Public Key Size (Expiring Before 2031) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Notification of PKI Certificate Authority Signature Key Compromise or Loss | EXPIRED | 2019 June 26 | 2022 June 25 |
| Responsibility For Equipment Physical Security Checks Is Assigned | EXPIRED | 2019 June 26 | 2022 June 25 |
| Two person physical access control to cryptographic modules | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificates Used For Encryption Key Usage Bits | EXPIRED | 2019 June 26 | 2022 June 25 |
| Encoding Of Serial Number Universally Unique Identifier (UUID) in Card Authentication Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| CA Records Site Construction Provides Robust Protection Against Unauthorized Access | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority Open Source Software Meets Security Requirements | EXPIRED | 2019 June 26 | 2022 June 25 |
| Backup Capability - Records state on power loss | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Authority (CA) PKI Certificates Are Checked To Ensure All Fields Are Populated | EXPIRED | 2019 June 26 | 2022 June 25 |
| Activation Data For PKI Subscriber Private Keys Not Stored With Cryptographic Module | EXPIRED | 2019 June 26 | 2022 June 25 |
| RSA Signature of PKI Certificate Revocation Lists | EXPIRED | 2019 June 26 | 2022 June 25 |
| Documentation of Training (General) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Organization Certificate Authorities (CAs) Enforce Name Uniqueness | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority Software Demonstrates Requirements Met | EXPIRED | 2019 June 26 | 2022 June 25 |
| Passwords for PKI Certificate Authority Signing Keys Changed on Re-Key | EXPIRED | 2019 June 26 | 2022 June 25 |
| Strength of Activation Data for PKI Subscriber Private Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificates Comply With The Federal Public Key Infrastructure X.509 Certificate and CRL Extensions Profile | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Authorities That Assert non-SHA1 Policies | EXPIRED | 2019 June 26 | 2022 June 25 |
| Sponsor Of Computing And Communications Devices Named As PKI Certificate Subjects Provides Identification Information | EXPIRED | 2019 June 26 | 2022 June 25 |
| Request To Revoke PKI Certificate Identifies Certificate To Be Revoked | EXPIRED | 2019 June 26 | 2022 June 25 |
| Organization PKI Notifies and Takes Action on Identified Compliance Discrepancies | EXPIRED | 2019 June 26 | 2022 June 25 |
| Credentials Presented For Identity Proofing Not Expired | EXPIRED | 2019 June 26 | 2022 June 25 |
| ECDSA Signature of PKI Certificate Revocation Lists | EXPIRED | 2019 June 26 | 2022 June 25 |
| FIPS-140 Equivalent PKI Key Generation | EXPIRED | 2019 June 26 | 2022 June 25 |
| Two or more persons are required for PKI Certificate Authority (CA) signing key activation | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Subscribers Acknowledge Handling Requirements | EXPIRED | 2019 June 26 | 2022 June 25 |
| Two or more persons are required for PKI Certificate Authority (CA) private key backup | EXPIRED | 2019 June 26 | 2022 June 25 |
| Location Of CA Facilities Consistent With Housing High Value Sensitive Information | EXPIRED | 2019 June 26 | 2022 June 25 |
| Cryptographic Module activation data is memorized | EXPIRED | 2019 June 26 | 2022 June 25 |
| Commercial Off-the-Shelf Software Formally Developed | EXPIRED | 2019 June 26 | 2022 June 25 |
| Manual Recording of Auditable Information System Events In Lieu of Automation | EXPIRED | 2019 June 26 | 2022 June 25 |
| FBCA CP Section 5.1.2.1, Physical Access For CSS Equipment | EXPIRED | 2019 June 26 | 2022 June 25 |
| Backup of Organization PKI Certificate Authority (CA) Private Keys Stored Offsite | EXPIRED | 2019 June 26 | 2022 June 25 |
| Identity Re-establishment For PKI Certificate Re-Keying Uses Initial Registration Process | EXPIRED | 2019 June 26 | 2022 June 25 |
| Sponsor Of Computing And Communications Devices Named As PKI Certificate Subjects Provides Equipment Attributes | EXPIRED | 2019 June 26 | 2022 June 25 |
| Non-Null Subject Distinguished Name (DN) In End Entity Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| Sponsor Of Computing And Communications Devices Named As PKI Certificate Subjects Provides Contact Information | EXPIRED | 2019 June 26 | 2022 June 25 |
| FIPS-140 Approved PKI Key Generation | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificates Issued To Affiliated Subscribers Revoked When No Longer Authorized | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority (CA) Maintains Agreements With Affiliated Organizations | EXPIRED | 2019 June 26 | 2022 June 25 |
| Trusted PKI Roles Held By Personnel With a U.S. or Major Non-NATO Ally Clearance | EXPIRED | 2019 June 26 | 2022 June 25 |
| subjectName DNs For Group PKI Certificates Do Not Imply The Subject Is An Individual | EXPIRED | 2019 June 26 | 2022 June 25 |
| Auditing Enabled at Startup | EXPIRED | 2019 June 26 | 2022 June 25 |
| Removable media and paper containing sensitive plain-text information is stored in secure containers | EXPIRED | 2019 June 26 | 2022 June 25 |
| PIV-I Content Signing Key Activation Requires Multi-Party Control | EXPIRED | 2019 June 26 | 2022 June 25 |
| Cross-Certified Entities Document PKI Records Backup Management | EXPIRED | 2019 June 26 | 2022 June 25 |
| Formatting Of Electronic Fingerprints Collected During Identity Proofing And Registration For PKI Cards | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority Issues X.509 v3 Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Key Activation Data Protection Mechanisms Include Application Termination | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Authority (CA) Certificates Issued By The Organization PKI Are Available To Federal Relying Parties | EXPIRED | 2019 June 26 | 2022 June 25 |
| Non-Null Subject Distinguished Name (DN) In Registration Authority (RA) Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority Private Keys Not In Plain Text | EXPIRED | 2019 June 26 | 2022 June 25 |
| Component Software Limited to Support of PKI Certificate Authority | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Keys Generated By Cryptographic Module | EXPIRED | 2019 June 26 | 2022 June 25 |
| Handling of PKI Records Archive Information Is Documented | EXPIRED | 2019 June 26 | 2022 June 25 |
| Minimum Certificate Signature ECDSA Key Length | EXPIRED | 2019 June 26 | 2022 June 25 |
| SAFECOM/NCSWIC SAML IDP Requirements - Basic | EXPIRED | 2019 June 26 | 2022 June 24 |
| SAFECOM/NCSWIC SAML IDP Requirements - Attributes | EXPIRED | 2019 June 26 | 2022 June 24 |
| SAFECOM/NCSWIC Federated ICAM Endpoint Cryptographic Requirements | EXPIRED | 2019 June 26 | 2022 June 24 |
| FICAM SAML SSO for CSP | EXPIRED | 2019 June 24 | 2022 June 24 |
| NIEF SAML IDP Authentication Context Value | EXPIRED | 2019 June 24 | 2022 June 24 |
| NIEF IDP and AP Attribute Encoding | EXPIRED | 2019 June 24 | 2022 June 24 |
| NIEF Assurance Level Attribute | EXPIRED | 2019 June 24 | 2022 June 24 |
| NIEF Simple Attribute | EXPIRED | 2019 June 24 | 2022 June 24 |
| SAML Trust and Security | EXPIRED | 2019 June 24 | 2022 June 24 |
| SAML Attribute NameFormat URI for CSP | EXPIRED | 2019 June 24 | 2022 June 24 |
| Identification Of Subscribers Meets Requirements Specified In Organization PKI Certificate Policy (CP) | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificates Used For Digital Signatures Key Usage Bits | EXPIRED | 2019 June 26 | 2022 June 25 |
| Activation Data For PKI Subscriber Private Keys Is Recorded and Secured | EXPIRED | 2019 June 26 | 2022 June 25 |
| Initial Contingency Planning Training | EXPIRED | 2019 June 26 | 2022 June 25 |
| Identification and Authentication of Organizational Users | EXPIRED | 2019 June 26 | 2022 June 25 |
| List Of Individuals Holding Shared Private Key Retained By PKI Certificate Authority (CA) | EXPIRED | 2019 June 26 | 2022 June 25 |
| User Principal Names (UPNs) Used In PKI Certificates Reflect Organizational Structure | EXPIRED | 2019 June 26 | 2022 June 25 |
| Notification of PKI Certificate Authority Disaster | Keys Destroyed | EXPIRED | 2019 June 26 | 2022 June 25 |
| CA Equipment Site Location Provides Robust Protection Against Unauthorized Access | EXPIRED | 2019 June 26 | 2022 June 25 |
| Re-key Requests For New Public Keys Are Accepted From PKI Sponsors | EXPIRED | 2019 June 26 | 2022 June 25 |
| Minimum ECDSA Key Size for Self-Signed PKI Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| Documentation of Competence in Lieu of Training | EXPIRED | 2019 June 26 | 2022 June 25 |
| Audit Record Retention | EXPIRED | 2019 June 26 | 2022 June 25 |
| Backup Capability - Pending actions on loss of air conditioning | EXPIRED | 2019 June 26 | 2022 June 25 |
| Communications Among PKI Authorities Supporting PKI Certificate Application And Issuance Process Are Protected From Modification | EXPIRED | 2019 June 26 | 2022 June 25 |
| Trusted PKI Roles Held By U.S. Citizens | EXPIRED | 2019 June 26 | 2022 June 25 |
| Baseline Configuration | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Extensions Comply With RFC 3280 | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority Operating System Auditing Enabled | EXPIRED | 2019 June 26 | 2022 June 25 |
| Multiparty Control of PKI CA Key Pair Generation | EXPIRED | 2019 June 26 | 2022 June 25 |
| Automatic Audit Log Collection | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certiificate Status Provided Via OCSP | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Profile Specifies Rules For Interpreting Names In Subscriber Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| Security checks performed for unattended facilities housing PKI CA equipment | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Compliance Audit Package Identifies PKI Certificate Policy and Practices Statement Versions | EXPIRED | 2019 June 26 | 2022 June 25 |
| Destruction Of PKI Subscriber Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| Documented System Maintenance Policy | EXPIRED | 2019 June 26 | 2022 June 25 |
| Software, Firmware, And Information Integrity | Verified Version | EXPIRED | 2019 June 26 | 2022 June 25 |
| Documentation of Audit Review Actions | EXPIRED | 2019 June 26 | 2022 June 25 |
| Generation of Public Key Parameters in Accordance With FIPS 186 | EXPIRED | 2019 June 26 | 2022 June 25 |
| Security Checks Verify Physical Security Systems Are Functioning Properly | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Repository Information Not Intended For Public Dissemination Is Protected | EXPIRED | 2019 June 26 | 2022 June 25 |
| Bi-Annual PKI Compliance Audits | EXPIRED | 2019 June 26 | 2022 June 25 |
| Parameter Quality Checking in Accordance With FIPS 186 | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Requests In The Name Of An Affiliated Organization Include Organization Address | EXPIRED | 2019 June 26 | 2022 June 25 |
| CSSes Sign Responses With Signature Algorithm Used To Sign CRLs | EXPIRED | 2019 June 26 | 2022 June 25 |
| Physical Access Security Mechanisms Are Commensurate With Level of Threat | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Key Activation Data Protection Mechanisms Include Temporary Lockout | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Compliance Audit Statistical Samples Vary | EXPIRED | 2019 June 26 | 2022 June 25 |
| Organization PKI Certificate Authority (CA) Delegates Destroy PKI Cards That Are No Longer Valid | EXPIRED | 2019 June 26 | 2022 June 25 |
| Revocation Request Grace Period For CA Certificates (General) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Computing And Communications Devices Named As PKI Certificate Subjects Have A Human Sponsor | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Lifetime For Self-Signed Trust Anchor PKI Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| Authenticated Communications Between Trusted Roles and PKI Certificate Authority | EXPIRED | 2019 June 26 | 2022 June 25 |
| Hardware Content Signing Certificates Indicate The Organization Administering The Certificate Management System (CMS) | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority (CA) Private Keys Not Escrowed | EXPIRED | 2019 June 26 | 2022 June 25 |
| Least Functionality | Unnecessary / Insecure Services Disabled | EXPIRED | 2019 June 26 | 2022 June 25 |
| Subscriber PKI Certificates Not Issued By Administrators | EXPIRED | 2019 June 26 | 2022 June 25 |
| Detection of Unauthorized Configuration Modification | EXPIRED | 2019 June 26 | 2022 June 25 |
| Determination of Auditable Events | EXPIRED | 2019 June 26 | 2022 June 25 |
| Identity Information Of Group PKI Certificate Sponsor Is Recorded | EXPIRED | 2019 June 26 | 2022 June 25 |
| Two person physical access control to CA systems | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certification Practices Statement (CPS) And Certificate Policy (CP) Conformance Designated Agent | EXPIRED | 2019 June 26 | 2022 June 25 |
| Administrator Required For Multiparty Access | EXPIRED | 2019 June 26 | 2022 June 25 |
| Security Checks Verify Security Containers Are Properly Secured | EXPIRED | 2019 June 26 | 2022 June 25 |
| Supply Chain Protection | EXPIRED | 2019 June 26 | 2022 June 25 |
| Information Systems Security Office Ensures Private Key Control For Group PKI Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| Cryptographic Module activation data is recorded | EXPIRED | 2019 June 26 | 2022 June 25 |
| Methods for Publicizing Revoked Certificates Provide Integrity Services | EXPIRED | 2019 June 26 | 2022 June 25 |
| Detection of Unauthorized Software Modification | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Distinguished Names Are Composed Of Standard Attribute Types | EXPIRED | 2019 June 26 | 2022 June 25 |
| Direct Access To PKI Repository Information Is Controlled | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Subscriber Responsibilities | EXPIRED | 2019 June 26 | 2022 June 25 |
| Sponsor Identity Information Recorded Before Issuing Role-based PKI Certificate | EXPIRED | 2019 June 26 | 2022 June 25 |
| Keys Used To Encrypt Other Keys For Transport Are Protected | EXPIRED | 2019 June 26 | 2022 June 25 |
| Methods for Publicizing Revoked Certificates Described In CPS | EXPIRED | 2019 June 26 | 2022 June 25 |
| Activation Data For PKI Subscriber Private Keys Is Protected | EXPIRED | 2019 June 26 | 2022 June 25 |
| Protection in place on departure from facility | EXPIRED | 2019 June 26 | 2022 June 25 |
| List Of Individuals Holding Shared Private Key For Group PKI Certificates Provided To PKI Certificate Authority (CA) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Authority (CA) Verifies Identity Of Applicant In Accordance With Certificate Policy (CP) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Backup Capability - Input Lockout on Power Loss | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificates Issued To Affiliated Subscribers Revoked When No Longer Affiliated | EXPIRED | 2019 June 26 | 2022 June 25 |
| Documented Configuration Management Procedures | EXPIRED | 2019 June 26 | 2022 June 25 |
| Registration Authority (RA) equipment protected from unauthorized access | EXPIRED | 2019 June 26 | 2022 June 25 |
| Role-based PKI Certificate Sponsors Hold Personal Certificates At Same Assurance Level Or Higher | EXPIRED | 2019 June 26 | 2022 June 25 |
| Protection of Devices With PKI Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Status Server Certificate Validity Period | EXPIRED | 2019 June 26 | 2022 June 25 |
| Organization PKI Certificate Authorities (CAs) collect PKI Cards That Are No Longer Valid | EXPIRED | 2019 June 26 | 2022 June 25 |
| Procedures For Issuing Group PKI Tokens For Use In Shared Key Applications Comply With PKI Certificate Policy (CP) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Equivalent of FIPS-140 Validated Modules for Generation of PKI Cryptographic Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| Security checks verify equipment state | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Validity Period meets Operational Period Time Limits Specified In PKI Certificate Policy | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Training Awareness Plans | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificates Are Revoked For Key Compromise Upon Receipt Of Authenticated Request | EXPIRED | 2019 June 26 | 2022 June 25 |
| Hardware Subscriber Certificates Do Not Use Subscriber Common Name | EXPIRED | 2019 June 26 | 2022 June 25 |
| New Facial Image Collected Each Time PKI Card Is Issued | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Renewal Requests Are Accepted From PKI Sponsors | EXPIRED | 2019 June 26 | 2022 June 25 |
| Controlled Backups of PKI Device Private Signature Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| CRL Issuance Time For Revocation of Subscriber Certificate | EXPIRED | 2019 June 26 | 2022 June 25 |
| Distribution of PKI Certificates With UUID in Subject Alternative Name Extension | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Authority (CA) Certificate Uniform Resource Identifiers | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Administrator Role Authorized Actions | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority Application Auditing Enabled | EXPIRED | 2019 June 26 | 2022 June 25 |
| Generation of New Keys on Compromise or Loss of PKI Certificate Authority Signature Key | EXPIRED | 2019 June 26 | 2022 June 25 |
| CRL Issuance Time For Revocation of CA Certificate | EXPIRED | 2019 June 26 | 2022 June 25 |
| Distinguished Names (DNs) Used In PKI Certificates Use a Directory Tree That Reflects The Organizational Structure | EXPIRED | 2019 June 26 | 2022 June 25 |
| End-entity PKI Certificate Minimum Elliptic Curve Public Key Size | EXPIRED | 2019 June 26 | 2022 June 25 |
| Backup Site Physical Controls Commensurate With Primary Site | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority Issues X.509 Certificate Revocation Lists | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Minimum Elliptic Curve Public Key Size (Expiring After 2030) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Pseudonymous Names In PKI Certificate Distinguished Names (DNs) Preserve Uniqueness | EXPIRED | 2019 June 26 | 2022 June 25 |
| System Recovery and Reconstitution | EXPIRED | 2019 June 26 | 2022 June 25 |
| Status Of Devices With PKI Certificates Reviewed When Sponsor Changes | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificates Revoked On Loss of Private Key | EXPIRED | 2019 June 26 | 2022 June 25 |
| Auditable Chain Of Custody Is In Place When Information Is Obtained To Confirm Subscriber Attributes | EXPIRED | 2019 June 26 | 2022 June 25 |
| Information System Backup | Separate Facility For Storing Critical Information | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Change Awareness | EXPIRED | 2019 June 26 | 2022 June 25 |
| Two or more persons are required for PKI Certificate Authority (CA) key generation | EXPIRED | 2019 June 26 | 2022 June 25 |
| Passwords Not Used as Activation Data for PKI Certificate Authority Signing Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| Methods for Publicizing Revoked Certificates Provide Authentication Services | EXPIRED | 2019 June 26 | 2022 June 25 |
| Cryptographic Module activation data not stored with associated cryptographic modules | EXPIRED | 2019 June 26 | 2022 June 25 |
| Registration Authority (RA) Verifies Authenticity Of Representative Requesting Affiliated Organization PKI Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificates Used For Key Agreement Key Usage Bits | EXPIRED | 2019 June 26 | 2022 June 25 |
| Trusted PKI Roles Held By Citizens of the European Union | EXPIRED | 2019 June 26 | 2022 June 25 |
| Backup of Organization PKI Certificate Authority (CA) Private Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Subscriber Private Signature Keys Are Not Escrowed | EXPIRED | 2019 June 26 | 2022 June 25 |
| Persons filling Trusted Roles Are Trustworthy | EXPIRED | 2019 June 26 | 2022 June 25 |
| Secure Delivery of PKI Public Keys to Certificate Authorities | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Status Server Keys Destroyed When No Longer Needed | EXPIRED | 2019 June 26 | 2022 June 25 |
| Use of New PKI Certificate Authority Private Signing Key | EXPIRED | 2019 June 26 | 2022 June 25 |
| Network Connections Limited to Support of PKI Certificate Authority | EXPIRED | 2019 June 26 | 2022 June 25 |
| Subscriber Acknowledgement of Receipt of Private Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| Encryption of Private Key Material | EXPIRED | 2019 June 26 | 2022 June 25 |
| Minimum Key Sizes for Protocols Providing Security for Certificate Policy Requirements | EXPIRED | 2019 June 26 | 2022 June 25 |
| Identification Required Before Performing PKI Role Actions | EXPIRED | 2019 June 26 | 2022 June 25 |
| Latency of PKI Certificate Online Status Information Meets Issuance Requirements | EXPIRED | 2019 June 26 | 2022 June 25 |
| Only Authorized Personnel Can Archive Audit Logs | EXPIRED | 2019 June 26 | 2022 June 25 |
| Security Controls For Device Activation of PKI Private Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Name Collision Resolution | EXPIRED | 2019 June 26 | 2022 June 25 |
| Information In PKI Certificate Applications Verified Prior To Issuance | EXPIRED | 2019 June 26 | 2022 June 25 |
| All Multiparty Access Participants Serve In A Trusted Role | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Subscriber Certificate Validity Period Does Not Exceed Re-Key Identity Requirements | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority Hardware Supports Trusted Role Separation | EXPIRED | 2019 June 26 | 2022 June 25 |
| Hardware Updates Installed By Trusted and Trained Personnel | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Subscriber Authentication Required For Private Key Activation . | EXPIRED | 2019 June 26 | 2022 June 25 |
| Revocation Requests For PKI Certificates Are Authenticated | EXPIRED | 2019 June 26 | 2022 June 25 |
| Organization PKI Certificate Policy Specifies Verification Procedures for Applications | EXPIRED | 2019 June 26 | 2022 June 25 |
| ECDSA Encryption of Public Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| Controlled Backups of PKI Subscriber Private Signature Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| Use of Old PKI Certificate Authority Private Signing Key | EXPIRED | 2019 June 26 | 2022 June 25 |
| Formatting Of Electronic Facial Image Collected During Identity Proofing And Registration For PKI Cards | EXPIRED | 2019 June 26 | 2022 June 25 |
| Auditing Ceases at Shutdown | EXPIRED | 2019 June 26 | 2022 June 25 |
| Communications Among PKI Authorities Supporting PKI Certificate Application And Issuance Process Are Authenticated | EXPIRED | 2019 June 26 | 2022 June 25 |
| Acceptable Identity Source Documents For Identity Proofing Must Be From Form I-9, OMB No. 1115-0136, Employment Eligibility Verification | EXPIRED | 2019 June 26 | 2022 June 25 |
| Accountability of PKI Hardware Module Location is Maintained | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Private Key Management Key Backups Not In Plain Text | EXPIRED | 2019 June 26 | 2022 June 25 |
| Role-Based Access Control | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Activation Data Transmitted Via Protected Channel | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Revocation Requests Are Authenticated | EXPIRED | 2019 June 26 | 2022 June 25 |
| Trusted PKI Roles Held By Personnel With a U.S. or NATO Clearance | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Authority (CA) PKI Certificates Are Posted In PKI Repository After Verification | EXPIRED | 2019 June 26 | 2022 June 25 |
| Information System Monitoring - Unauthorized Connections | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Repository Down-Time | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificates Include Extension Asserting the OIDs Appropraite To Their Level of Assurance | EXPIRED | 2019 June 26 | 2022 June 25 |
| PIV-I Hardware PKI Certificates Meet FBCA Certificate Policy | EXPIRED | 2019 June 26 | 2022 June 25 |
| Annual PKI Compliance Audits | EXPIRED | 2019 June 26 | 2022 June 25 |
| Two Electronic Fingerprints Collected During Identity Proofing And Registration For PKI Cards | EXPIRED | 2019 June 26 | 2022 June 25 |
| Least Functionality | Unnecessary / Insecure Ports Disabled | EXPIRED | 2019 June 26 | 2022 June 25 |
| DSA Signature of PKI Certificate Revocation Lists | EXPIRED | 2019 June 26 | 2022 June 25 |
| Distribution of Self-Signed Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority Keys Destroyed When No Longer Needed | EXPIRED | 2019 June 26 | 2022 June 25 |
| Private Key Material Encryption Strength | EXPIRED | 2019 June 26 | 2022 June 25 |
| End-entity PKI Certificate Minimum Diffie-Hellman Public Key Size (Expiring Before 2031) | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Subscriber Key Management Certificate Lifetime | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Authority Conveys Subscriber Responsibilities For Private Key Use | EXPIRED | 2019 June 26 | 2022 June 25 |
| Old PKI Certificates Are Not Modified After Renewal | EXPIRED | 2019 June 26 | 2022 June 25 |
| All end-entity PKI Certificates associated with PKI shall contain algorithms that conform to NIST SP 800-78. | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Subscriber Keys Generated Using Validated Hardware Module | EXPIRED | 2019 June 26 | 2022 June 25 |
| Strength of Activation Data for PKI Certificate Authority Private Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| Device PKI Certificates Issued To Devices Under Issuing Entity's Control | EXPIRED | 2019 June 26 | 2022 June 25 |
| Protection of Organization PKI Certificate Authority (CA) Private Key Backups | EXPIRED | 2019 June 26 | 2022 June 25 |
| Private Key Lifetime For Code And Content Signing PKI Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| Third-Party Providers - Notification of Terminations and Transfers | EXPIRED | 2019 June 26 | 2022 June 25 |
| Information System Monitoring - Unauthorized Use | EXPIRED | 2019 June 26 | 2022 June 25 |
| End-entity PKI Certificate Minimum Elliptic Curve Public Key Size (Expiring Before 2031) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Security checks performed for unattended facilities housing PKI CA workstations | EXPIRED | 2019 June 26 | 2022 June 25 |
| FBCA CP Section 5.1.2.1, Physical Access For CMS Equipment | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificates Revoked On Compromise | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI CRL Publishing Time | EXPIRED | 2019 June 26 | 2022 June 25 |
| Verifiable Audit Trail for PKI CA Key Pair Generation | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Authority (CA) Certificates Issued To The Organization PKI Are Available To Federal Relying Parties | EXPIRED | 2019 June 26 | 2022 June 25 |
| Revocation Request Grace Period For CA Certificates With Compromised Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| Card Authentication Certificates Indicate Organizational Affiliation | EXPIRED | 2019 June 26 | 2022 June 25 |
| Backup Site Procedural Controls Commensurate With Primary Site | EXPIRED | 2019 June 26 | 2022 June 25 |
| Accounting of Certificate Status Server Private Key Backups | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Public Key Usage | EXPIRED | 2019 June 26 | 2022 June 25 |
| Organization PKI Certificate Policy (CP) Identifies Components Of Entity PKI Responsible For Authenticating Subscriber's Identity | EXPIRED | 2019 June 26 | 2022 June 25 |
| Request To Revoke PKI Certificate Explains Reason For Revocation | EXPIRED | 2019 June 26 | 2022 June 25 |
| Information Systems Security Office Accounts For Which Subscriber Has Control Of Private Key At What Time | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Policy Meets Legal And Policy Requirements | EXPIRED | 2019 June 26 | 2022 June 25 |
| Software, Firmware, And Information Integrity | Verified From Vendor | EXPIRED | 2019 June 26 | 2022 June 25 |
| Equipment location protected from water | EXPIRED | 2019 June 26 | 2022 June 25 |
| Roles For Role-based PKI Certificates Identify Individuals | EXPIRED | 2019 June 26 | 2022 June 25 |
| Network Software Is Necessary | EXPIRED | 2019 June 26 | 2022 June 25 |
| End-entity PKI Certificate Public Keys Conform to NIST SP 800-78 | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority (CA) Equipment Is Always Protected From Unauthorized Access | EXPIRED | 2019 June 26 | 2022 June 25 |
| Requests to revoke PKI Certificates may be authenticated through a digital signature. | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate and Revocation List Digital Signatures | EXPIRED | 2019 June 26 | 2022 June 25 |
| Cryptographic Module activation information is secured | EXPIRED | 2019 June 26 | 2022 June 25 |
| CSSes Sign Responses With Signature Key Size Used To Sign CRLs | EXPIRED | 2019 June 26 | 2022 June 25 |
| Security Checks Verify Area Is Secured Against Unauthorized Access | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Related Systems Employ Appropriate Network Security Controls | EXPIRED | 2019 June 26 | 2022 June 25 |
| Documentation of Duties and Procedures for PKI Trusted Roles Provided To Personnel | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority (CA) Remote Workstations Are Protected From Unauthorized Access | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Registration Authority Keys Destroyed When No Longer Needed | EXPIRED | 2019 June 26 | 2022 June 25 |
| Secure Delivery of PKI Subscriber Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Auditors Relationship With Assessed Entities | EXPIRED | 2019 June 26 | 2022 June 25 |
| Documented Contingency Planning Policy | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Key Activation Data Reset Requires Biometric Match | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Private keys Not In Plain Text Outside Cryptographic Module Boundary | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Security Principles Training | EXPIRED | 2019 June 26 | 2022 June 25 |
| Requests to revoke PKI Certificates may be authenticated through a manual signature. | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Private Signature Key Backup Storage Controls | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Revocation Lists (CRLs) Certificates Issued By The Organization PKI Are Available To Federal Relying Parties | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Compliance Audits Verify Compliance With Organization PKI Certificate Policy (CP) And MOAs | EXPIRED | 2019 June 26 | 2022 June 25 |
| PIV-I Card End Entity Certificate Naming | EXPIRED | 2019 June 26 | 2022 June 25 |
| Background Checks Verify Highest Educational Degree | EXPIRED | 2019 June 26 | 2022 June 25 |
| Transmission of PKI Key Activation Data | EXPIRED | 2019 June 26 | 2022 June 25 |
| Third-Party Providers - Compliance With Personnel Security Requirements | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certification Practices Statement (CPS) Submitted To Approval Authority | EXPIRED | 2019 June 26 | 2022 June 25 |
| PIV-I Subscriber Certificate Expiration | EXPIRED | 2019 June 26 | 2022 June 25 |
| Constant monitoring for unauthorized physical intrusion to system equipment | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Authority (CA) Verifies Identity Of Applicant In Accordance With Certification Practices Statement (CPS) | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Records Archive Applications Are Archived | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Repository Available 24 by 7 | EXPIRED | 2019 June 26 | 2022 June 25 |
| Organization PKI Certificate Authority (CA) Delegates Collect PKI Cards That Are No Longer Valid | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority Uses Dedicated Hardware | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Records Archive Authoritzations | EXPIRED | 2019 June 26 | 2022 June 25 |
| Initial Registration Process Used For Re-key After PKI Certificate Revocation | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Subject And User Fields Are Populated With X.500 Distinguished Names | EXPIRED | 2019 June 26 | 2022 June 25 |
| Media Access | EXPIRED | 2019 June 26 | 2022 June 25 |
| Background Checks Address Employment | EXPIRED | 2019 June 26 | 2022 June 25 |
| Private PKI Keys Encrypted During Transport | EXPIRED | 2019 June 26 | 2022 June 25 |
| Persons Filling Trusted PKI Roles Are Selected On The Basis Of Loyalty | EXPIRED | 2019 June 26 | 2022 June 25 |
| Log Maintained for Physical Security Checks | EXPIRED | 2019 June 26 | 2022 June 25 |
| Private Key Lifetime For Keys Used To Issue PKI OCSP Responder Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| Private Key Lifetime For Self-Signed Trust Anchor PKI Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Records Retention In Accordance with Law | EXPIRED | 2019 June 26 | 2022 June 25 |
| Activation Data For PKI Subscriber Private Keys Is Memorized | EXPIRED | 2019 June 26 | 2022 June 25 |
| Malicious Code Protection - Periodic Scans | EXPIRED | 2019 June 26 | 2022 June 25 |
| New Certificates Issued on Compromise or Loss of PKI Certificate Authority Signature Key | EXPIRED | 2019 June 26 | 2022 June 25 |
| Reporting of Key Compromise or Loss to the Federal PKI Policy Authority (FPKIPA) | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Name Dispute Resolution | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certification Practices Statement (CPS) Conforms To Certificate Policy (CP) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Federal Government-issued Picture ID Required For Identity Proofing | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Private Signature Keys Not Archived | EXPIRED | 2019 June 26 | 2022 June 25 |
| Off-Site Storage of PKI Records Archive Media | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authorities (CA) Provide Notice of Incidents | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Trusted Role Separation | EXPIRED | 2019 June 26 | 2022 June 25 |
| System Clock Adjustments Audited | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Status Server Compliance Audits | EXPIRED | 2019 June 26 | 2022 June 25 |
| Latency of PKI Certificate Online Status Information | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Audit Compliance Package Submitted To Federal PKI Policy Authority | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority Uses Dedicated Software | EXPIRED | 2019 June 26 | 2022 June 25 |
| Secure Distribution of Updated PKI CA Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| Cryptographic Modules Deactivated After Use | EXPIRED | 2019 June 26 | 2022 June 25 |
| Separation of Duties | EXPIRED | 2019 June 26 | 2022 June 25 |
| Latency of PKI Certificate Online Status Information Meets Issuance Requirements (Delegated Responders) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Content Signing PKI Certificates Include id-fpki-pivi-content-signing | EXPIRED | 2019 June 26 | 2022 June 25 |
| Re-key Requests For New Public Keys Are Accepted From Subjects Of PKI Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| Identity Verification Time Before Issuing PKI Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| Role-based PKI Certificates Protected In Same Manner As Individual Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| In-person Identity Proofing Records A Facsimile Of Applicant's ID | EXPIRED | 2019 June 26 | 2022 June 25 |
| Sponsor Of Computing And Communications Devices Named As PKI Certificate Subjects Provides Equipment Authorizations | EXPIRED | 2019 June 26 | 2022 June 25 |
| Secure Delivery of PKI Subscriber Identity to Certificate Authorities | EXPIRED | 2019 June 26 | 2022 June 25 |
| Unauthorized access to CA hardware is not permitted | EXPIRED | 2019 June 26 | 2022 June 25 |
| Methods for Publicizing Revoked Certificates Meet Issuance Requirements | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Hardware Certificates Issued Only To Human Subscribers | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority (CA) Key Rollover Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| Maintenance of PKI Hardware Module State is Maintained | EXPIRED | 2019 June 26 | 2022 June 25 |
| Secure Distribution of Self-Signed PKI Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| CA Equipment Site Construction Provides Robust Protection Against Unauthorized Access | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority Record Details Verify Certificate Validity | EXPIRED | 2019 June 26 | 2022 June 25 |
| Procedures For Issuing Role-based PKI Tokens Comply With PKI Certificate Policy (CP) | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Revocation Requests Accepted From Affiliated Organizations | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Device Private Signature Key Backups Not In Plain Text | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate and Revocation List Digital Signatures (Prior to 2014) | EXPIRED | 2019 June 26 | 2022 June 25 |
| End-entity PKI Certificate Minimum RSA Public Key Size (Expiring Before 2031) | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority Software Supports Trusted Role Separation | EXPIRED | 2019 June 26 | 2022 June 25 |
| ECDSA Encryption of Public keys (Self-Signed 2010-2030 Exception) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Documentation of PKI CA Key Pair Generation Shows Role Separation | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Auditor Role Authorized Actions | EXPIRED | 2019 June 26 | 2022 June 25 |
| Proof Of Possession Of Private Key For Self-Generated Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Subscriber Private Signature Keys Not Copied | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Affiliated Organization Requirements | EXPIRED | 2019 June 26 | 2022 June 25 |
| Information Provided During Identity Proofing Is Verified To Ensure Legitimacy | EXPIRED | 2019 June 26 | 2022 June 25 |
| Software Update Sources | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificates Comply With the PIV-I CRL Extensions Profile | EXPIRED | 2019 June 26 | 2022 June 25 |
| Organization Fulfills Application Requirements For Federal Bridge Certification Authority (FBCA) Cross Certification | EXPIRED | 2019 June 26 | 2022 June 25 |
| Independent PKI Auditors | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate and Private Key Lifetime for Subscriber PKI Signing Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Minimum RSA Public Key Size (Expiring After 2030) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Non-Null Subject Distinguished Name (DN) In Certificate Authority (CA) Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| Subscribers of Organization PKI Certificate Authority's (CA) Identify Themselves For Re-keying | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Authority (CA) PKI Certificates Are Checked To Ensure All Extensions Are Populated | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority Retains Records of Subscriber Token Receipt | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certification Practices Statement (CPS) Meets Certificate Policy (CP) Requirements | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Repository Information Protection | EXPIRED | 2019 June 26 | 2022 June 25 |
| Removable cryptographic modules are secured | EXPIRED | 2019 June 26 | 2022 June 25 |
| Role-based PKI Certificates Issued To Individual Subscribers | EXPIRED | 2019 June 26 | 2022 June 25 |
| Multi-Person Control of Content Signing Private Key Backups | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Audit Log Removal Role | EXPIRED | 2019 June 26 | 2022 June 25 |
| Organization Accepts FIPS-approved Signature Algorithms | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Authority (CA) PKI Certificates Are Posted In PKI Repository After Generation | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Validity Period meets Key Usage Period Time Limits Specified In PKI Certificate Policy | EXPIRED | 2019 June 26 | 2022 June 25 |
| Background Refresh Investigations | EXPIRED | 2019 June 26 | 2022 June 25 |
| Trusted PKI Roles Held By Citizens of System Location | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Auditors Demonstrate Competence | EXPIRED | 2019 June 26 | 2022 June 25 |
| Access Enforcement | EXPIRED | 2019 June 26 | 2022 June 25 |
| Construction Of CA Facilities Is Consistent Houseing High Value Sensitive Information | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Subscriber Certificate Limits Do Not Exceed Those Of The Issuing Certificate Authority Certificate | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI CA Certificate Public Key Usage Bits | EXPIRED | 2019 June 26 | 2022 June 25 |
| Cryptographic Module activation data is secured | EXPIRED | 2019 June 26 | 2022 June 25 |
| Release of PKI Records Archive Contents In Accordance With Law | EXPIRED | 2019 June 26 | 2022 June 25 |
| Identity For PKI Certificates Established In-person Before An Entity Certified By A State Organization | EXPIRED | 2019 June 26 | 2022 June 25 |
| Minimum Certificate Signature RSA Key Length | EXPIRED | 2019 June 26 | 2022 June 25 |
| Role-based PKI Certificate Key Pair Uniqueness | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate and Revocation List Digital Signatures (Prior to 2031) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Electronic Facial Image Collected During Identity Proofing And Registration For PKI Cards | EXPIRED | 2019 June 26 | 2022 June 25 |
| Role-Based Operational Training | EXPIRED | 2019 June 26 | 2022 June 25 |
| Hardware Certificates Indicate Organization Affiliation | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Subscriber Keys Generated Using Validated Software Module | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Minimum DSA Public Key Size (Expiring After 2030) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Removal of PKI Certificate Authority (CA) Hardware Cryptographic Modules After Use | EXPIRED | 2019 June 26 | 2022 June 25 |
| Entry Of PKI Key Activation Data Is Protected From Disclosure | EXPIRED | 2019 June 26 | 2022 June 25 |
| Media Sanitization Mechanism Strength | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Authority (CA) Validates Delegated Authority For Pseudonymous PKI Certificates That Identify Subjects By Organizational Roles | EXPIRED | 2019 June 26 | 2022 June 25 |
| Applications Limited To Support of PKI Certificate Authority | EXPIRED | 2019 June 26 | 2022 June 25 |
| Only PKI Trusted Roles Can Read Audit Logs | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificates Are revoked When Binding Between Subject And Subject's Public Key Is No Longer Valid | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Subscriber Signature Keys Not Held By Third Parties | EXPIRED | 2019 June 26 | 2022 June 25 |
| Registration Information For Device PKI Certificates Is Commensurate With PKI Certificate Assurance Level | EXPIRED | 2019 June 26 | 2022 June 25 |
| Information System Backup | Transfer To Alternate Storage Site | EXPIRED | 2019 June 26 | 2022 June 25 |
| Minimum Content of Audit Records | EXPIRED | 2019 June 26 | 2022 June 25 |
| Identity For PKI Certificates Established In-person Before A Trusted Agent Of The Registration Authority (RA) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Information System Monitoring - Attack Detection | EXPIRED | 2019 June 26 | 2022 June 25 |
| Private Keys Delivered on Hardware Not Retained | EXPIRED | 2019 June 26 | 2022 June 25 |
| Revoked PKI Certificates Included On New Publications Of PKI Certificate Status Information | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Subscribers Acknowledge Handling Requirements In Writing | EXPIRED | 2019 June 26 | 2022 June 25 |
| Sponsor Of Computing And Communications Devices Named As PKI Certificate Subjects Provides Public Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authorities (CAs) Publish PKI Certificate Revocation Lists (CRLs) | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Information Systems Support Recovery From Key Failure | EXPIRED | 2019 June 26 | 2022 June 25 |
| Sponsor Of Computing And Communications Devices Named As PKI Certificate Subjects Provides Service Name | EXPIRED | 2019 June 26 | 2022 June 25 |
| Distinguished Names (DNs) Used In PKI Certificates Use Common Names That Are Not Misleading | EXPIRED | 2019 June 26 | 2022 June 25 |
| Organization PKI Repository Responsibility | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority Hardware Demonstrates Requirements Met | EXPIRED | 2019 June 26 | 2022 June 25 |
| Periodic Contingency Planning Training | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Authority (CA) Certificate Availability | EXPIRED | 2019 June 26 | 2022 June 25 |
| Delivery of Private Keys Ensures Correct Tokens and Activation Data are Provided | EXPIRED | 2019 June 26 | 2022 June 25 |
| Process For Identity Verification Addressed In Certification Practices Statement (CPS) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Facility sign-out sheet | EXPIRED | 2019 June 26 | 2022 June 25 |
| State Government-issued Picture ID Required For Identity Proofing | EXPIRED | 2019 June 26 | 2022 June 25 |
| Retention of Old PKI Certificate Authority Private Signing Key | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Device Private Signature Key Backup Storage Controls | EXPIRED | 2019 June 26 | 2022 June 25 |
| Hardware Limited To Support of PKI Certificate Authority | EXPIRED | 2019 June 26 | 2022 June 25 |
| Persons Filling Trusted PKI Roles Are Selected On The Basis Of Trustworthiness | EXPIRED | 2019 June 26 | 2022 June 25 |
| Organization PKI Certificate Authorities (CAs) destroy PKI Cards That Are No Longer Valid | EXPIRED | 2019 June 26 | 2022 June 25 |
| Organization PKI Certificate Authorities (CA) Record Destruction Of PKI Cards | EXPIRED | 2019 June 26 | 2022 June 25 |
| Unverified Information Is Not Included In PKI Certificates For Other Than The Rudimentary Assurance Level | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Information Posting Stipulations | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certification Practices Statement (CPS) And Certificate Policy (CP) Suitability Determination | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certification Practices Statement (CPS) Compliance Results | EXPIRED | 2019 June 26 | 2022 June 25 |
| Export of PKI Certificate Authority Private Keys Only For Backup | EXPIRED | 2019 June 26 | 2022 June 25 |
| Periodic Role-Based Security Training | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI CRLs Published Before nextUpdate Time | EXPIRED | 2019 June 26 | 2022 June 25 |
| Time Stamps | Synchronization With Authoritative Time Source | EXPIRED | 2019 June 26 | 2022 June 25 |
| CSSes Sign Responses With Hash Algorithm Used To Sign CRLs | EXPIRED | 2019 June 26 | 2022 June 25 |
| Third-Party Providers - Compliance Monitoring | EXPIRED | 2019 June 26 | 2022 June 25 |
| Transfer of PKI Records Archive to New Media | EXPIRED | 2019 June 26 | 2022 June 25 |
| RSA Encryption of Public keys (Self-Signed 2010-2030 Exception) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Documentation of Duties and Procedures for PKI Trusted Roles | EXPIRED | 2019 June 26 | 2022 June 25 |
| Release of PKI Records Archive Contents In Accordance With Policy | EXPIRED | 2019 June 26 | 2022 June 25 |
| Documented System Maintenance Procedures | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Requests In The Name Of An Affiliated Organization Include Documentation Of Organization Existence | EXPIRED | 2019 June 26 | 2022 June 25 |
| Notification to Subscriber of PKI Certificate Issuance in Accordance with U.S. Government Requirements | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority Record Details Verify Operation | EXPIRED | 2019 June 26 | 2022 June 25 |
| Documented Configuration Management Policy | EXPIRED | 2019 June 26 | 2022 June 25 |
| Organization Certificate Authorities (CA) Verify Source of PKI Certificate Requests Before Issuance | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Revocation List (CRL) Issuance Frequency For Online Certificate Authorities | EXPIRED | 2019 June 26 | 2022 June 25 |
| Auditor Role Excluded From Multiparty Access | EXPIRED | 2019 June 26 | 2022 June 25 |
| Old PKI Certificates Are Not Re-keyed After Renewal | EXPIRED | 2019 June 26 | 2022 June 25 |
| Private Key Lifetime For PKI Certificate Authority Issued Subscriber Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| End-entity PKI Certificate Minimum DSA Public Key Size | EXPIRED | 2019 June 26 | 2022 June 25 |
| Authentication Of Subscribers Meets Requirements Specified In The FBCA Certificate Policy | EXPIRED | 2019 June 26 | 2022 June 25 |
| Multi-Person Control of Certificate Authority Private Key Backups | EXPIRED | 2019 June 26 | 2022 June 25 |
| Backup Capability - Input Lockout on loss of air conditioning | EXPIRED | 2019 June 26 | 2022 June 25 |
| Background Checks Address Law Enforcement | EXPIRED | 2019 June 26 | 2022 June 25 |
| Adjudication of Background Investigations | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Officer Role Authorized Actions | EXPIRED | 2019 June 26 | 2022 June 25 |
| Minimum RSA Key Size for Self-Signed PKI Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| Date of Identity Verification Is Recorded For Each PKI Certificate Issued | EXPIRED | 2019 June 26 | 2022 June 25 |
| Role-based PKI Certificates Not Shared | EXPIRED | 2019 June 26 | 2022 June 25 |
| Failure of PKI Certificate Authority Audit System | EXPIRED | 2019 June 26 | 2022 June 25 |
| Hardware Certificates Indicate No Organization Affiliation | EXPIRED | 2019 June 26 | 2022 June 25 |
| Information Systems Security Office Maintains List Of Subscribers With Access To Group PKI Certificate Private Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| Trusted PKI Roles Held By Citizens of Member Country | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Requests In The Name Of An Affiliated Organization Include Organization Name | EXPIRED | 2019 June 26 | 2022 June 25 |
| Software, Firmware, And Information Integrity | Code Authentication | EXPIRED | 2019 June 26 | 2022 June 25 |
| User Principal Names (UPNs) Used In PKI Certificates Are Unique | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Trusted Agent Performs Biometric Match | EXPIRED | 2019 June 26 | 2022 June 25 |
| Registration Authority (RA) Verifies Identity Of Applicant In Accordance With Certificate Policy (CP) | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Private Signature Key Backups Not In Plain Text | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Private Key Management Key Backup Storage Controls | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Revocation List (CRL) Availability | EXPIRED | 2019 June 26 | 2022 June 25 |
| Identity For PKI Certificates Established In-person Before An Entity Certified By A Federal Organization | EXPIRED | 2019 June 26 | 2022 June 25 |
| Sensitive PKI Certificate Authority (CA) equipment is secured | EXPIRED | 2019 June 26 | 2022 June 25 |
| Background Checks Address References | EXPIRED | 2019 June 26 | 2022 June 25 |
| CA Records Site Location Provides Robust Protection Against Unauthorized Access | EXPIRED | 2019 June 26 | 2022 June 25 |
| The Registration Authority (RA) equipment tampering risk reduced | EXPIRED | 2019 June 26 | 2022 June 25 |
| Trusted Person In Lieu Of Face To Face Registration For PKI Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| Organization Identifies Authority Responsible For Name Uniqueness In PKI Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certification Practices Statement (CPS) Describes Time-Stamp Clock Synchronization | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Subscriber Dual Use Keys Are Not Escrowed | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Revocation Requests Accepted From Subscribers | EXPIRED | 2019 June 26 | 2022 June 25 |
| Old PKI Certificates Are Not Renewed After Renewal | EXPIRED | 2019 June 26 | 2022 June 25 |
| Protection of Audit Information | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Software Training | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificates Identify Cryptographic Algorithms Used | EXPIRED | 2019 June 26 | 2022 June 25 |
| Hardware Update Sources | EXPIRED | 2019 June 26 | 2022 June 25 |
| Software Updates Installed By Trusted and Trained Personnel | EXPIRED | 2019 June 26 | 2022 June 25 |
| Registration Authority (RA) Verifies Identity Of Applicant In Accordance With Certification Practices Statement (CPS) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Automatic Time-Stamping of PKI Certificate Aurthority Archive Records | EXPIRED | 2019 June 26 | 2022 June 25 |
| RSA Encryption of Public Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| Public Key Lifetime For Code And Content Signing PKI Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| Authentication Of Subscribers Meets Requirements Specified In Organization PKI Certificate Policy (CP) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Registration Authority (RA) Verifies Authorization Of Representative Requesting Affiliated Organization PKI Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI CA Certificates Do Not Include Critical Private Extensions | EXPIRED | 2019 June 26 | 2022 June 25 |
| End-entity PKI Certificate Minimum RSA Public Key Size | EXPIRED | 2019 June 26 | 2022 June 25 |
| Data Received To Confirm Subscriber Attributes Is Protected | EXPIRED | 2019 June 26 | 2022 June 25 |
| Organization PKI Certificate Authority (CA) Delegates Record Destruction Of PKI Cards | EXPIRED | 2019 June 26 | 2022 June 25 |
| Initial Role-Based Security Training | EXPIRED | 2019 June 26 | 2022 June 25 |
| Identity Source Documents For Identity Proofing Are In Original Form | EXPIRED | 2019 June 26 | 2022 June 25 |
| System Process Isolation | EXPIRED | 2019 June 26 | 2022 June 25 |
| End Entity certificate Uniform Resource Identifiers | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Status Servers (CSS) Sign Responses Using Designated Algorithms | EXPIRED | 2019 June 26 | 2022 June 25 |
| Requirements For Two Person control Are Enforced | EXPIRED | 2019 June 26 | 2022 June 25 |
| Persons Filling Trusted PKI Roles Are Selected On The Basis Of Integrity | EXPIRED | 2019 June 26 | 2022 June 25 |
| Identification Of Subscribers Meets Requirements Specified In The FBCA Certificate Policy | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Operator Role Authorized Actions | EXPIRED | 2019 June 26 | 2022 June 25 |
| Background Checks Address Education | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Repositories Contain All Certificate Revocation Lists (CRLs) Issued By The Organization PKI | EXPIRED | 2019 June 26 | 2022 June 25 |
| Responsible Parties Identified for PKI Certificate Authority (CA) Operation | EXPIRED | 2019 June 26 | 2022 June 25 |
| Card Authentication Certificates Indicate No Organizational Affiliation | EXPIRED | 2019 June 26 | 2022 June 25 |
| Delivery Mechanisms Bind PKI Subsciber Identity to Public Key | EXPIRED | 2019 June 26 | 2022 June 25 |
| Notification of PKI Certificate Authority Disaster | Physical Damage To Installation | EXPIRED | 2019 June 26 | 2022 June 25 |
| Background Checks Address Residence | EXPIRED | 2019 June 26 | 2022 June 25 |
| Cryptography Strength Used to Bind PKI Subscriber Identities to Public Keys | EXPIRED | 2019 June 26 | 2022 June 25 |
| Review of Audit Records | EXPIRED | 2019 June 26 | 2022 June 25 |
| Private Keys Protected During Delivery Process | EXPIRED | 2019 June 26 | 2022 June 25 |
| In-person Identity Proofing Records Unique Identifying Number(s) From Applicant's ID | EXPIRED | 2019 June 26 | 2022 June 25 |
| Authentication of Remote Management Workstations Commensurate with System Assurance Requirements | EXPIRED | 2019 June 26 | 2022 June 25 |
| Cross-certified Organization PKI Repository Interoperability | EXPIRED | 2019 June 26 | 2022 June 25 |
| Identity of Person Performing Identity Verification For PKI Certificate Issuance Is Recorded | EXPIRED | 2019 June 26 | 2022 June 25 |
| Identity For PKI Certificates Established In-person Before Registration Authority (RA) | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Repositories Contain All Certificate Authority (CA) Certificates Issued To The Organization PKI | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Compliance Discrepancies Reported to Responsible Parties | EXPIRED | 2019 June 26 | 2022 June 25 |
| The Certification Practices Statement (CPS) Describe Procedures To Ensure PKI Certificate Accountability For Devices With PKI Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Status Server Private Key Backup Protection | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Repositories Contain All Certificate Authority (CA) Certificates Issued By The Organization PKI | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Compliance Audit Statistical Sampling | EXPIRED | 2019 June 26 | 2022 June 25 |
| Communications Between Trusted Roles and PKI Certificate Authority Protected from Modification | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Renewal Requests Are Accepted From PKI Certificate Subjects | EXPIRED | 2019 June 26 | 2022 June 25 |
| Organization PKI PMA Is Responsible For Ensuring Audits Are Conducted For PKI Functions | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Subscribers Protect Private Keys From Access By Others | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority (CA) Recovery Priority | Keys Not Destroyed | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority (CA) PKI Certificates Are Published In Organization PKI Repositories | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Archive Retention Period | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Renewal Requests Are Accepted From Registration Authorities (RAs) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Distinguished Names (DNs) Used In PKI Certificates Use Common Names That Respect Name Space Uniqueness | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Authority (CA) Validates Roles For Pseudonymous PKI Certificates That Identify Subjects By Organizational Roles | EXPIRED | 2019 June 26 | 2022 June 25 |
| Backup Capability - Records state on loss of air conditioning | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Compliance Audit Package Preparation | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Repository Information Not Intended For Modification Is Protected | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Information Retrieval Stipulations | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Revocation Request Processing Time | EXPIRED | 2019 June 26 | 2022 June 25 |
| Private Key Lifetime For Keys Used To Sign PKI Certificate Revocartion Lists | EXPIRED | 2019 June 26 | 2022 June 25 |
| Activation Data For PKI Subscriber Private Keys Is Biometric | EXPIRED | 2019 June 26 | 2022 June 25 |
| Registration Authority (RA) Verifies Information In PKI Certificate Requests In The Name Of An Affiliated Organization | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Policy (CP) Specifies Rules For Interpreting Names In Subscriber Certificates | EXPIRED | 2019 June 26 | 2022 June 25 |
| Accounting of Organization PKI Certificate Authority (CA) Private Key Backups | EXPIRED | 2019 June 26 | 2022 June 25 |
| Revoked PKI Certificates Placed On Certificate Revocation List (CRL) | EXPIRED | 2019 June 26 | 2022 June 25 |
| Cryptographic modules shall be validated to the FIPS 140 level. | EXPIRED | 2019 June 26 | 2022 June 25 |
| Third-Party Validation of PKI CA Key Generation Procedures | EXPIRED | 2019 June 26 | 2022 June 25 |
| Certificate Authority Signature Keys Are Not Escrowed | EXPIRED | 2019 June 26 | 2022 June 25 |
| Backup Capability - Pending actions on power loss | EXPIRED | 2019 June 26 | 2022 June 25 |
| Methods for Publicizing Revoked Certificates Meet Latency Requirements | EXPIRED | 2019 June 26 | 2022 June 25 |
| Organization PKI Certificate Authority (CA) Requires Notification Of Changes In Subscriber Affiliation | EXPIRED | 2019 June 26 | 2022 June 25 |
| PKI Certificate Authority (CA) Recovery Priority | Keys Destroyed | EXPIRED | 2019 June 26 | 2022 June 25 |
| Cryptographic Module activation data not stored with removable hardware | EXPIRED | 2019 June 26 | 2022 June 25 |
| Electronically Delivered Private Keys Not Retained | EXPIRED | 2019 June 26 | 2022 June 25 |
| Remote Access To PKI Repository Information Is Controlled | EXPIRED | 2019 June 26 | 2022 June 25 |
| FIPS-140 Validated Modules for Generation of PKI Cryptographic Keys | EXPIRED | 2019 June 26 | 2022 June 25 |