National Directive to Implement Public Key Infrastructure for the Protection of Systems Operating on Secret Level Networks [open pdf - 131KB]
"This Directive establishes the requirement for all federal agencies to implement the National Security Systems Public Key Infrastructure (NSS-PKI) to promote interoperability and secure information sharing between federal departments and agencies and to use PKI to provide strong authentication to their systems operating on Secret level networks. The authority to issue this Directive derives from National Security Directive 42, which outlines the roles and responsibilities for securing national security systems, consistent with applicable law, E.O. 12333, as amended, and other Presidential directives. Nothing in this Directive should be interpreted as altering or superseding the existing authorities of the Director of National Intelligence. This Directive applies to all departments and agencies of the United States Government (USG), and their supporting contractors, agents, and non-federal affiliates who own, operate, or maintain NSS operating at the Secret level. For purposes of this Directive, PKI refers to products and services that provide and manage X.509 certificates for public key cryptography. This Directive mandates the development and implementation of a comprehensive approach to the use of PKI to protect U.S. Government NSS. All departments and agencies of the USG, and their supporting contractors, agents, and non-federal affiliates who own, operate, or maintain NSS operating at the Secret level shall follow this directive in the implementation and use of NSS-PKI for all systems residing on Secret-level networks, including systems that reside on closed operational networks. Federal Government departments and agencies shall ensure that the implementation of NSS-PKI adheres to the requirements of this Directive."
CNSSD No. 506; Committee on National Security Systems No. 506
Committee on National Security Systems: www.cnss.gov/