######## UNCLASSIFIED ######## ######## DoD Approved Assurance Levels from External Partner PKIs ######## #All listed OIDs are mapped back to FBCA and allowable per policy #Assurance levels are represented by Certificate Policy Object Identifiers (OIDs) which are asserted in the certificate Policies x509 certificate extension. DoD PKI only maps to FBCA medium hardware assurance level or higher, which causes all lower assurance levels to be invalid according to the standard. OIDs approved for physical access or email encryption only are not included in this list. For more information on assurance levels, go to the DoD Approved External PKI Master Document posted in Interoperability Downloads on the PKI Interoperability page at https://cyber.mil/pki-pke/interoperability. # Version 1.16 - Last Updated July 24, 2023 ######## DoD PKI Assurance Levels ######## #All DoD assurance levels are permitted for use within DoD. More information is provided in the DoD Certificate Policy at https://dl.dod.cyber.mil/wp-content/uploads/pki-pke/pdf/unclass-dod_cp_v10-6_20180520.pdf. #CERTIFICATE POLICY OID DESCRIPTIVE NAME 2.16.840.1.101.2.1.11.5 id-US-dod-medium 2.16.840.1.101.2.1.11.9 id-US-dod-mediumhardware 2.16.840.1.101.2.1.11.10 id-US-dod-PIV-Auth 2.16.840.1.101.2.1.11.17 id-US-dod-mediumNPE 2.16.840.1.101.2.1.11.18 id-US-dod-medium-2048 2.16.840.1.101.2.1.11.19 id-US-dod-mediumHardware-2048 2.16.840.1.101.2.1.11.20 id-US-dod-PIV-Auth-2048 2.16.840.1.101.2.1.11.31 id-US-dod-peerInterop 2.16.840.1.101.2.1.11.36 id-US-dod-mediumNPE-112 2.16.840.1.101.2.1.11.37 id-US-dod-mediumNPE-128 2.16.840.1.101.2.1.11.38 id-US-dod-mediumNPE-192 2.16.840.1.101.2.1.11.39 id-US-dod-medium-112 2.16.840.1.101.2.1.11.40 id-US-dod-medium-128 2.16.840.1.101.2.1.11.41 id-US-dod-medium-192 2.16.840.1.101.2.1.11.42 id-US-dod-mediumHardware-112 2.16.840.1.101.2.1.11.43 id-US-dod-mediumHardware-128 2.16.840.1.101.2.1.11.44 id-US-dod-mediumHardware-192 2.16.840.1.101.2.1.11.59 id-US-dod-admin 2.16.840.1.101.2.1.11.60 id-US-dod-internalNPE-112 2.16.840.1.101.2.1.11.61 id-US-dod-internalNPE-128 2.16.840.1.101.2.1.11.62 id-US-dod-internalNPE-192 ######## ECA PKI Assurance Levels ######## #All ECA PKI assurance levels are permitted for all purposes within DoD. More information is provided in the ECA Certificate Policy at https://dl.dod.cyber.mil/wp-content/uploads/pki-pke/pdf/unclass-dod_eca_cp_v4-5_20190220.pdf. #CERTIFICATE POLICY OID DESCRIPTIVE NAME 2.16.840.1.101.3.2.1.12.1 id-eca-medium 2.16.840.1.101.3.2.1.12.2 id-eca-medium-hardware 2.16.840.1.101.3.2.1.12.3 id-eca-medium-token 2.16.840.1.101.3.2.1.12.4 id-eca-medium-sha256 2.16.840.1.101.3.2.1.12.5 id-eca-medium-token-sha256 2.16.840.1.101.3.2.1.12.6 id-eca-medium-hardware-pivi 2.16.840.1.101.3.2.1.12.8 id-eca-contentsigning-pivi 2.16.840.1.101.3.2.1.12.9 id-eca-medium-device-sha256 2.16.840.1.101.3.2.1.12.10 id-eca-medium-hardware-sha256 ######## Federal PKI Assurance Levels ######## #All DoD approved external PKIs are cross certified with FPKI, either directly or through an SSP or another bridge. #CERTIFICATE POLICY OID DESCRIPTIVE NAME 2.16.840.1.101.3.2.1.3.4 id-fpki-certpcy-highAssurance 2.16.840.1.101.3.2.1.3.7 id-fpki-common-hardware 2.16.840.1.101.3.2.1.3.12 id-fpki-certpcy-mediumHardware 2.16.840.1.101.3.2.1.3.13 id-fpki-common-authentication 2.16.840.1.101.3.2.1.3.16 id-fpki-common-High 2.16.840.1.101.3.2.1.3.18 id-fpki-certpcy-pivi-hardware 2.16.840.1.101.3.2.1.3.20 id-fpki-certpcy-pivi-contentSigning 2.16.840.1.101.3.2.1.3.36 id-fpki-common-devicesHardware 2.16.840.1.101.3.2.1.3.38 id-fpki-certpcy-mediumDeviceHardware 2.16.840.1.101.3.2.1.3.39 id-fpki-common-piv-contentSigning 2.16.840.1.101.3.2.1.3.41 id-fpki-common-pivAuth-derived-hardware ######## Entrust Federal SSP PKI Assurance Levels ######## #CERTIFICATE POLICY OID DESCRIPTIVE NAME 2.16.840.1.101.3.2.1.3.7 id-fpki-common-hardware 2.16.840.1.101.3.2.1.3.13 id-fpki-common-authentication 2.16.840.1.101.3.2.1.3.36 id-fpki-common-devicesHardware 2.16.840.1.101.3.2.1.3.39 id-fpki-common-piv-contentSigning 2.16.840.1.101.3.2.1.3.41 id-fpki-common-pivAuth-derived-hardware ######## Department of State PKI Assurance Levels ######## #CERTIFICATE POLICY OID DESCRIPTIVE NAME 2.16.840.1.101.3.2.1.6.4 state-high 2.16.840.1.101.3.2.1.6.12 state-medHW 2.16.840.1.101.3.2.1.3.7 id-fpki-common-hardware 2.16.840.1.101.3.2.1.3.13 id-fpki-common-authentication 2.16.840.1.101.3.2.1.3.16 id-fpki-common-high 2.16.840.1.101.3.2.1.3.36 id-fpki-common-devicesHardware 2.16.840.1.101.3.2.1.3.39 id-fpki-common-piv-contentSigning 2.16.840.1.101.3.2.1.3.41 id-fpki-common-pivAuth-derived-hardware ######## DigiCert Federal SSP PKI Assurance Levels ######## #CERTIFICATE POLICY OID DESCRIPTIVE NAME 2.16.840.1.101.3.2.1.3.7 id-fpki-common-hardware 2.16.840.1.101.3.2.1.3.13 id-fpki-common-authentication 2.16.840.1.101.3.2.1.3.16 id-fpki-common-High 2.16.840.1.101.3.2.1.3.36 id-fpki-common-devicesHardware 2.16.840.1.101.3.2.1.3.39 id-fpki-common-piv-contentSigning 2.16.840.1.101.3.2.1.3.41 id-fpki-common-pivAuth-derived-hardware ## Note: DigiCert Federal SSP PKI shares the Federal Common Policy root, which asserts additional policies as listed in the Federal PKI Assurance Levels section ## ######## U.S. Treasury SSP PKI Assurance Levels######## #CERTIFICATE POLICY OID DESCRIPTIVE NAME 2.16.840.1.101.3.2.1.5.4 id-treasury-certpcy-mediumhardware 2.16.840.1.101.3.2.1.5.5 id-treasury-certpcy-high 2.16.840.1.101.3.2.1.5.10 id-treasury-pivi-hardware 2.16.840.1.101.3.2.1.5.12 id-treasury-pivi-contentSigning 2.16.840.1.101.3.2.1.3.7 id-fpki-common-hardware 2.16.840.1.101.3.2.1.3.13 id-fpki-common-authentication 2.16.840.1.101.3.2.1.3.16 id-fpki-common-high 2.16.840.1.101.3.2.1.3.36 id-fpki-common-devicesHardware 2.16.840.1.101.3.2.1.3.39 id-fpki-common-piv-contentSigning 2.16.840.1.101.3.2.1.3.41 id-fpki-common-pivAuth-derived-hardware ######## Verizon/Cybertrust Federal SSP PKI Assurance Levels ######## #CERTIFICATE POLICY OID DESCRIPTIVE NAME 2.16.840.1.101.3.2.1.3.7 id-fpki-common-hardware 2.16.840.1.101.3.2.1.3.13 id-fpki-common-authentication 2.16.840.1.101.3.2.1.3.39 id-fpki-common-piv-contentsigning ## Note: Verizon/Cybertrust Federal SSP PKI shares the Federal Common Policy root, which asserts additional policies as listed in the Federal PKI Assurance Levels section ## ######## WidePoint Federal SSP PKI Asserted Policies ######## #CERTIFICATE POLICY OID DESCRIPTIVE NAME 2.16.840.1.101.3.2.1.3.7 id-fpki-common-hardware 2.16.840.1.101.3.2.1.3.13 id-fpki-common-authentication 2.16.840.1.101.3.2.1.3.36 id-fpki-common-devicesHardware 2.16.840.1.101.3.2.1.3.39 id-fpki-common-piv-contentSigning ## Note: WidePoint Federal SSP PKI shares the Federal Common Policy root, which asserts additional policies as listed in the Federal PKI Assurance Levels section ## ######## Boeing PKI Assurance Levels ######## #CERTIFICATE POLICY OID DESCRIPTIVE NAME 1.3.6.1.4.1.73.15.3.1.12 id-Boeing-mediumHardware-SHA256 1.3.6.1.4.1.73.15.3.1.17 id-Boeing-mediumHardware-contentSigning-SHA256 ######## Carillon Federal Services ######## #CERTIFICATE POLICY OID DESCRIPTIVE NAME 1.3.6.1.4.1.45606.3.1.12 id-carillon_mediumHardware-256 1.3.6.1.4.1.45606.3.1.20 id-carillon_AIVHardware 1.3.6.1.4.1.45606.3.1.22 id-carillon_AIVContentSigning ######## Carillon Information Security ######## #CERTIFICATE POLICY OID DESCRIPTIVE NAME 1.3.6.1.4.1.25054.3.1.12 id-mediumHardware-256 1.3.6.1.4.1.25054.3.1.14 id-mediumDeviceHardware-256 1.3.6.1.4.1.25054.3.1.20 id-iceCAPHardware 1.3.6.1.4.1.25054.3.1.22 id-iceCAPContentSigning ######## CertiPath Bridge ######## #CERTIFICATE POLICY OID DESCRIPTIVE NAME 1.3.6.1.4.1.24019.1.1.1.2 id-certipath-mediumHardware 1.3.6.1.4.1.24019.1.1.1.3 id-certipath-highHardware 1.3.6.1.4.1.24019.1.1.1.7 id-IceCAP-hardware 1.3.6.1.4.1.24019.1.1.1.9 id-IceCAP-contentSigning 1.3.6.1.4.1.24019.1.1.1.18 id-certipath-variant-mediumHardware 1.3.6.1.4.1.24019.1.1.1.19 id-certipath-variant-highHardware ######## TSCP Bridge ######## #CERTIFICATE POLICY OID DESCRIPTIVE NAME 1.3.6.1.4.1.38099.1.1.1.2 id-tscp-MediumHardware 1.3.6.1.4.1.38099.1.1.1.5 id-tscp-PIVI 1.3.6.1.4.1.38099.1.1.1.7 id-tscp-PIVI-ContentSigning ######## DigiCert NFI PKI Assurance Levels ######## #CERTIFICATE POLICY OID DESCRIPTIVE NAME 2.16.840.1.113733.1.7.23.3.1.7 Non-Federal SSP MediumHardware 2.16.840.1.113733.1.7.23.3.1.13 Non-Federal SSP Auth (no longer issued, found in legacy certificates only) 2.16.840.1.113733.1.7.23.3.1.18 Non-Federal SSP PIV-I Hardware 2.16.840.1.113733.1.7.23.3.1.20 Non-Federal SSP PIV-I contentSigning 2.16.840.1.113733.1.7.23.3.1.36 Non-Federal SSP mediumDevicesHardware ######## Entrust Managed Services NFI PKI Assurance Levels ######## #CERTIFICATE POLICY OID DESCRIPTIVE NAME 2.16.840.1.114027.200.3.10.7.2 id-emspki-nfssp-medium-hardware 2.16.840.1.114027.200.3.10.7.4 id-emspki-nfssp-mediumauthentication 2.16.840.1.114027.200.3.10.7.6 id-emspki-nfssp-pivi-hardware 2.16.840.1.114027.200.3.10.7.9 id-emspki-nfssp-pivi-contentsigning 2.16.840.1.114027.200.3.10.7.13 id-emspki-nfssp-pivi-cardAuth 2.16.840.1.114027.200.3.10.7.16 id-emspki-nfssp-medium-devicesHW ######## Exostar LLC PKI Assurance Levels ######## #CERTIFICATE POLICY OID DESCRIPTIVE NAME 1.3.6.1.4.1.13948.1.1.1.6 id-exostar-mediumHardware-sha2 ######## IdenTrust NFI Assurance Levels ######## #CERTIFICATE POLICY OID DESCRIPTIVE NAME 2.16.840.1.113839.0.100.12.1 id-igc-MediumHardware-SigningCertificate 2.16.840.1.113839.0.100.12.2 id-igc-MediumHardware-EncryptionCertificate 2.16.840.1.113839.0.100.18.0 id-igc-pivi-hardware-identity 2.16.840.1.113839.0.100.18.1 id-igc-pivi-hardware-signing 2.16.840.1.113839.0.100.18.2 id-igc-pivi-hardware-encryption 2.16.840.1.113839.0.100.20.1 id-igc-pivi-contentSigning ######## Lockheed Martin PKI Assurance Levels ######## #CERTIFICATE POLICY OID DESCRIPTIVE NAME 1.3.6.1.4.1.103.100.1.1.3.3 Medium Assurance Hardware Certificate ######## Northrop Grumman PKI Assurance Levels ######## #CERTIFICATE POLICY OID DESCRIPTIVE NAME 1.3.6.1.4.1.16334.509.2.8 Northrop Grumman Medium Assurance-256 Hardware Token 1.3.6.1.4.1.16334.509.2.9 Northrop Grumman PIV-I Assurance-256 Hardware Token 1.3.6.1.4.1.16334.509.2.11 Northrop Grumman PIV-I Assurance-256 Content Signing 1.3.6.1.4.1.16334.509.2.14 Northrop Grumman Medium Assurance-384 Hardware Token ######## Raytheon PKI Assurance Levels ######## #CERTIFICATE POLICY OID DESCRIPTIVE NAME 1.3.6.1.4.1.1569.10.1.12 id-raytheon-mediumHardware 1.3.6.1.4.1.1569.10.1.18 id-raytheon-medium-device-Hardware 1.3.6.1.4.1.26769.10.1.12 id-raytheon-SHA2-mediumHardware 1.3.6.1.4.1.26769.10.1.18 id-raytheon-SHA2-medium-device-Hardware ######## WidePoint NFI PKI Assurance Levels ######## #CERTIFICATE POLICY OID DESCRIPTIVE NAME 1.3.6.1.4.1.3922.1.1.1.12 id-orc-nfissp-mediumhardware 1.3.6.1.4.1.3922.1.1.1.18 id-orc-nfissp-pivi-hardware 1.3.6.1.4.1.3922.1.1.1.20 id-orc-nfissp-pivi-contentSigning 1.3.6.1.4.1.3922.1.1.1.38 id-orc-nfissp-mediumDevicesHardware ######## Australian Defence Organisation PKI Assurance Levels ######## #CERTIFICATE POLICY OID DESCRIPTIVE NAME 1.2.36.1.334.1.2.1.2 ADO Individual Medium Assurance 1.2.36.1.334.1.2.1.3 ADO Individual High Assurance 1.2.36.1.334.1.2.2.2 ADO Resource Medium Assurance ######## Netherlands Ministry of Defence PKI Assurance Levels ######## CERTIFICATE POLICY OID DESCRIPTIVE NAME 2.16.528.1.1003.1.2.5.1 NL MoD Authenticity 2.16.528.1.1003.1.2.5.2 NL MoD Irrefutability/signature 2.16.528.1.1003.1.2.5.3 NL MoD Confidentiality ######## UNCLASSIFIED ########