Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Computer Security Objects Register CSOR

Public Key Infrastructure (PKI) Registration

The CSOR has allocated the following registration branch for Public Key Infrastructure (PKI) objects:

csor-pki ::= {joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) csor(3) pki(2)}

Policies OIDs are allocated in the following arc:

csor-certpolicy ::= { csor-pki 1 }

For agencies requesting a new policy OID, please send email with OID name, associated document and point of contact information.

Additional information on Federal PKI activities is available at:  https://www.idmanagement.gov/fpki


August 2020: The ACES project is no longer active.

There are no objects registered to support the ACES project. The first object is an arc for ACES policies. These objects define an arc for policies associated with the GSA ACES project.

-- the ACES policy arcaces OBJECT IDENTIFIER ::= { csor-certpolicy 1 }

-- the aces policy OIDs

2.16.840.1.101.3.2.1.1.1 aces-ca
Obsolete as of August 2020
2.16.840.1.101.3.2.1.1.2 aces-identity
Obsolete as of August 2020
2.16.840.1.101.3.2.1.1.3 aces-business-rep
Obsolete as of August 2020
2.16.840.1.101.3.2.1.1.4 aces-relying-party
Obsolete as of December 2015
2.16.840.1.101.3.2.1.1.5 aces-SSL
Obsolete as of August 2020
2.16.840.1.101.3.2.1.1.6 aces-fed-employee
Obsolete as of December 2015
2.16.840.1.101.3.2.1.1.7 aces-fed-employee-hw
Obsolete as of December 2015

Three objects have been registered to support the Citizen and Commerce policies for PKI. The first object is an arc for the Citizen and Commerce policies.

-- the Citizen and Commerce policy arc
citizen-and-commerce-policies OBJECT IDENTIFIER ::= { csor-certpolicy 14}

-- the citizen-and-commerce policy OIDS

The following two policies are defined in the "Citizen and Commerce Certificate Policy" document.

2.16.840.1.101.3.2.1.14.1 citizen-and-commerce-provisional
2.16.840.1.101.3.2.1.14.2 citizen-and-commerce-approved

This arc is maintained by CNSS. The first object is an arc for the CNSS policies.

-- the CNSS policy arc
id-cnss-policies OBJECT IDENTIFIER ::= { csor-certpolicy 21}

The OIDs assigned by this agency can be found in the Instruction for National Security Systems PKI X.509 Certificate Policy.

Two objects have been assigned to support the Commodity Futures Trading Commission policies for PKI. The first object is an arc for the CFTC policies.

-- the CFTC policy arc
id-cftc-policies OBJECT IDENTIFIER ::= { csor-certpolicy 26}

-- the cftc policy OIDS

The following OID is to be defined in the "United States Commodity Futures Trading Commission Certificate Authority Certificate Policy" (CP). This document is not publicly available at this time.

2.16.840.1.101.3.2.1.26.1 id-us-cftc-cp

Five objects have been registered to support the Department of Energy policies for PKI. The first object is an arc for DOE policies.

-- the DOE policy arcdoe-policies OBJECT IDENTIFIER ::= { csor-certpolicy 10}

-- the doe policy OIDS

The following three policies are defined in the "Certificate Policy CP-1 for DOE Public Key Certificates in Unclassified".

2.16.840.1.101.3.2.1.10.1 doe-basic
2.16.840.1.101.3.2.1.10.2 doe-medium
2.16.840.1.101.3.2.1.10.3 doe-high

The policy below is defined in the "U.S. Department of Energy Public Key Infrastructure X.509 Certificate Policy" document.

2.16.840.1.101.3.2.1.10.4 doe-medium-v2

Twenty-nine objects have been registered to support the Department of Homeland Security policies for PKI. The first object is an arc for the DHS policies.

dhs-policies OBJECT IDENTIFIER ::= { csor-certpolicy 15}

The following arc is reserved for private DHS certificate content and PKI-protected message formats:

2.16.840.1.101.3.2.1.15.0 id-dhs-pkiObjects

The following OID is defined for use in the extended key usage extension:

2.16.840.1.101.3.2.1.15.0.1

id-dhs-USVISITsigner

The following OID is assigned to the ASN.1 module that defines the eContentTypes and value for the extendedKeyUsage extension:

2.16.840.1.101.3.2.1.15.0.2

id-dhs-MRTDValidationV4

The following OIDs are assigned to DHS eContentTypes for use with Cryptographic Message Syntax object formats:

2.16.840.1.101.3.2.1.15.0.3

id-dhs-ValidationList

2.16.840.1.101.3.2.1.15.0.4

id-dhs-CertStatus

2.16.840.1.101.3.2.1.15.0.5

id-dhs-CountryStatus

The following seven policies are defined within the "X.509 Certificate Policy for the Department of Homeland Security Public Key Infrastructure" document.

2.16.840.1.101.3.2.1.15.1 id-dhs-certpcy-rudimentary
2.16.840.1.101.3.2.1.15.2 id-dhs-certpcy-basic
2.16.840.1.101.3.2.1.15.3 id-dhs-certpcy-medium
2.16.840.1.101.3.2.1.15.4 id-dhs-certpcy-high
2.16.840.1.101.3.2.1.15.5 id-dhs-certpcy-mediumHardware
2.16.840.1.101.3.2.1.15.6 id-dhs-certpcy-cardAuth
2.16.840.1.101.3.2.1.15.7 id-dhs-certpcy-internalBasic

The following policy was defined within the "Department of Homeland Security Public Key Infrastructure X.509 Internal Use Non Person Entity Certificate Policy” document:

2.16.840.1.101.3.2.1.15.8

id-dhs-certpcy-internalNpe

The following policy has been defined by the Department of Homeland Security for use in the Homeland Secure Data Network (HSDN) Mobile Access Capability (MAC) PKI. This policy will be asserted within all certificates issued by the HSDN MAC CA and are intended to be used with the initial pilot and eventual production implementation permitting remote access to HSDN.

2.16.840.1.101.3.2.1.15.9

id-dhs-certpcy-HSDNMACMediumDevice

The following four policies are defined by the Department of Homeland Security for use in the Homeland Secure Data Network (HSDN) PKI. This PKI is for internal DHS use only and will not have any non-DHS relying parties.

2.16.840.1.101.3.2.1.15.10 id-dhs-certpcy-HSDNMediumDevice
2.16.840.1.101.3.2.1.15.11 id-dhs-certpcy-HSDNMediumHuman
2.16.840.1.101.3.2.1.15.12 id-dhs-certpcy-HSDNMediumHumanDerived
2.16.840.1.101.3.2.1.15.13 id-dhs-certpcy-HSDNCodeSigning

The following policy is defined within the "Department of Homeland Security DHS Enterprise Non-Person Entity (ENPE) Public Key Infrastructure (PKI) Certificate Policy (CP)” document:

2.16.840.1.101.3.2.1.15.20

id-dhs-certpcy-enterpriseNpe

The following seven test policies are defined within the "X.509 Certificate Policy for the Department of Homeland Security Public Key Infrastructure" document to support pilots and testing. These policies should never be inserted in "real" certificates, and no relying party should ever accept such a certificate to implement security services in a "real" application!

2.16.840.1.101.3.2.1.15.31 id-dhs-certpcy-testRudimentary
2.16.840.1.101.3.2.1.15.32 id-dhs-certpcy-testBasic
2.16.840.1.101.3.2.1.15.33 id-dhs-certpcy-testMedium
2.16.840.1.101.3.2.1.15.34 id-dhs-certpcy-testHigh
2.16.840.1.101.3.2.1.15.35 id-dhs-certpcy-testMediumHardware
2.16.840.1.101.3.2.1.15.36 id-dhs-certpcy-testCardAuth
2.16.840.1.101.3.2.1.15.37 id-dhs-certpcy-testInternalBasic

The following test policy was defined within the "Department of Homeland Security Public Key Infrastructure X.509 Internal Use Non Person Entity Certificate Policy” document to support pilots and testing. This policy should never be inserted in "real" certificates, and no relying party should ever accept such a certificate to implement security services in a "real" application!:

2.16.840.1.101.3.2.1.15.38

id-dhs-certpcy-testInternalNpe

Three objects have been registered to support the Department of Interior policies for PKI. The first object is an arc for the DOI policies.

-- the DOI policy arc
id-doi-policies OBJECT IDENTIFIER ::= { csor-certpolicy 19}

-- the doi policy OIDS

These OIDs have been assigned to this agency; however, we do not have the agency Certificate Profile associated with these OIDs.

2.16.840.1.101.3.2.1.19.1 id-doi-basic
2.16.840.1.101.3.2.1.19.2 id-doi-medium

Fifteen objects have been registered to support the Department of Justice policies for PKI. The first object is an arc for the DOJ policies.

-- the DOJ policy arc
id-doj-policies OBJECT IDENTIFIER ::= { csor-certpolicy 16}

-- the doj policy OIDS

The following five policies are defined in the "Department of Justice Public Key Infrastructure X.509 Certificate Policy" document.

2.16.840.1.101.3.2.1.16.1 id-doj-Class1
2.16.840.1.101.3.2.1.16.2 id-doj-Class2
2.16.840.1.101.3.2.1.16.3 id-doj-Class3
2.16.840.1.101.3.2.1.16.4 id-doj-Class4
2.16.840.1.101.3.2.1.16.5 id-doj-Class5

The following two policies are defined in the "X.509 Certificate Policy for the Federal Bureau of Investigation Public Key Infrastructure.

2.16.840.1.101.3.2.1.16.6.1 id-fbi-mediumAssurance
2.16.840.1.101.3.2.1.16.6.2 id-fbi-highAssurance

The following seven policies will be defined in a FBI/CJIS Division Certificate Policy (unavailable)

2.16.840.1.101.3.2.1.16.6.3 id-fbi-cjis-basic-individual
2.16.840.1.101.3.2.1.16.6.4 id-fbi-cjis-basic-organizational
2.16.840.1.101.3.2.1.16.6.5 id-fbi-cjis-medium
2.16.840.1.101.3.2.1.16.6.6 id-fbi-cjis-mediumSW
2.16.840.1.101.3.2.1.16.6.7 id-fbi-cjismediumHW
2.16.840.1.101.3.2.1.16.6.8 id-fbi-cjis-mediumDevice
2.16.840.1.101.3.2.1.16.6.9 id-fbi-cjis-high

Three objects have been registered to support the Department of Labor policies for PKI. The first object is an arc for DOL policies.

-- the DOL policy arc
dol-policies OBJECT IDENTIFIER ::= { csor-certpolicy 11}

-- the dol policy OIDS

These OIDs have been assigned to this agency; however, we do not have the agency Certificate Profile associated with these OIDs.

2.16.840.1.101.3.2.1.11.1 dol-basic
2.16.840.1.101.3.2.1.11.2 dol-medium

Three objects have been registered to support the DEA PKI. The first object is an arc for DEA policies.

-- the DEA policy arcdea-policies OBJECT IDENTIFIER ::= { csor-certpolicy 9}

-- the dea policy OIDS

The following policies have been assigned to this agency; however, we do not have the agency Certificate Profile associated with these OIDs.

2.16.840.1.101.3.2.1.9.1 dea-csos-cp
2.16.840.1.101.3.2.1.9.2 dea-epcs-policy

Eleven objects have been registered to support the ECA policies for PKI. The first object is an arc for ECA policies.

-- the ECA policy arc
eca-policies OBJECT IDENTIFIER ::= { csor-certpolicy 12}

-- the eca policy OIDS

The following policies are defined in the "United States Department of Defense External Certification Authority X.509 Certificate Policy"

2.16.840.1.101.3.2.1.12.1 id-eca-medium
2.16.840.1.101.3.2.1.12.3 id-eca-medium-token
2.16.840.1.101.3.2.1.12.2 id-eca-medium-hardware
2.16.840.1.101.3.2.1.12.4 id-eca-medium-sha256
2.16.840.1.101.3.2.1.12.5 id-eca-medium-token-sha256
2.16.840.1.101.3.2.1.12.6 id-eca-medium-hardware-pivi
2.16.840.1.101.3.2.1.12.7 id-eca-cardauth-pivi
2.16.840.1.101.3.2.1.12.8 id-eca-contentsigning-pivi
2.16.840.1.101.3.2.1.12.9 id-eca-medium-device-sha256
2.16.840.1.101.3.2.1.12.10 id-eca-medium-hardware-sha256

Five objects have been registered to support the Federal Deposit Insurance Corporation PKI. The first object is an arc for FDIC policies.

-- the FDIC policy arcfdic-policies OBJECT IDENTIFIER ::= { csor-certpolicy 7 }

-- the fdic policy OIDs

The following four policies can be defined in the "Certificate Policy for the Federal Deposit Insurance Corporation" document. (This document is currently not publicly available.)

2.16.840.1.101.3.2.1.7.1 fdic-basic
2.16.840.1.101.3.2.1.7.2 fdic-low
2.16.840.1.101.3.2.1.7.3 fdic-moderate
2.16.840.1.101.3.2.1.7.4 fdic-high

Six objects have been registered to support the Federal Energy Regulatory Commission policies for PKI. The first object is an arc for the FERC policies.

-- the FERC policy arc
id-ferc-policies OBJECT IDENTIFIER ::= { csor-certpolicy 22}

-- the ferc policy OIDS

These OIDs have been assigned to this agency; however, the Certificate Policy is not publicly available.

2.16.840.1.101.3.2.1.22.1 id-ferc-Test
2.16.840.1.101.3.2.1.22.2 id-ferc-Basic
2.16.840.1.101.3.2.1.22.3 id-ferc-Medium
2.16.840.1.101.3.2.1.22.4 id-ferc-Medium-Hardware
2.16.840.1.101.3.2.1.22.5 id-ferc-High

Forty-eight objects have been registered to support the Federal PKI Policy Authority. The first object is an arc for FPKIPA policies;

-- the FPKIPA policy arcfbca-policies OBJECT IDENTIFIER ::= { csor-certpolicy 3 }

-- the fpkipa policy OIDs

The polices below are defined by the FBCA Certificate Policy which is available at the FPKI Program page

2.16.840.1.101.3.2.1.3.1 id-fpki-certpcy-rudimentaryAssurance
2.16.840.1.101.3.2.1.3.2 id-fpki-certpcy-basicAssurance
2.16.840.1.101.3.2.1.3.3 id-fpki-certpcy-mediumAssurance
2.16.840.1.101.3.2.1.3.4 id-fpki-certpcy-highAssurance
2.16.840.1.101.3.2.1.3.5 id-fpki-certpcy-testAssurance
2.16.840.1.101.3.2.1.3.12 id-fpki-certpcy-mediumHardware
2.16.840.1.101.3.2.1.3.14 id-fpki-certpcy-medium-CBP
2.16.840.1.101.3.2.1.3.15 id-fpki-certpcy-mediumHW-CBP
2.16.840.1.101.3.2.1.3.18 id-fpki-certpcy-pivi-hardware
2.16.840.1.101.3.2.1.3.19 id-fpki-certpcy-pivi-cardAuth
2.16.840.1.101.3.2.1.3.20 id-fpki-certpcy-pivi-contentSigning
2.16.840.1.101.3.2.1.3.21

id-fpki-SHA1-medium-CBP
retired as of December 2019

2.16.840.1.101.3.2.1.3.22 id-fpki-SHA1-mediumHW-CBP
retired as of December 2019
2.16.840.1.101.3.2.1.3.23 id-fpki-SHA1-policy
retired as of December 2019
2.16.840.1.101.3.2.1.3.24 id-fpki-SHA1-hardware
retired as of December 2019
2.16.840.1.101.3.2.1.3.25 id-fpki-SHA1-devices
retired as of December 2019
2.16.840.1.101.3.2.1.3.37 id-fpki-certpcy-mediumDevice
2.16.840.1.101.3.2.1.3.38 id-fpki-certpcy-mediumDeviceHardware

The policies below are defined in the X.509 Certificate Policy for the Common Policy Framework which is available at the FPKI Program page

2.16.840.1.101.3.2.1.3.6 id-fpki-common-policy
2.16.840.1.101.3.2.1.3.7 id-fpki-common-hardware
2.16.840.1.101.3.2.1.3.8 id-fpki-common-devices
2.16.840.1.101.3.2.1.3.13 id-fpki-common-authentication
2.16.840.1.101.3.2.1.3.16 id-fpki-common-high
2.16.840.1.101.3.2.1.3.17 id-fpki-common-cardAuth
2.16.840.1.101.3.2.1.3.26 id-fpki-SHA1-authentication
Obsolete as of 12/31/2013
2.16.840.1.101.3.2.1.3.27 id-fpki-SHA1-cardAuth
Obsolete as of 12/31/2013
2.16.840.1.101.3.2.1.3.36 id-fpki-common-devicesHardware
2.16.840.1.101.3.2.1.3.39 id-fpki-common-piv-contentSigning
2.16.840.1.101.3.2.1.3.40 id-fpki-common-derived-pivAuth
2.16.840.1.101.3.2.1.3.41 id-fpki-common-derived-pivAuth-hardware
2.16.840.1.101.3.2.1.3.42 id-fpki-common-public-trusted-serverAuth
2.16.840.1.101.3.2.1.3.45 id-fpki-common-pivi-authentication
2.16.840.1.101.3.2.1.3.46 id-fpki-common-pivi-cardAuth
2.16.840.1.101.3.2.1.3.47 id-fpki-common-pivi-contentSigning

The policies below are defined in X.509 Certificate Policy for the E-Governance Certification Authority. This document is currently not available. 

2.16.840.1.101.3.2.1.3.9 id-eGov-Level1
2.16.840.1.101.3.2.1.3.10 id-eGov-Level2
2.16.840.1.101.3.2.1.3.11 id-eGov-Applications
2.16.840.1.101.3.2.1.3.28 id-eGov-Level1-IdP
2.16.840.1.101.3.2.1.3.29 id-eGov-Level2-IdP
2.16.840.1.101.3.2.1.3.30 id-eGov-Level3-IdP
2.16.840.1.101.3.2.1.3.31 id-eGov-Level4-IdP
2.16.840.1.101.3.2.1.3.32 id-eGov-BAE-Broker
2.16.840.1.101.3.2.1.3.33 id-eGov-RelyingParty
2.16.840.1.101.3.2.1.3.34 id-eGov-MetaSigner
2.16.840.1.101.3.2.1.3.35 id-eGov-MetaSigner-Hardware

The policies below are defined in the Federal Public Trust Device Certificate Policy. This document is currently not available.

2.16.840.1.101.3.2.1.3.43 id-fpki-pubtrust-tls-dv
2.16.840.1.101.3.2.1.3.44 id-fpki-pubtrust-tls-ov

Thirteen objects have been registered to support the Food and Drug Administration policies for PKI. The first object is an arc for FDA policies.

id-ORApki-policies OBJECT IDENTIFIER ::= { csor-certpolicy 13}

The following policy is defined in the "X.509 Certificate Policy for the Food and Drug Administration (FDA) Office"

2.16.840.1.101.3.2.1.13.1 id-ORApki-assurance-test
2.16.840.1.101.3.2.1.13.2 id-ORApki-assurance-basic
2.16.840.1.101.3.2.1.13.3 id-ORApki-assurance-medium
2.16.840.1.101.3.2.1.13.4 id-ORApki-assurance-high

The following objects have been assigned to this agency and are defined in the "HHS Public Key Infrastructure X.509 Certificate Policy for HHS Domain Devices, Ver. 1.5"

2.16.840.1.101.3.2.1.13.5 id-pki-HHSdomains
2.16.840.1.101.3.2.1.13.5.1 id-HHSdomains-LoA
2.16.840.1.101.3.2.1.13.5.1.1 id-HHSdomains-assurance-basic
2.16.840.1.101.3.2.1.13.5.1.2 id-HHSdomains-assurance-high
2.16.840.1.101.3.2.1.13.5.2 id-HHSdomains-OPDIVpolicies
2.16.840.1.101.3.2.1.13.5.2.1 id-pki-IHSdomains
2.16.840.1.101.3.2.1.13.5.2.2 id-pki-NIHdomains
2.16.840.1.101.3.2.1.13.5.2.3 id-pki-FDAdomains

Six objects have been registered to support the Government Printing Office policies for PKI. The first object is an arc for the GPO policies.

-- the GPO policy arc
id-gpo-policies OBJECT IDENTIFIER ::= { csor-certpolicy 17}

-- the gpo policy OIDS

The following policies are defined in the "X.509 Certificate Policy for the Government Printing Office Certification Authority".

2.16.840.1.101.3.2.1.17.1 id-gpo-medium
2.16.840.1.101.3.2.1.17.2 id-gpo-medium-hardware
2.16.840.1.101.3.2.1.17.3 id-gpo-certpcy-devices
2.16.840.1.101.3.2.1.17.4 id-gpo-certpcy-authentication
2.16.840.1.101.3.2.1.17.5 id-gpo-certpcy-cardAuth

Four objects have been registered to support the USDA and NFC PKI. The first object is an arc for USDA-NFC policies.

-- the NFC policy arcnfc-policies OBJECT IDENTIFIER ::= { csor-certpolicy 8}

-- the nfc policy OIDS

The following three policies are defined in the "United States Department of Agriculture and National Finance Center Public Key Infrastructure Certificate Policy."

2.16.840.1.101.3.2.1.8.1 nfc-basicAssurance
2.16.840.1.101.3.2.1.8.2 nfc-mediumAssurance
2.16.840.1.101.3.2.1.8.3 nfc-highAssurance

Two objects have been registered with the National Institute of Standards and Technology PKI policies. The first object is an arc for NIST policies.

-- the NIST policy arcnist-policies OBJECT IDENTIFIER ::= { csor-certpolicy 4 }

-- the nist policy OIDs

The following policy is defined in the document: "Basic Level NIST Certificate Policy".

2.16.840.1.101.3.2.1.4.1 nist-cp1

This arc is maintained by NNPP. The first object is an arc for the NNPP policies.

-- the NNPP policy arc
id-nnpp-policies OBJECT IDENTIFIER ::= { csor-certpolicy 25}

The OIDs assigned by this agency are documented in a Certificate Policy that is not publicly accessible.

Three objects have been registered to support the Nuclear Regulatory Commission policies for PKI. The first object is an arc for the NRC policies.

-- the NRC policy arc
id-nrc-policies OBJECT IDENTIFIER ::= { csor-certpolicy 18}

-- the nrc policy OIDS

The following policy are defined in the "U.S. Nuclear Regulatory Commission Certificate Policy for Level 3 Assurance Addendum to the VTN CP" document (not publicly available).

2.16.840.1.101.3.2.1.18.1 id-nrc-level3

The following policy are defined in the "U.S. Nuclear Regulatory Commission Certificate Policy for Level 2 Assurance Addendum to the VTN CP" document (not publicly available).

2.16.840.1.101.3.2.1.18.2 id-nrc-level2

Ten objects have been registered to support the U.S. State Department PKI. The first object is an arc for State Department policies.

-- the State policy arc
state-policies OBJECT IDENTIFIER ::= { csor-certpolicy 6 }

-- the state policy OIDs

The following objects are defined in the "United States Department of State X.509 Certificate Policy".(This document is currently not publicly available.)

2.16.840.1.101.3.2.1.6.1 state-basic
2.16.840.1.101.3.2.1.6.2 state-low
2.16.840.1.101.3.2.1.6.3 state-moderate
2.16.840.1.101.3.2.1.6.4 state-high

The following objects have been assigned to this agency; however, we do not have the agency Certificate Profile associated with this OID.

2.16.840.1.101.3.2.1.6.12 state-certpcy-mediumHardware
2.16.840.1.101.3.2.1.6.14 state-certpcy-citizen-and-commerce
2.16.840.1.101.3.2.1.6.37 state-certpcy-mediumDevice
2.16.840.1.101.3.2.1.6.38 state-certpcy-mediumDeviceHardware

The following object is defined in the "Machine Readable Travel Document (MRTD) PKI X.509 Certificate Policy Version 1.1". (This document is currently not publicly available.)

2.16.840.1.101.3.2.1.6.100 state-mrtd

Four objects have been registered to support the U.S. Agency for International Development policies for PKI. The first object is an arc for the USAID policies.

-- the USAID policy arc
id-usaid-policies OBJECT IDENTIFIER ::= { csor-certpolicy 23}

-- the usaid policy OIDS

These OIDs have been assigned to this agency; however, the Certificate Policy is not publicly available.

2.16.840.1.101.3.2.1.23.1 id-usaid-basic
2.16.840.1.101.3.2.1.23.2 id-usaid-medium
2.16.840.1.101.3.2.1.23.3 id-usaid-device-medium-hardware

Three objects have been registered to support the U.S. Army Central Command's (USARCENT) PKI. The first object is an arc for USARCENT policies.

-- the USARCENT policy arc
id-usarcent-policies OBJECT IDENTIFIER ::= { csor-certpolicy 27 }

-- the usarcent policy OIDs

The following objects will be defined in the X.509 Certificate Policy for United States Army Central Command (USARCENT) [the policy is currently unavailable].

2.16.840.1.101.3.2.1.27.1 id-usarcent-basic
2.16.840.1.101.3.2.1.27.2 id-usarcent-medium

Four objects have been registered to support the U.S. Army Special Operations Command policies for PKI. The first object is an arc for the USASOC policies.

-- the USASOC policy arc
id-usasoc-policies OBJECT IDENTIFIER ::= { csor-certpolicy 28}

-- the usasoc-policy OIDS

These OIDs have been assigned to this agency; however, the Certificate Policy is still in development and will be internal to the agency.

2.16.840.1.101.3.2.1.28.1 id-usasoc-basic
2.16.840.1.101.3.2.1.28.2 id-usasoc-medium
2.16.840.1.101.3.2.1.28.3 id-usasoc-high

Seven objects have been registered to support the U.S. Citizenship and Immigration Services policies for PKI. The first object is an arc for the USCIS policies.

-- the USCIS policy arc
id-uscis-policies OBJECT IDENTIFIER ::= { csor-certpolicy 29}

-- the uscis-policy OIDS

These OIDs have been assigned to this agency; however, the Certificate Policy is still in development.

2.16.840.1.101.3.2.1.29.1 id-uscis-basic
2.16.840.1.101.3.2.1.29.2 id-uscis-medium
2.16.840.1.101.3.2.1.29.3 id-uscis-high
The following three test policies are defined within the "XXXX” document to support pilots and testing. This policy should never be inserted in "real" certificates, and no relying party should ever accept such a certificate to implement security services in a "real" application!
2.16.840.1.101.3.2.1.29.15 id-uscis-testbasic
2.16.840.1.101.3.2.1.29.16 id-uscis-testmedium
2.16.840.1.101.3.2.1.29.17 id-uscis-testhigh

There are thirteen policies registered with the U.S. Patent and Trademark Office. The first object is an arc for PTO policies. These OIDs have been assigned to this agency; however, we do not have the agency Certificate Profile associated with these OIDs.

-- the PTO policy arcpto-policies OBJECT IDENTIFIER ::= { csor-certpolicy 2 }

-- the pto policy OIDs

2.16.840.1.101.3.2.1.2.1 pto-registered-practitioner
2.16.840.1.101.3.2.1.2.2 pto-inventor
2.16.840.1.101.3.2.1.2.3 pto-practitioner-employee
2.16.840.1.101.3.2.1.2.4 pto-basic
2.16.840.1.101.3.2.1.2.5 pto-service-provider
2.16.840.1.101.3.2.1.2.6 pto-service-provider-registrar

The following policies are defined in the document: "Certificate Policy for the U.S. Patent and Trademark Office".

2.16.840.1.101.3.2.1.2.7 pto-basic-2003
2.16.840.1.101.3.2.1.2.8 pto-medium-2003
2.16.840.1.101.3.2.1.2.9 id-pto-mediumHardware
2.16.840.1.101.3.2.1.2.10 id-pto-cardAuth
2.16.840.1.101.3.2.1.2.11 id-pto-mediumDevice
2.16.840.1.101.3.2.1.2.12 id-pto-mediumDeviceHardware
2.16.840.1.101.3.2.1.2.13 id-pto-basicDevice

Nineteen objects have been registered to support the U.S. Postal Service policies for PKI. The first object is an arc for the USPS policies.

-- the USPS policy arc
id-usps-policies OBJECT IDENTIFIER ::= { csor-certpolicy 20}

-- the usps policy OIDS

These OIDs have been assigned to this agency; however, the Certificate Policy is still in draft format.

2.16.840.1.101.3.2.1.20.1 id-usps-certpcy-rudimentaryAssurance
2.16.840.1.101.3.2.1.20.2 id-usps-certpcy-basicAssurance
2.16.840.1.101.3.2.1.20.3 id-usps-certpcy-mediumAssurance
2.16.840.1.101.3.2.1.20.12 id-usps-certpcy-mediumHardware
2.16.840.1.101.3.2.1.20.18 id-usps-certpcy-pivi-hardware
2.16.840.1.101.3.2.1.20.19 id-usps-certpcy-pivi-cardAuth
2.16.840.1.101.3.2.1.20.20 id-usps-certpcy-pivi-contentSigning
2.16.840.1.101.3.2.1.20.37 id-usps-certpcy-mediumDevice
2.16.840.1.101.3.2.1.20.38 id-usps-certpcy-mediumDeviceHardware

The following OIDs have been assigned to this agency as Test OIDs to mirror the above.

2.16.840.1.101.3.2.1.20.4.1 id-usps-Testcertpcy-rudimentaryAssurance
2.16.840.1.101.3.2.1.20.4.2 id-usps-Testcertpcy-basicAssurance
2.16.840.1.101.3.2.1.20.4.3 id-usps-Testcertpcy-mediumAssurance
2.16.840.1.101.3.2.1.20.4.12 id-usps-Testcertpcy-mediumHardware
2.16.840.1.101.3.2.1.20.4.18 id-usps-Testcertpcy-pivi-hardware
2.16.840.1.101.3.2.1.20.4.19 id-usps-Testcertpcy-pivi-cardAuth
2.16.840.1.101.3.2.1.20.4.20 id-usps-Testcertpcy-pivi-contentSigning
2.16.840.1.101.3.2.1.20.4.37 id-usps-Testcertpcy-mediumDevice
2.16.840.1.101.3.2.1.20.4.38 id-usps-Testcertpcy-mediumDeviceHardware

Three objects have been registered to support the U.S. Special Operations Command policies for PKI. The first object is an arc for the USSOCOM policies.

-- the USSOCOM policy arc
id-ussocom-policies OBJECT IDENTIFIER ::= { csor-certpolicy 24}

-- the ussocom policy OIDS

The following policies are defined in X.509 Certificate Policy for United States Special Operations Command (USSOCOM)

2.16.840.1.101.3.2.1.24.1 id-ussocom-basic
2.16.840.1.101.3.2.1.24.2 id-ussocom-medium

Seventeen objects have been registered to support the U.S. Treasury Department's PKI. The first object is an arc for Treasury policies.

-- the Treasury policy arctreasury-policies OBJECT IDENTIFIER ::= { csor-certpolicy 5 }

-- the treasury policy OIDs

The following object is the FMS PKI policy. The FMS policy is defined in Certificate Policy CP-1 for FMS Public Key Certificates in Unclassified Environments (draft).

2.16.840.1.101.3.2.1.5.1 treasury-cp1

The following 9 policies will be defined in the US Treasury PKI X.509 Certificate Policy.

2.16.840.1.101.3.2.1.5.2 id-treasury-certpcy-rudimentary
2.16.840.1.101.3.2.1.5.3 id-treasury-certpcy-basicindividual
2.16.840.1.101.3.2.1.5.8 id-treasury-certpcy-basicorganizational
2.16.840.1.101.3.2.1.5.7 id-treasury-certpcy-medium
2.16.840.1.101.3.2.1.5.4 id-treasury-certpcy-mediumhardware
2.16.840.1.101.3.2.1.5.5 id-treasury-certpcy-high
2.16.840.1.101.3.2.1.5.10 id-treasury-certpcy-pivi-hardware
2.16.840.1.101.3.2.1.5.11 id-treasury-certpcy-pivi-cardAuth
2.16.840.1.101.3.2.1.5.12 id-treasury-certpcy-pivi-contentSigning

The following policy is defined in the "Certificate Policy for the Internal Revenue Service (IRS) Secure Messaging" document.

2.16.840.1.101.3.2.1.5.6 id-US-IRS-Securemail

The following policies have been assigned to this agency; however, we do not have the agency Certificate Profile associated with these policies.

2.16.840.1.101.3.2.1.5.9 id-treacertpcy-internalnpe
2.16.840.1.101.3.2.1.5.13 id-treasury-certpcy-personDeviceAuth
2.16.840.1.101.3.2.1.5.14 id-treasury-certpcy-internalperson
The following policies will be defined in the "The Department of the Treasury Internal Public Key Infrastructure (PKI) X.509 Certificate Policy" which is not publicly available.
2.16.840.1.101.3.2.1.5.15

id-treasury-certpcy-internal-contentSigning

2.16.840.1.101.3.2.1.5.16

id-treasury-certpcy-internal-pacsTemporary

There are 257 objects registered to support PKI pilots and testing. These objects define an arc for policies associated and 256 distinct policies. These policies should never be inserted in "real" certificates, and no relying party should ever accept such a certificate to implement security services in a "real" application! Note that the 256 policies are all equivalent and are defined within the "Test Certificate Policy to Support PKI Pilots and Testing" document.

-- test policy arc

csor-test-policies OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 2 1 48 }

-- test policy OIDs

2.16.840.1.101.3.2.1.48.1 test1
2.16.840.1.101.3.2.1.48.2 test2
2.16.840.1.101.3.2.1.48.3 test3
2.16.840.1.101.3.2.1.48.4 test4
2.16.840.1.101.3.2.1.48.5 test5
2.16.840.1.101.3.2.1.48.6 test6
2.16.840.1.101.3.2.1.48.7 test7
2.16.840.1.101.3.2.1.48.8 test8
2.16.840.1.101.3.2.1.48.9 test9
2.16.840.1.101.3.2.1.48.10 test10

.................

 

2.16.840.1.101.3.2.1.48.254 test254
2.16.840.1.101.3.2.1.48.255 test255
2.16.840.1.101.3.2.1.48.256 test256

 

 

Created May 24, 2016, Updated August 30, 2024