The CSOR has allocated the following registration branch for Public Key Infrastructure (PKI) objects:
csor-pki ::= {joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) csor(3) pki(2)}
Policies OIDs are allocated in the following arc:
csor-certpolicy ::= { csor-pki 1 }
For agencies requesting a new policy OID, please send email with OID name, associated document and point of contact information.
Additional information on Federal PKI activities is available at: https://www.idmanagement.gov/fpki
There are no objects registered to support the ACES project. The first object is an arc for ACES policies. These objects define an arc for policies associated with the GSA ACES project.
-- the ACES policy arcaces OBJECT IDENTIFIER ::= { csor-certpolicy 1 }
-- the aces policy OIDs
Obsolete as of August 2020 |
|
Obsolete as of August 2020 |
|
Obsolete as of August 2020 |
|
Obsolete as of December 2015 |
|
Obsolete as of August 2020 |
|
Obsolete as of December 2015 |
|
Obsolete as of December 2015 |
Three objects have been registered to support the Citizen and Commerce policies for PKI. The first object is an arc for the Citizen and Commerce policies.
-- the Citizen and Commerce policy arc
citizen-and-commerce-policies OBJECT IDENTIFIER ::= { csor-certpolicy 14}
-- the citizen-and-commerce policy OIDS
The following two policies are defined in the "Citizen and Commerce Certificate Policy" document.
2.16.840.1.101.3.2.1.14.1 | citizen-and-commerce-provisional |
2.16.840.1.101.3.2.1.14.2 | citizen-and-commerce-approved |
This arc is maintained by CNSS. The first object is an arc for the CNSS policies.
-- the CNSS policy arc
id-cnss-policies OBJECT IDENTIFIER ::= { csor-certpolicy 21}
The OIDs assigned by this agency can be found in the Instruction for National Security Systems PKI X.509 Certificate Policy.
Two objects have been assigned to support the Commodity Futures Trading Commission policies for PKI. The first object is an arc for the CFTC policies.
-- the CFTC policy arc
id-cftc-policies OBJECT IDENTIFIER ::= { csor-certpolicy 26}
-- the cftc policy OIDS
The following OID is to be defined in the "United States Commodity Futures Trading Commission Certificate Authority Certificate Policy" (CP). This document is not publicly available at this time.
2.16.840.1.101.3.2.1.26.1 | id-us-cftc-cp |
Five objects have been registered to support the Department of Energy policies for PKI. The first object is an arc for DOE policies.
-- the DOE policy arcdoe-policies OBJECT IDENTIFIER ::= { csor-certpolicy 10}
-- the doe policy OIDS
The following three policies are defined in the "Certificate Policy CP-1 for DOE Public Key Certificates in Unclassified".
2.16.840.1.101.3.2.1.10.1 | doe-basic |
2.16.840.1.101.3.2.1.10.2 | doe-medium |
2.16.840.1.101.3.2.1.10.3 | doe-high |
The policy below is defined in the "U.S. Department of Energy Public Key Infrastructure X.509 Certificate Policy" document.
2.16.840.1.101.3.2.1.10.4 | doe-medium-v2 |
Twenty-nine objects have been registered to support the Department of Homeland Security policies for PKI. The first object is an arc for the DHS policies.
dhs-policies OBJECT IDENTIFIER ::= { csor-certpolicy 15}
The following arc is reserved for private DHS certificate content and PKI-protected message formats:
2.16.840.1.101.3.2.1.15.0 | id-dhs-pkiObjects |
The following OID is defined for use in the extended key usage extension:
2.16.840.1.101.3.2.1.15.0.1 |
id-dhs-USVISITsigner |
The following OID is assigned to the ASN.1 module that defines the eContentTypes and value for the extendedKeyUsage extension:
2.16.840.1.101.3.2.1.15.0.2 |
id-dhs-MRTDValidationV4 |
The following OIDs are assigned to DHS eContentTypes for use with Cryptographic Message Syntax object formats:
2.16.840.1.101.3.2.1.15.0.3 |
id-dhs-ValidationList |
2.16.840.1.101.3.2.1.15.0.4 |
id-dhs-CertStatus |
2.16.840.1.101.3.2.1.15.0.5 |
id-dhs-CountryStatus |
The following seven policies are defined within the "X.509 Certificate Policy for the Department of Homeland Security Public Key Infrastructure" document.
2.16.840.1.101.3.2.1.15.1 | id-dhs-certpcy-rudimentary |
2.16.840.1.101.3.2.1.15.2 | id-dhs-certpcy-basic |
2.16.840.1.101.3.2.1.15.3 | id-dhs-certpcy-medium |
2.16.840.1.101.3.2.1.15.4 | id-dhs-certpcy-high |
2.16.840.1.101.3.2.1.15.5 | id-dhs-certpcy-mediumHardware |
2.16.840.1.101.3.2.1.15.6 | id-dhs-certpcy-cardAuth |
2.16.840.1.101.3.2.1.15.7 | id-dhs-certpcy-internalBasic |
The following policy was defined within the "Department of Homeland Security Public Key Infrastructure X.509 Internal Use Non Person Entity Certificate Policy” document:
2.16.840.1.101.3.2.1.15.8 |
id-dhs-certpcy-internalNpe |
The following policy has been defined by the Department of Homeland Security for use in the Homeland Secure Data Network (HSDN) Mobile Access Capability (MAC) PKI. This policy will be asserted within all certificates issued by the HSDN MAC CA and are intended to be used with the initial pilot and eventual production implementation permitting remote access to HSDN.
2.16.840.1.101.3.2.1.15.9 |
id-dhs-certpcy-HSDNMACMediumDevice |
The following four policies are defined by the Department of Homeland Security for use in the Homeland Secure Data Network (HSDN) PKI. This PKI is for internal DHS use only and will not have any non-DHS relying parties.
2.16.840.1.101.3.2.1.15.10 | id-dhs-certpcy-HSDNMediumDevice |
2.16.840.1.101.3.2.1.15.11 | id-dhs-certpcy-HSDNMediumHuman |
2.16.840.1.101.3.2.1.15.12 | id-dhs-certpcy-HSDNMediumHumanDerived |
2.16.840.1.101.3.2.1.15.13 | id-dhs-certpcy-HSDNCodeSigning |
The following policy is defined within the "Department of Homeland Security DHS Enterprise Non-Person Entity (ENPE) Public Key Infrastructure (PKI) Certificate Policy (CP)” document:
2.16.840.1.101.3.2.1.15.20 |
id-dhs-certpcy-enterpriseNpe |
The following seven test policies are defined within the "X.509 Certificate Policy for the Department of Homeland Security Public Key Infrastructure" document to support pilots and testing. These policies should never be inserted in "real" certificates, and no relying party should ever accept such a certificate to implement security services in a "real" application!
2.16.840.1.101.3.2.1.15.31 | id-dhs-certpcy-testRudimentary |
2.16.840.1.101.3.2.1.15.32 | id-dhs-certpcy-testBasic |
2.16.840.1.101.3.2.1.15.33 | id-dhs-certpcy-testMedium |
2.16.840.1.101.3.2.1.15.34 | id-dhs-certpcy-testHigh |
2.16.840.1.101.3.2.1.15.35 | id-dhs-certpcy-testMediumHardware |
2.16.840.1.101.3.2.1.15.36 | id-dhs-certpcy-testCardAuth |
2.16.840.1.101.3.2.1.15.37 | id-dhs-certpcy-testInternalBasic |
The following test policy was defined within the "Department of Homeland Security Public Key Infrastructure X.509 Internal Use Non Person Entity Certificate Policy” document to support pilots and testing. This policy should never be inserted in "real" certificates, and no relying party should ever accept such a certificate to implement security services in a "real" application!:
2.16.840.1.101.3.2.1.15.38 |
id-dhs-certpcy-testInternalNpe |
Three objects have been registered to support the Department of Interior policies for PKI. The first object is an arc for the DOI policies.
-- the DOI policy arc
id-doi-policies OBJECT IDENTIFIER ::= { csor-certpolicy 19}
-- the doi policy OIDS
These OIDs have been assigned to this agency; however, we do not have the agency Certificate Profile associated with these OIDs.
2.16.840.1.101.3.2.1.19.1 | id-doi-basic |
2.16.840.1.101.3.2.1.19.2 | id-doi-medium |
Fifteen objects have been registered to support the Department of Justice policies for PKI. The first object is an arc for the DOJ policies.
-- the DOJ policy arc
id-doj-policies OBJECT IDENTIFIER ::= { csor-certpolicy 16}
-- the doj policy OIDS
The following five policies are defined in the "Department of Justice Public Key Infrastructure X.509 Certificate Policy" document.
2.16.840.1.101.3.2.1.16.1 | id-doj-Class1 |
2.16.840.1.101.3.2.1.16.2 | id-doj-Class2 |
2.16.840.1.101.3.2.1.16.3 | id-doj-Class3 |
2.16.840.1.101.3.2.1.16.4 | id-doj-Class4 |
2.16.840.1.101.3.2.1.16.5 | id-doj-Class5 |
The following two policies are defined in the "X.509 Certificate Policy for the Federal Bureau of Investigation Public Key Infrastructure.
2.16.840.1.101.3.2.1.16.6.1 | id-fbi-mediumAssurance |
2.16.840.1.101.3.2.1.16.6.2 | id-fbi-highAssurance |
The following seven policies will be defined in a FBI/CJIS Division Certificate Policy (unavailable)
2.16.840.1.101.3.2.1.16.6.3 | id-fbi-cjis-basic-individual |
2.16.840.1.101.3.2.1.16.6.4 | id-fbi-cjis-basic-organizational |
2.16.840.1.101.3.2.1.16.6.5 | id-fbi-cjis-medium |
2.16.840.1.101.3.2.1.16.6.6 | id-fbi-cjis-mediumSW |
2.16.840.1.101.3.2.1.16.6.7 | id-fbi-cjismediumHW |
2.16.840.1.101.3.2.1.16.6.8 | id-fbi-cjis-mediumDevice |
2.16.840.1.101.3.2.1.16.6.9 | id-fbi-cjis-high |
Three objects have been registered to support the Department of Labor policies for PKI. The first object is an arc for DOL policies.
-- the DOL policy arc
dol-policies OBJECT IDENTIFIER ::= { csor-certpolicy 11}
-- the dol policy OIDS
These OIDs have been assigned to this agency; however, we do not have the agency Certificate Profile associated with these OIDs.
2.16.840.1.101.3.2.1.11.1 | dol-basic |
2.16.840.1.101.3.2.1.11.2 | dol-medium |
Three objects have been registered to support the DEA PKI. The first object is an arc for DEA policies.
-- the DEA policy arcdea-policies OBJECT IDENTIFIER ::= { csor-certpolicy 9}
-- the dea policy OIDS
The following policies have been assigned to this agency; however, we do not have the agency Certificate Profile associated with these OIDs.
2.16.840.1.101.3.2.1.9.1 | dea-csos-cp |
2.16.840.1.101.3.2.1.9.2 | dea-epcs-policy |
Eleven objects have been registered to support the ECA policies for PKI. The first object is an arc for ECA policies.
-- the ECA policy arc
eca-policies OBJECT IDENTIFIER ::= { csor-certpolicy 12}
-- the eca policy OIDS
The following policies are defined in the "United States Department of Defense External Certification Authority X.509 Certificate Policy"
2.16.840.1.101.3.2.1.12.1 | id-eca-medium |
2.16.840.1.101.3.2.1.12.3 | id-eca-medium-token |
2.16.840.1.101.3.2.1.12.2 | id-eca-medium-hardware |
2.16.840.1.101.3.2.1.12.4 | id-eca-medium-sha256 |
2.16.840.1.101.3.2.1.12.5 | id-eca-medium-token-sha256 |
2.16.840.1.101.3.2.1.12.6 | id-eca-medium-hardware-pivi |
2.16.840.1.101.3.2.1.12.7 | id-eca-cardauth-pivi |
2.16.840.1.101.3.2.1.12.8 | id-eca-contentsigning-pivi |
2.16.840.1.101.3.2.1.12.9 | id-eca-medium-device-sha256 |
2.16.840.1.101.3.2.1.12.10 | id-eca-medium-hardware-sha256 |
Five objects have been registered to support the Federal Deposit Insurance Corporation PKI. The first object is an arc for FDIC policies.
-- the FDIC policy arcfdic-policies OBJECT IDENTIFIER ::= { csor-certpolicy 7 }
-- the fdic policy OIDs
The following four policies can be defined in the "Certificate Policy for the Federal Deposit Insurance Corporation" document. (This document is currently not publicly available.)
2.16.840.1.101.3.2.1.7.1 | fdic-basic |
2.16.840.1.101.3.2.1.7.2 | fdic-low |
2.16.840.1.101.3.2.1.7.3 | fdic-moderate |
2.16.840.1.101.3.2.1.7.4 | fdic-high |
Six objects have been registered to support the Federal Energy Regulatory Commission policies for PKI. The first object is an arc for the FERC policies.
-- the FERC policy arc
id-ferc-policies OBJECT IDENTIFIER ::= { csor-certpolicy 22}
-- the ferc policy OIDS
These OIDs have been assigned to this agency; however, the Certificate Policy is not publicly available.
2.16.840.1.101.3.2.1.22.1 | id-ferc-Test |
2.16.840.1.101.3.2.1.22.2 | id-ferc-Basic |
2.16.840.1.101.3.2.1.22.3 | id-ferc-Medium |
2.16.840.1.101.3.2.1.22.4 | id-ferc-Medium-Hardware |
2.16.840.1.101.3.2.1.22.5 | id-ferc-High |
Forty-eight objects have been registered to support the Federal PKI Policy Authority. The first object is an arc for FPKIPA policies;
-- the FPKIPA policy arcfbca-policies OBJECT IDENTIFIER ::= { csor-certpolicy 3 }
-- the fpkipa policy OIDs
The polices below are defined by the FBCA Certificate Policy which is available at the FPKI Program page.
2.16.840.1.101.3.2.1.3.1 | id-fpki-certpcy-rudimentaryAssurance |
2.16.840.1.101.3.2.1.3.2 | id-fpki-certpcy-basicAssurance |
2.16.840.1.101.3.2.1.3.3 | id-fpki-certpcy-mediumAssurance |
2.16.840.1.101.3.2.1.3.4 | id-fpki-certpcy-highAssurance |
2.16.840.1.101.3.2.1.3.5 | id-fpki-certpcy-testAssurance |
2.16.840.1.101.3.2.1.3.12 | id-fpki-certpcy-mediumHardware |
2.16.840.1.101.3.2.1.3.14 | id-fpki-certpcy-medium-CBP |
2.16.840.1.101.3.2.1.3.15 | id-fpki-certpcy-mediumHW-CBP |
2.16.840.1.101.3.2.1.3.18 | id-fpki-certpcy-pivi-hardware |
2.16.840.1.101.3.2.1.3.19 | id-fpki-certpcy-pivi-cardAuth |
2.16.840.1.101.3.2.1.3.20 | id-fpki-certpcy-pivi-contentSigning |
|
|
retired as of December 2019 |
|
retired as of December 2019 |
|
retired as of December 2019 |
|
retired as of December 2019 |
|
2.16.840.1.101.3.2.1.3.37 | id-fpki-certpcy-mediumDevice |
2.16.840.1.101.3.2.1.3.38 | id-fpki-certpcy-mediumDeviceHardware |
The policies below are defined in the X.509 Certificate Policy for the Common Policy Framework which is available at the FPKI Program page.
2.16.840.1.101.3.2.1.3.6 | id-fpki-common-policy |
2.16.840.1.101.3.2.1.3.7 | id-fpki-common-hardware |
2.16.840.1.101.3.2.1.3.8 | id-fpki-common-devices |
2.16.840.1.101.3.2.1.3.13 | id-fpki-common-authentication |
2.16.840.1.101.3.2.1.3.16 | id-fpki-common-high |
2.16.840.1.101.3.2.1.3.17 | id-fpki-common-cardAuth |
Obsolete as of 12/31/2013 |
|
Obsolete as of 12/31/2013 |
|
2.16.840.1.101.3.2.1.3.36 | id-fpki-common-devicesHardware |
2.16.840.1.101.3.2.1.3.39 | id-fpki-common-piv-contentSigning |
2.16.840.1.101.3.2.1.3.40 | id-fpki-common-derived-pivAuth |
2.16.840.1.101.3.2.1.3.41 | id-fpki-common-derived-pivAuth-hardware |
2.16.840.1.101.3.2.1.3.42 | id-fpki-common-public-trusted-serverAuth |
2.16.840.1.101.3.2.1.3.45 | id-fpki-common-pivi-authentication |
2.16.840.1.101.3.2.1.3.46 | id-fpki-common-pivi-cardAuth |
2.16.840.1.101.3.2.1.3.47 | id-fpki-common-pivi-contentSigning |
The policies below are defined in X.509 Certificate Policy for the E-Governance Certification Authority. This document is currently not available.
2.16.840.1.101.3.2.1.3.9 | id-eGov-Level1 |
2.16.840.1.101.3.2.1.3.10 | id-eGov-Level2 |
2.16.840.1.101.3.2.1.3.11 | id-eGov-Applications |
2.16.840.1.101.3.2.1.3.28 | id-eGov-Level1-IdP |
2.16.840.1.101.3.2.1.3.29 | id-eGov-Level2-IdP |
2.16.840.1.101.3.2.1.3.30 | id-eGov-Level3-IdP |
2.16.840.1.101.3.2.1.3.31 | id-eGov-Level4-IdP |
2.16.840.1.101.3.2.1.3.32 | id-eGov-BAE-Broker |
2.16.840.1.101.3.2.1.3.33 | id-eGov-RelyingParty |
2.16.840.1.101.3.2.1.3.34 | id-eGov-MetaSigner |
2.16.840.1.101.3.2.1.3.35 | id-eGov-MetaSigner-Hardware |
The policies below are defined in the Federal Public Trust Device Certificate Policy. This document is currently not available.
2.16.840.1.101.3.2.1.3.43 | id-fpki-pubtrust-tls-dv |
2.16.840.1.101.3.2.1.3.44 | id-fpki-pubtrust-tls-ov |
Thirteen objects have been registered to support the Food and Drug Administration policies for PKI. The first object is an arc for FDA policies.
id-ORApki-policies OBJECT IDENTIFIER ::= { csor-certpolicy 13}
The following policy is defined in the "X.509 Certificate Policy for the Food and Drug Administration (FDA) Office"
2.16.840.1.101.3.2.1.13.1 | id-ORApki-assurance-test |
2.16.840.1.101.3.2.1.13.2 | id-ORApki-assurance-basic |
2.16.840.1.101.3.2.1.13.3 | id-ORApki-assurance-medium |
2.16.840.1.101.3.2.1.13.4 | id-ORApki-assurance-high |
The following objects have been assigned to this agency and are defined in the "HHS Public Key Infrastructure X.509 Certificate Policy for HHS Domain Devices, Ver. 1.5"
2.16.840.1.101.3.2.1.13.5 | id-pki-HHSdomains |
2.16.840.1.101.3.2.1.13.5.1 | id-HHSdomains-LoA |
2.16.840.1.101.3.2.1.13.5.1.1 | id-HHSdomains-assurance-basic |
2.16.840.1.101.3.2.1.13.5.1.2 | id-HHSdomains-assurance-high |
2.16.840.1.101.3.2.1.13.5.2 | id-HHSdomains-OPDIVpolicies |
2.16.840.1.101.3.2.1.13.5.2.1 | id-pki-IHSdomains |
2.16.840.1.101.3.2.1.13.5.2.2 | id-pki-NIHdomains |
2.16.840.1.101.3.2.1.13.5.2.3 | id-pki-FDAdomains |
Six objects have been registered to support the Government Printing Office policies for PKI. The first object is an arc for the GPO policies.
-- the GPO policy arc
id-gpo-policies OBJECT IDENTIFIER ::= { csor-certpolicy 17}
-- the gpo policy OIDS
The following policies are defined in the "X.509 Certificate Policy for the Government Printing Office Certification Authority".
2.16.840.1.101.3.2.1.17.1 | id-gpo-medium |
2.16.840.1.101.3.2.1.17.2 | id-gpo-medium-hardware |
2.16.840.1.101.3.2.1.17.3 | id-gpo-certpcy-devices |
2.16.840.1.101.3.2.1.17.4 | id-gpo-certpcy-authentication |
2.16.840.1.101.3.2.1.17.5 | id-gpo-certpcy-cardAuth |
Four objects have been registered to support the USDA and NFC PKI. The first object is an arc for USDA-NFC policies.
-- the NFC policy arcnfc-policies OBJECT IDENTIFIER ::= { csor-certpolicy 8}
-- the nfc policy OIDS
The following three policies are defined in the "United States Department of Agriculture and National Finance Center Public Key Infrastructure Certificate Policy."
2.16.840.1.101.3.2.1.8.1 | nfc-basicAssurance |
2.16.840.1.101.3.2.1.8.2 | nfc-mediumAssurance |
2.16.840.1.101.3.2.1.8.3 | nfc-highAssurance |
Two objects have been registered with the National Institute of Standards and Technology PKI policies. The first object is an arc for NIST policies.
-- the NIST policy arcnist-policies OBJECT IDENTIFIER ::= { csor-certpolicy 4 }
-- the nist policy OIDs
The following policy is defined in the document: "Basic Level NIST Certificate Policy".
2.16.840.1.101.3.2.1.4.1 | nist-cp1 |
Three objects have been registered to support the Nuclear Regulatory Commission policies for PKI. The first object is an arc for the NRC policies.
-- the NRC policy arc
id-nrc-policies OBJECT IDENTIFIER ::= { csor-certpolicy 18}
-- the nrc policy OIDS
The following policy are defined in the "U.S. Nuclear Regulatory Commission Certificate Policy for Level 3 Assurance Addendum to the VTN CP" document (not publicly available).
2.16.840.1.101.3.2.1.18.1 | id-nrc-level3 |
The following policy are defined in the "U.S. Nuclear Regulatory Commission Certificate Policy for Level 2 Assurance Addendum to the VTN CP" document (not publicly available).
2.16.840.1.101.3.2.1.18.2 | id-nrc-level2 |
Ten objects have been registered to support the U.S. State Department PKI. The first object is an arc for State Department policies.
-- the State policy arc
state-policies OBJECT IDENTIFIER ::= { csor-certpolicy 6 }
-- the state policy OIDs
The following objects are defined in the "United States Department of State X.509 Certificate Policy".(This document is currently not publicly available.)
2.16.840.1.101.3.2.1.6.1 | state-basic |
2.16.840.1.101.3.2.1.6.2 | state-low |
2.16.840.1.101.3.2.1.6.3 | state-moderate |
2.16.840.1.101.3.2.1.6.4 | state-high |
The following objects have been assigned to this agency; however, we do not have the agency Certificate Profile associated with this OID.
2.16.840.1.101.3.2.1.6.12 | state-certpcy-mediumHardware |
2.16.840.1.101.3.2.1.6.14 | state-certpcy-citizen-and-commerce |
2.16.840.1.101.3.2.1.6.37 | state-certpcy-mediumDevice |
2.16.840.1.101.3.2.1.6.38 | state-certpcy-mediumDeviceHardware |
The following object is defined in the "Machine Readable Travel Document (MRTD) PKI X.509 Certificate Policy Version 1.1". (This document is currently not publicly available.)
2.16.840.1.101.3.2.1.6.100 | state-mrtd |
Four objects have been registered to support the U.S. Agency for International Development policies for PKI. The first object is an arc for the USAID policies.
-- the USAID policy arc
id-usaid-policies OBJECT IDENTIFIER ::= { csor-certpolicy 23}
-- the usaid policy OIDS
These OIDs have been assigned to this agency; however, the Certificate Policy is not publicly available.
2.16.840.1.101.3.2.1.23.1 | id-usaid-basic |
2.16.840.1.101.3.2.1.23.2 | id-usaid-medium |
2.16.840.1.101.3.2.1.23.3 | id-usaid-device-medium-hardware |
Three objects have been registered to support the U.S. Army Central Command's (USARCENT) PKI. The first object is an arc for USARCENT policies.
-- the USARCENT policy arc
id-usarcent-policies OBJECT IDENTIFIER ::= { csor-certpolicy 27 }
-- the usarcent policy OIDs
The following objects will be defined in the X.509 Certificate Policy for United States Army Central Command (USARCENT) [the policy is currently unavailable].
2.16.840.1.101.3.2.1.27.1 | id-usarcent-basic |
2.16.840.1.101.3.2.1.27.2 | id-usarcent-medium |
Four objects have been registered to support the U.S. Army Special Operations Command policies for PKI. The first object is an arc for the USASOC policies.
-- the USASOC policy arc
id-usasoc-policies OBJECT IDENTIFIER ::= { csor-certpolicy 28}
-- the usasoc-policy OIDS
These OIDs have been assigned to this agency; however, the Certificate Policy is still in development and will be internal to the agency.
2.16.840.1.101.3.2.1.28.1 | id-usasoc-basic |
2.16.840.1.101.3.2.1.28.2 | id-usasoc-medium |
2.16.840.1.101.3.2.1.28.3 | id-usasoc-high |
Seven objects have been registered to support the U.S. Citizenship and Immigration Services policies for PKI. The first object is an arc for the USCIS policies.
-- the USCIS policy arc
id-uscis-policies OBJECT IDENTIFIER ::= { csor-certpolicy 29}
-- the uscis-policy OIDS
These OIDs have been assigned to this agency; however, the Certificate Policy is still in development.
2.16.840.1.101.3.2.1.29.1 | id-uscis-basic |
2.16.840.1.101.3.2.1.29.2 | id-uscis-medium |
2.16.840.1.101.3.2.1.29.3 | id-uscis-high |
2.16.840.1.101.3.2.1.29.15 | id-uscis-testbasic |
2.16.840.1.101.3.2.1.29.16 | id-uscis-testmedium |
2.16.840.1.101.3.2.1.29.17 | id-uscis-testhigh |
There are thirteen policies registered with the U.S. Patent and Trademark Office. The first object is an arc for PTO policies. These OIDs have been assigned to this agency; however, we do not have the agency Certificate Profile associated with these OIDs.
-- the PTO policy arcpto-policies OBJECT IDENTIFIER ::= { csor-certpolicy 2 }
-- the pto policy OIDs
2.16.840.1.101.3.2.1.2.1 | pto-registered-practitioner |
2.16.840.1.101.3.2.1.2.2 | pto-inventor |
2.16.840.1.101.3.2.1.2.3 | pto-practitioner-employee |
2.16.840.1.101.3.2.1.2.4 | pto-basic |
2.16.840.1.101.3.2.1.2.5 | pto-service-provider |
2.16.840.1.101.3.2.1.2.6 | pto-service-provider-registrar |
The following policies are defined in the document: "Certificate Policy for the U.S. Patent and Trademark Office".
2.16.840.1.101.3.2.1.2.7 | pto-basic-2003 |
2.16.840.1.101.3.2.1.2.8 | pto-medium-2003 |
2.16.840.1.101.3.2.1.2.9 | id-pto-mediumHardware |
2.16.840.1.101.3.2.1.2.10 | id-pto-cardAuth |
2.16.840.1.101.3.2.1.2.11 | id-pto-mediumDevice |
2.16.840.1.101.3.2.1.2.12 | id-pto-mediumDeviceHardware |
2.16.840.1.101.3.2.1.2.13 | id-pto-basicDevice |
Nineteen objects have been registered to support the U.S. Postal Service policies for PKI. The first object is an arc for the USPS policies.
-- the USPS policy arc
id-usps-policies OBJECT IDENTIFIER ::= { csor-certpolicy 20}
-- the usps policy OIDS
These OIDs have been assigned to this agency; however, the Certificate Policy is still in draft format.
2.16.840.1.101.3.2.1.20.1 | id-usps-certpcy-rudimentaryAssurance |
2.16.840.1.101.3.2.1.20.2 | id-usps-certpcy-basicAssurance |
2.16.840.1.101.3.2.1.20.3 | id-usps-certpcy-mediumAssurance |
2.16.840.1.101.3.2.1.20.12 | id-usps-certpcy-mediumHardware |
2.16.840.1.101.3.2.1.20.18 | id-usps-certpcy-pivi-hardware |
2.16.840.1.101.3.2.1.20.19 | id-usps-certpcy-pivi-cardAuth |
2.16.840.1.101.3.2.1.20.20 | id-usps-certpcy-pivi-contentSigning |
2.16.840.1.101.3.2.1.20.37 | id-usps-certpcy-mediumDevice |
2.16.840.1.101.3.2.1.20.38 | id-usps-certpcy-mediumDeviceHardware |
The following OIDs have been assigned to this agency as Test OIDs to mirror the above.
2.16.840.1.101.3.2.1.20.4.1 | id-usps-Testcertpcy-rudimentaryAssurance |
2.16.840.1.101.3.2.1.20.4.2 | id-usps-Testcertpcy-basicAssurance |
2.16.840.1.101.3.2.1.20.4.3 | id-usps-Testcertpcy-mediumAssurance |
2.16.840.1.101.3.2.1.20.4.12 | id-usps-Testcertpcy-mediumHardware |
2.16.840.1.101.3.2.1.20.4.18 | id-usps-Testcertpcy-pivi-hardware |
2.16.840.1.101.3.2.1.20.4.19 | id-usps-Testcertpcy-pivi-cardAuth |
2.16.840.1.101.3.2.1.20.4.20 | id-usps-Testcertpcy-pivi-contentSigning |
2.16.840.1.101.3.2.1.20.4.37 | id-usps-Testcertpcy-mediumDevice |
2.16.840.1.101.3.2.1.20.4.38 | id-usps-Testcertpcy-mediumDeviceHardware |
Three objects have been registered to support the U.S. Special Operations Command policies for PKI. The first object is an arc for the USSOCOM policies.
-- the USSOCOM policy arc
id-ussocom-policies OBJECT IDENTIFIER ::= { csor-certpolicy 24}
-- the ussocom policy OIDS
The following policies are defined in X.509 Certificate Policy for United States Special Operations Command (USSOCOM)
2.16.840.1.101.3.2.1.24.1 | id-ussocom-basic |
2.16.840.1.101.3.2.1.24.2 | id-ussocom-medium |
Seventeen objects have been registered to support the U.S. Treasury Department's PKI. The first object is an arc for Treasury policies.
-- the Treasury policy arctreasury-policies OBJECT IDENTIFIER ::= { csor-certpolicy 5 }
-- the treasury policy OIDs
The following object is the FMS PKI policy. The FMS policy is defined in Certificate Policy CP-1 for FMS Public Key Certificates in Unclassified Environments (draft).
2.16.840.1.101.3.2.1.5.1 | treasury-cp1 |
The following 9 policies will be defined in the US Treasury PKI X.509 Certificate Policy.
2.16.840.1.101.3.2.1.5.2 | id-treasury-certpcy-rudimentary |
2.16.840.1.101.3.2.1.5.3 | id-treasury-certpcy-basicindividual |
2.16.840.1.101.3.2.1.5.8 | id-treasury-certpcy-basicorganizational |
2.16.840.1.101.3.2.1.5.7 | id-treasury-certpcy-medium |
2.16.840.1.101.3.2.1.5.4 | id-treasury-certpcy-mediumhardware |
2.16.840.1.101.3.2.1.5.5 | id-treasury-certpcy-high |
2.16.840.1.101.3.2.1.5.10 | id-treasury-certpcy-pivi-hardware |
2.16.840.1.101.3.2.1.5.11 | id-treasury-certpcy-pivi-cardAuth |
2.16.840.1.101.3.2.1.5.12 | id-treasury-certpcy-pivi-contentSigning |
The following policy is defined in the "Certificate Policy for the Internal Revenue Service (IRS) Secure Messaging" document.
2.16.840.1.101.3.2.1.5.6 | id-US-IRS-Securemail |
The following policies have been assigned to this agency; however, we do not have the agency Certificate Profile associated with these policies.
2.16.840.1.101.3.2.1.5.9 | id-treacertpcy-internalnpe |
2.16.840.1.101.3.2.1.5.13 | id-treasury-certpcy-personDeviceAuth |
2.16.840.1.101.3.2.1.5.14 | id-treasury-certpcy-internalperson |
2.16.840.1.101.3.2.1.5.15 |
id-treasury-certpcy-internal-contentSigning |
2.16.840.1.101.3.2.1.5.16 |
id-treasury-certpcy-internal-pacsTemporary |
There are 257 objects registered to support PKI pilots and testing. These objects define an arc for policies associated and 256 distinct policies. These policies should never be inserted in "real" certificates, and no relying party should ever accept such a certificate to implement security services in a "real" application! Note that the 256 policies are all equivalent and are defined within the "Test Certificate Policy to Support PKI Pilots and Testing" document.
-- test policy arc
csor-test-policies OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 2 1 48 }
-- test policy OIDs
2.16.840.1.101.3.2.1.48.1 | test1 |
2.16.840.1.101.3.2.1.48.2 | test2 |
2.16.840.1.101.3.2.1.48.3 | test3 |
2.16.840.1.101.3.2.1.48.4 | test4 |
2.16.840.1.101.3.2.1.48.5 | test5 |
2.16.840.1.101.3.2.1.48.6 | test6 |
2.16.840.1.101.3.2.1.48.7 | test7 |
2.16.840.1.101.3.2.1.48.8 | test8 |
2.16.840.1.101.3.2.1.48.9 | test9 |
2.16.840.1.101.3.2.1.48.10 | test10 |
.................
2.16.840.1.101.3.2.1.48.254 | test254 |
2.16.840.1.101.3.2.1.48.255 | test255 |
2.16.840.1.101.3.2.1.48.256 | test256 |
Security and Privacy: cryptography