Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 7924 (Initial Public Draft)

Reference Certificate Policy

Date Published: May 2014
Comments Due: August 1, 2014 (public comment period is CLOSED)
Email Questions to:


Harold Booth (NIST), Andrew Regenscheid (NIST)


NIST announces the public comment release of second draft of NIST Interagency Report (NISTIR) 7924, Reference Certificate Policy. The purpose of this document is to identify a set of security controls and practices to support the secure issuance of certificates. It was written in the form of a Certificate Policy (CP), a standard format for defining the expectations and requirements of the relying party community that will trust the certificates issued by its Certificate Authorities (CAs).

NIST released the first draft of this publication in April 2013 and received extensive public comments. This revised draft incorporates changes requested by commenters, many intended to improve the security controls identified in the document, provide additional flexibility for CAs, and clarify ambiguities in the previous release.



certificate policy; public key infrastructure  ;  ; ; digital certificate; certificate authority
Control Families

Identification and Authentication


Second Draft NISTIR 7924 (pdf)

Supplemental Material:
Comment Template (docx)

Document History:
05/29/14: IR 7924 (Draft)