DoD Public Key Infrastructure PKI

DoD Public Key Infrastructure PKI
Table of Contents

PKI stands for “Public Key Infrastructure,” or Public Key System, and encompasses policies, processes, server platforms, software and certificate authorities that enable large scale deployment of cryptographic data security technologies like digital signature and encryption on an enterprise scale. It includes an entire hierarchy of certificate authorities.

Digital certificates encrypt data using a private key only known by their owner and can be verified using a trusted root store on user machines.


NIPRNet, owned and operated by the Department of Defense (DoD), allows military personnel access to non-classified information as well as sharing classified material among DoD personnel. Furthermore, this network serves to communicate between agencies within DoD as well as civilians – particularly civilian agencies that contract with DoD for work. NIPRNet replaces MILNET in terms of security and reliability with low latency; additionally using cutting edge security technologies for protection from hackers.

The network operates using digital certificates with individual public keys that serve to encrypt data and verify user identities. Certificates are signed by a root certification authority (CA), with subordinate CAs trusting all signed certificates as their authenticity is ensured. This system of public-private key pairs has several benefits for use.

NIPRNet stands out from the competition by supporting multiple communication protocols, making it ideal for military units operating across different environments. This feature can help lower hardware and software purchases while giving DoD employees greater flexibility and reducing costs. In addition, it supports many DoD applications including email and instant messaging.

In addition to NIPRNet, the Army is exploring options for commercial systems that may provide more resilience against adversary disruptions. Their CIO even hinted that they may rely less on network configurations such as SIPRNet and NIPRNet in future; this may result in shifting from traditional classified and unclassified networks toward commercial ones with greater resilience against adversary attacks.


SIPRNet (Secret Internet Protocol Router Network) is an exclusive worldwide US military internet system used for communicating between military personnel. Operated by the Defense Department in Washington and only accessible by individuals with proper credentials who pass security clearance checks and adhere to stringent guidelines, this network connects military personnel around the globe.

SIPRNet also allows for secure file transfers using encryption technology, usually requiring both an user id and password combination to log on. In order to prevent data leakage, the Pentagon has developed a password protection policy with minimum length requirements and special characters required – this helps ensure that passwords remain unique and difficult for others to guess.

SIPRNet may not offer as fast access as public internet, but it still has many advantages for military and contractors. SIPRNet can be used in remote locations where cell phone coverage is unavailable while sharing spectrum with commercial cellular networks can save the DOD money on infrastructure costs.

The Department of Defense plans to transition all NIPRNet and SIPRNet users onto its new token by the end of 2020. At present, configuring tokens takes approximately 15 minutes; it requires multiple people. When fully implemented, all DOD employees will use one single token across both networks.

SIPRNet employs a hardware token with both CAC and PKI capabilities to enable secure authentication for DoD applications and web servers, making up an integral component of its cybersecurity strategy. While multiple domain support may eventually become possible in future token models from industry at an affordable price point, this capability currently isn’t readily available from providers today.


The NPE is a security platform with various features designed to help safeguard your network. These features include a certificate authority (CA), registry and trust store – essential components that help verify digital certificates securely while also helping prevent unauthorized users from accessing or altering them. Furthermore, cross-signing certificates provides another means of building trust by verifying certificates issued from more than one CA.

PKI (Public Key Infrastructure) is a framework that facilitates secure deployment of cryptographic data security technologies such as encryption and signatures on a mass scale. Furthermore, it supports identity management services like online authentication, document and transaction signing, application code signing and time-stamping as well as credentialing of devices connected to the Internet of Things.

Although PKIs were initially proposed in the 1990s, their adoption has been slower than anticipated. A few major vendors have left business altogether and several significant problems remain unresolved; yet many of these challenges can be met through proper design and implementation.

For optimal PKI security, cloud-based providers may be an ideal choice. This type of PKI can easily integrate into existing infrastructure without needing forklift upgrades; additionally, its use reduces on-premise hardware such as certificate authorities (CAs). CAs pose particular security risk if compromised; attackers could expose all certificates signed off by it as vulnerable targets.

The Dossier feature in NPE allows you to generate a PDF dossier on any entity, with information including their profile, known related entities, news articles and litigation history. Furthermore, there is a chart on monthly trends as well as lists of top plaintiffs, defendants and products.


Purebred is a secure mobile application designed to help users access NIPRNet and SIPRNet certificates as well as manage derived certificate trust chains. Perfect for Department of Defense personnel traveling overseas frequently, Purebred supports multiple mobile devices with ease of use and makes NIPRNet and SIPRNet certificates easily accessible.

The contractor will deliver cloud consulting, broker, integration and IaaS services from various cloud service providers as well as security engineering expertise necessary to build, integrate, migrate and transition the DOD PKI Portfolio from its current hosting environments to an upgraded solution using cloud technology or hybrid environments; providing all technical data, intellectual property rights or any other information needed by Government personnel to manage and operate such portfolio.

Contractors will collaborate with DoD community representatives to effectively communicate results of PITC engineering and testing activities through information papers and reference guides that outline COTS solutions compatible with PKI portfolio capabilities. This documentation will allow DoD community to assess appropriate commercial hardware/software products to integrate into PKI capabilities portfolio.

Documents outlining the PITC will include its logical architecture, including all associated hardware and commercial software products. Furthermore, they will contain a description of its ability to aggregate, correlate, and archive syslog events generated from various network devices and products.

The contractor will conduct an assessment of existing PITC systems monitoring and logging architectures to identify any deficiencies that require corrective actions (CRs). Furthermore, this analysis will result in creating a web-based monitoring capability to track PKI Portfolio capabilities using deployed application tools (eg, Solar Winds or Splunk) for realtime visibility.


NEATS is a public key infrastructure (PKI) solution designed to meet the Information Assurance (IA) needs of DoD, offering encryption, authentication, and verification of network transactions. Smart cards can also be used to authenticate users and multiple cryptographic algorithms can be supported simultaneously.

NEATS stands apart from other PKI products by being an integrated PKI system that includes all necessary services to facilitate enterprise-wide certificate authority (CA) implementation, such as certificate database, online certificate status protocol, global directory service and hardware security modules. Furthermore, this comprehensive solution includes an XML-based policy framework, CA management system and an RA-delegated certificate server – making it the complete package!

Certification authorities (CAs) are trusted entities that verify the identity of users or devices requesting digital certificates from them, then sign them using their private key and publish a public key that anyone can access – this ensures the validity of each certificate received as it passes along its journey without being altered in transit.

odNEAT+ is an evolutionary algorithm using a physically distributed island model. Each robot optimizes an internal population of candidate solutions for its task and the islands exchange these solutions when they meet (inter-island migration). odNEAT+ creates an efficient and accurate controller capable of learning new tasks as they arise – making it an invaluable asset in automated inspection systems. Monitoring equipment conditions, identifying problems and providing recommendations for corrective action enables operators to improve performance and reliability. The open-source version, called odNIET, is more stable and can run across various platforms.

Sam is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.