A: PKI stands for Public Key Infrastructure. A PKI certificate is software which is purchased from an approved commercial vendor and installed on your computer you will only need to purchase an “Identity Certificate” to access CPARS and FAPIIS.
A: When you attempt to log onto government systems which require a PKI certificate, the system will check to verify a certificate has been installed on your computer. A pop-up box will appear with a list of certificates found on your computer. You should select the correct certificate and click “OK” to proceed with the logon process. If you receive an error indicating the certificate you selected is invalid, close your browser and try again, but try selecting a different certificate from the list. If you have tried all of the certificates on the list and still receive the “invalid certificate” error message, contact your certificate vendor for additional assistance.
A: The approved vendors are listed at www.cpars.gov/pki_info.htm under the heading “Approved ECA Vendors”. You may have to scroll down the page to see the list. An approved ECA vendor is one that has been validated as having processes that conform to DoD’s rigorous security models.
A: In 2006, Department of Defense (DOD) issued a requirement that all DOD agencies implement additional security measures to protect information stored on DOD computers from unauthorized access. The PKI identity certificate requirement was implemented in response to the DOD mandate. Contractors are encouraged to purchase and use a certificate to help DOD enhance security. In addition, as of February '09 CPARS and FAPIIS no longer require use and maintenance of passwords for users who logon with a PKI certificate. The PKI requirement helps protect your information from being accessed by hackers and others who do not have valid privileges.
A: No. While certificates are issued to identify individuals, the same identity certificate can be used to access all systems requiring a PKI identity certificate for access.
A: Each employee who logs onto the systems is encouraged to have a PKI identity certificate installed on their computer.
A: PKI identity certificates may be purchased for multiple years, but many companies purchase certificates that are good for one year, and then contact the vendor to renew their license at the end of the one year timeframe.
A: The average cost is about $100 - 120 per certificate, per year. The vendors may offer discounts to firms who are purchasing a large number of certificates. Please contact the vendors for more details.
A: The length of time to receive the certificate will vary, depending on the vendor’s backlog. It is a good idea to contact the vendors prior to purchasing, to compare their delivery times.
Q: I have installed a PKI certificate on my computer, but when I attempt to log onto the government system, I am asked for my certificate password. What does this mean?
A: Most likely, the system is looking at an “encrypted email certificate”, rather than a “PKI identity certificate”. If you selected the certificate from a drop-down list of certificates, close the browser and try again. This time, select a different certificate from the list. If you continue to be prompted for a password, you will need to contact the vendor who sold you the certificate, to verify that you purchased and installed an “identity certificate”. The vendor should be able to tell you how to select the correct certificate. It is also possible you selected a password at the time you installed your identity certificate. You should contact the vendor who sold you the certificate, if you continue to experience problems.
Q: I am located in a foreign country and have been told that the vendors will not issue PKI Certificates to contractors in my country. What do I do?
A: Contractors in foreign countries are able to logon using a User ID and Password (i.e. no PKI certificate is required at this time.)
Q: I have purchased a PKI identity certificate, but am still awaiting receipt from the vendor. However, I have one (or more) performance evaluations that I must comment on within the next 60 days. What do I do?
A: Contractors can logon to the system with their User ID and Password. As of February '09, the CPARS applications will no longer require use and maintenance of passwords if users logon with a PKI certificate.