Treasury's PKI is a combination of policies, procedures and technology that provide a high degree of trust in Treasury personnel, systems and data. This degree of trust is achieved through the use of Treasury-issued digital certificates, objects created by highly secure systems known as Certification Authorities (CAs). Treasury certificates bind digital information to physical identities to allow a high degree of assurance to be placed in those identities.

Treasury's PKI lends the following security services to the enterprise:

• Authentication: Digital certificates can provide a strong means of identifying the bearer when they request access to an online resource. This is stronger than more conventional authentication methods because it is two-factor; that is, it is based on what the user has (i.e. the digital certificate) and what the user knows (i.e. the PIN to enable use of the digital certificate).

• Confidentiality: Digital certificates can be used to encrypt information, either at rest or in motion, to prevent interception by an unauthorized party.

• Integrity: PKI employs mathematical algorithms to enable the user to apply digital signatures to data. Once applied, the data's integrity is significantly strengthened; that is, its author can place a high degree of assurance in the fact that it has not been modified by an unauthorized party, intentionally or otherwise.

• Non-Repudiation: Just as digital signatures can strengthen integrity, they can also be leveraged to prevent data users from claiming (repudiating) that they weren't party to a transaction. This is especially important in scenarios where money is exchanged or approved for payment. Hence, Treasury's PKI is very well suited for its business environment.

Treasury's PKI is well-known throughout the Federal Government, and is extended to its trading partners and other Government organizations that conduct business with the Department in a secure manner. This is made possible through a technological relationship, known as a cross-certification, with the Federal Bridge PKI.

Through this relationship, Treasury may permit access to its online resources by Federal personnel who do not hold a Treasury-issued certificate; but rather, hold a certificate issued by another Agency that Treasury trusts. Likewise, these cross-certified Agencies may elect to trust Treasury-issued credentials as they are used to gain access to their resources. In this manner, business may be conducted, and information may be exchanged, seamlessly and securely.

Additionally, due to Treasury's proven PKI expertise, Treasury offers its digital certificate services to other Agencies through the Federal Shared Service Provider (SSP) program. This enables Treasury to offset operational costs by sharing infrastructure components with other Agencies as they adopt the technology to meet PIV and address other business needs.

Treasury's PKI establishes an effective trust model by strict adherence to policies that govern the infrastructure. These policies can be found on the Certificate Policies page.