CAC/PKI TRAINING GUIDE - IDManagement.gov
CAC/PKI TRAINING GUIDE - IDManagement.gov
CAC/PKI TRAINING GUIDE - IDManagement.gov
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
12<br />
Product Manager<br />
Secure Electronic Transactions – Devices<br />
• Assist in the management of the recipients’ keys and certificates.<br />
• Verify identity of customers.<br />
• Receive and entering subscriber information, and verifying correctness.<br />
• Securely communicate requests to and responses from the CA.<br />
• Execute revocation requests received from LRA/VOs or other authorized sources.<br />
• Approve server certificates.<br />
• Update the <strong>CAC</strong> as necessary to reflect any change in the personnel category of<br />
the <strong>CAC</strong> recipient. This automatically issues/revokes certificates as needed.<br />
• Update other data stored on the <strong>CAC</strong> ICC.<br />
• Ensure that users understand their responsibilities with respect to the <strong>CAC</strong> and the<br />
information, including the <strong>PKI</strong> keys, certificates and PIN stored on it.<br />
The VO will perform the additional responsibilities of LRA which include:<br />
• Verifying the identity of <strong>CAC</strong> recipients via official documentation.<br />
• Registering the <strong>CAC</strong> recipients with the CA.<br />
• Requesting certificates for <strong>CAC</strong> recipients from the CA.<br />
• Printing <strong>CAC</strong>s.<br />
• Saving applications, certificates, and data to chips on <strong>CAC</strong>s.<br />
• Requesting <strong>CAC</strong> recipients to enter a PIN for their <strong>CAC</strong>.<br />
• Terminating end user <strong>CAC</strong>s and along with this function, automatically revoking<br />
the associated <strong>PKI</strong> certificates that are no longer valid.<br />
The RAPIDS workstation serves as the RA to approve and issue VO/LRA certificates on the<br />
<strong>CAC</strong>, and revoke certificates as necessary.<br />
5.2 Responsibilities of the DOIM<br />
The DOIM holds a key position within the DoD <strong>PKI</strong> structure. The DOIM is the highest level in<br />
the Information Systems hierarchy within an installation. The main responsibilities of the DOIM<br />
are as follows:<br />
• Distribution of Card Readers and Middleware to Units.<br />
• Instructional classes for IMOs/SA s on: