Working Groups

PQC
Post-Quantum Cryptography Working Group

Preparing the PKI ecosystem for the quantum computing era through collaborative research, …

CM
Cryptographic Module Working Group

A central forum for addressing cryptographic module (CM) and hardware security module …

PKIMM
PKI Maturity Model Working Group

Building a globally recognized PKI maturity model for evaluating, planning, and comparing …

TCWG
Training and Certification Working Group

Advancing PKI knowledge and skills through structured training paths, certification …

CA
CA Working Group

A working group for discussions and information sharing among publicly trusted Certificate …

CBOM
CBOM Profiles Working Group

Developing a neutral, open methodology for defining Cryptographic Bill of Materials (CBOM) …

View all Working Groups →

Members

The PKI Consortium brings together leading organizations committed to trustworthy digital identities and secure communication.

351 Members 40 Independent
Browse all members →

Quick links

🤝
Join the PKI Consortium
Become part of our global network
📋
Application Process
Learn how membership works
📄
Bylaws & Governance
How decisions are made

PKI Consortium blog

Posts by tag PKI

    Defining 'Quantum-Ready' for the Supply Chain: Introducing the PQC Maturity Model (PQCMM)
    June 14, 2026 by Paul van Brouwershaven (Digitorus) PKI Post-Quantum Cryptography PQC PQCMM Supply Chain
    The PKI Consortium is introducing the Post-Quantum Cryptography Maturity Model (PQCMM), a standardized framework to define what quantum-readiness means for products and services. Learn how this model simplifies vendor evaluation and helps procurement teams secure their digital supply chain.

    PKI Consortium Launches the CBOM Profiles Working Group
    June 8, 2026 by William (Bill) Turner (William (Bill) Turner), Paul van Brouwershaven (Digitorus), Michael Osborne (IBM) CBOM PKI PQC Working Group
    The PKI Consortium has established a new CBOM Profiles Working Group to develop a neutral, open methodology for defining Cryptographic Bill of Materials (CBOM) profiles. Chaired by Michael Osborne (IBM) and Vice-Chaired by William (Bill) Turner (Independent), the group will produce mapping guidance to SPDX and CycloneDX and publish reference profiles — including PKI-focused examples — so any industry can define its own CBOM profile in a consistent, repeatable way.

    Call for Proposals: Post-Quantum Cryptography Conference in Amsterdam, December 1-3, 2026
    May 12, 2026 by Chris Bailey (AppViewX), Paul van Brouwershaven (Digitorus) Chris Bailey (Entrust) Amsterdam Call for Proposals PKI Post-Quantum Cryptography PQC PQC Conference
    The Post-Quantum Cryptography Conference is returning to Europe — Amsterdam, December 1-3, 2026. Our Call for Proposals is now open. The bar is simple: production experience over theory. If you have done the work, submit now.

    IBM Becomes a Diamond Sponsor of the PKI Consortium
    March 2, 2026 by PKI Consortium IBM PKI Post-Quantum Cryptography PQC Sponsorship
    The PKI Consortium is proud to announce that IBM — a valued member since January 2024 — has become a Diamond Sponsor. This milestone reflects IBM’s deep commitment to advancing Public Key Infrastructure and accelerating the global transition to Post-Quantum Cryptography. IBM’s support helps sustain the Consortium’s working groups, research initiatives, global education programs, and the world’s largest dedicated Post-Quantum Cryptography Conference.

    From CASC to the Public Key Infrastructure Consortium
    July 12, 2021 by Chris Bailey (AppViewX), Paul van Brouwershaven (Digitorus) Chris Bailey (Entrust) CASC PKI PKIC
    Over the years, the need for private, industry, or solution-specific PKI has grown significantly, with stricter policies and the revocation of certificates and CAs becoming more common. The impact of changes in centralized PKI have caused delays and disruption of third-party services that may or may not have been considered. Any PKI (public, private, or specific) must operate according to best practices, clear policies and without a single point of failure.

    One Year Certs
    July 9, 2020 by Patrick Nohe (GlobalSign) Apple CA/Browser Forum DV Google Identity Microsoft PKI Policy Root Program SHA1 SHA2 SSL/TLS
    Starting on September 1st, SSL/TLS certificates cannot be issued for longer than 13 months (397 days). This change was first announced by Apple at the CA/Browser Forum Spring Face-to-Face event in Bratislava back in March.

    5 Ways to Keep Up with Authentication Certificates
    February 24, 2020 by Arvid Vermote Code Signing Encryption Identity ISO Malware Microsoft PKI SSL/TLS

    When it comes to protecting an organization’s data and users, CISOs have no shortage of hurdles. Identity attacks have become sophisticated and convincing, thanks to ransomware, phishing and deep fakes. CISOs have long known the importance of strong identification and authentication controls, but with threats constantly changing and intensifying, having these controls in place is just one piece of the puzzle; they must be managed correctly in order to do their job.

    The CA Security Council Looks Ahead to 2020 and Beyond
    January 9, 2020 by Patrick Nohe (GlobalSign), Doug Beattie (GlobalSign) Apple CA/Browser Forum Chrome Edge Encryption EV Firefox Forward Secrecy GDPR Google Identity Microsoft Mozilla PKI Policy Qualified SSL 3.0 SSL/TLS TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3 Web PKI

    A whirlwind of activity will cause dramatic shifts across the PKI world in the year ahead

    Suffice it to say that 2019 was filled with challenges and contentiousness as Certificate Authorities and Browsers began to watch their shared visions diverge. The debate around Extended Validation continued as CAs pushed for a range of reforms and browsers pushed to strip its visual indicators. And a ballot to shorten maximum certificate validity periods exposed fault-lines at the CAB Forum.

    9 Common Myths About CAs
    August 1, 2019 by Tim Callan (Sectigo) CA/Browser Forum CASC Code Signing Encryption ETSI Identity Malware PKI Qualified Revocation SSL/TLS Vulnerability WebTrust

    Over the years misconceptions about CAs and the SSL infrastructure have arisen. Below is a list of common myths related to SSL and CAs.

    Myth #1: CAs are not regulated

    Fact: CAs are subject to various checks and balances, including third-party qualified audits through WebTrust or ETSI and strict criteria set forth by leading browsers, before they are accepted in browser root stores. Similarly, the CA/Browser Forum’s Baseline Requirements and Network Security Guidelines establish global standards for certificate issuance and CA controls that will soon be included in third-party auditing standards. Browsers are free to use these requirements to exclude non-compliant CAs from the root store.

    What Are Subordinate CAs and Why Would You Want Your Own?
    June 26, 2019 by Doug Beattie (GlobalSign) CA/Browser Forum Chrome Code Signing CRL ECC eIDAS Encryption EV HSM Identity Microsoft OCSP PKI Policy Revocation RSA S/MIME SSL/TLS

    Digital certificate and PKI adoption has changed quite a bit in recent years. Gone are the days where certificates were only synonymous with SSL/TLS; compliance drivers like stronger authentication requirements and digital signature regulations (e.g. eIDAS) have greatly expanded the role of PKI within the enterprise.

    As PKI usage has expanded, conversation has moved beyond just the number and type of certificates needed and onto deeper dialog about custom PKI deployments. A large part of the conversation is around subordinate CAs, sometimes referred to as Issuing or Intermediate CAs, and why an organization might want their own. Let’s discuss.