Working Groups

PQC
Post-Quantum Cryptography Working Group

Preparing the PKI ecosystem for the quantum computing era through collaborative research, …

CM
Cryptographic Module Working Group

A central forum for addressing cryptographic module (CM) and hardware security module …

PKIMM
PKI Maturity Model Working Group

Building a globally recognized PKI maturity model for evaluating, planning, and comparing …

TCWG
Training and Certification Working Group

Advancing PKI knowledge and skills through structured training paths, certification …

CA
CA Working Group

A working group for discussions and information sharing among publicly trusted Certificate …

View all Working Groups →

Members

The PKI Consortium brings together leading organizations committed to trustworthy digital identities and secure communication.

341 Members 38 Independent
Browse all members →

Quick links

🤝
Join the PKI Consortium
Become part of our global network
📋
Application Process
Learn how membership works
📄
Bylaws & Governance
How decisions are made
Edit on GitHub

Working Groups PKIMMPKI Maturity Model (PKIMM)PKI maturity model

References

References

Canonical list of standards, regulations, and publications referenced by the model.

IDTitleAuthorityRegions
cab-baseline-requirementsCA/B Forum baseline requirementsCA/Browser ForumGLOBAL
cnsa-2-0CNSA 2.0NSAUS
cobitCOBIT (Control Objectives for Information and Related Technologies)ISACAGLOBAL
cveCommon Vulnerabilities and Exposures (CVE) ProgramMITREGLOBAL
cvssCommon Vulnerability Scoring System (CVSS)FIRSTGLOBAL
cyclonedx-cbomCycloneDX Cryptography Bill of Materials (CBOM)OWASPGLOBAL
cyclonedx-crypto-registryCycloneDX - Cryptography RegistryOWASPGLOBAL
ecsfEuropean Cybersecurity Skills Framework (ECSF)ENISAEU
enisa-cyber-awarenessRaising Awareness of CybersecurityENISAEU
enisa-publicationsENISA PublicationsENISAEU
etsi-319-401ETSI EN 319 401 - General Policy Requirements for Trust Service ProvidersETSIEU
etsi-319-411-1ETSI EN 319 411-1 - Policy and security requirements for Trust Service Providers issuing certificatesETSIEU
etsi-319-411-2ETSI 319-411-2ETSIEU
etsi-qualified-cert-profilesETSI Qualified Certificate ProfilesETSIEU
etsi-standardsETSI StandardsETSIEU
eucc-crypto-inventoryEUCC Guidelines on Cryptography InventoryEUEU
ietf-rfcIETF Request for Comments (RFC)IETFGLOBAL
iso-11770ISO/IEC 11770 Key ManagementISO/IECGLOBAL
iso-20000-relatedISO/IEC 20000 and related standardsISO/IECGLOBAL
iso-22301ISO/IEC 22301 - Business continuity management systemsISO/IECGLOBAL
iso-22317ISO/TS 22317 - Guidelines for business impact analysisISO/IECGLOBAL
iso-223xxISO 223XX Security and resilience standardsISO/IECGLOBAL
iso-27001ISO/IEC 27001 - Information security management systemsISO/IECGLOBAL
iso-27001-relatedISO/IEC 27001 and related standardsISO/IECGLOBAL
iso-27005ISO/IEC 27005 - Guidance on managing information security risksISO/IECGLOBAL
iso-27099ISO/IEC 27099 - Public key infrastructureISO/IECGLOBAL
iso-37301ISO 37301 - Compliance management systems and related standardISO/IECGLOBAL
iso-standardsISO StandardsISO/IECGLOBAL
itilThe Information Technology Infrastructure Library (ITIL)AXELOSGLOBAL
itu-standardsITU StandardsITUGLOBAL
nist-csf-identifyNIST Cybersecurity Framework - Identify FunctionNISTUS
nist-cswp-39NIST CSWP 39 - Considerations for Achieving Cryptographic Agility: Strategies and PracticesNISTUS
nist-rmfNIST Risk Management FrameworkNISTUS
nist-sp-800-131aNIST SP 800-131A Rev. 2 - Transitioning the Use of Cryptographic Algorithms and Key LengthsNISTUS
nist-sp-800-16NIST SP 800-16 Information Technology Security Training Requirements: a Role- and Performance-Based ModelNISTUS
nist-sp-800-208NIST SP 800-208 - Recommendation for Stateful Hash-Based Signature SchemesNISTUS
nist-sp-800-34NIST Special Publication 800-34 Revision 1 - Contingency Planning Guide for Federal Information SystemsNISTUS
nist-sp-800-50NIST SP 800-50 Building an Information Technology Security Awareness and Training ProgramNISTUS
nist-sp-800-52NIST SP 800-52 Rev. 2 - Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) ImplementationsNISTUS
nist-sp-800-57NIST SP 800-57 Part 1 Rev. 5 - Recommendation for Key ManagementNISTUS
nist-sp-800-61NIST Special Publication 800-61 Revision 2 - Computer Security Incident Handling GuideNISTUS
nist-sp-800-92NIST - Guide to Computer Security Log ManagementNISTUS
nist-sp-800-seriesNIST Special Publications 800 - 30, 34, 37, 46, 53, 84NISTUS
nist-standardsNIST StandardsNISTUS
nsa-suite-bSuite BNSAUS
oasis-standardsOASIS StandardsOASISGLOBAL
open-standards-principlesOpen Standards PrinciplesGOV UKGB
owasp-tlsOWASP Transport Layer Security Cheat SheetOWASPGLOBAL
pci-container-guidanceGuidance for Containers and Container Orchestration ToolsPCI SSCGLOBAL
pci-crypto-guidancePCI Cryptography GuidancePCI SSCGLOBAL
pci-security-awarenessPCI SSC - Best Practices for Implementing a Security Awareness ProgramPCI SSCGLOBAL
ref-3gpp-33-3103GPP 33.310 - Network Domain Security (NDS); Authentication Framework (AF)3GPPGLOBAL
rfc-3647RFC 3647 - Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices FrameworkIETFGLOBAL
rfc-4210RFC 4210 - Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP)IETFGLOBAL
rfc-5280RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) ProfileIETFGLOBAL
sans-security-opsSANS Guide to Security OperationsSANSGLOBAL
sogis-cryptoSOG-IS crypto algorithmsSOG-ISEU
togafThe Open Group Architecture Framework (TOGAF)The Open GroupGLOBAL
unisig-subset-137UNISIG SUBSET-137UNISIGEU