NENA standards for NG9-1-1, including i3 (see NENA STA-010), require integration with certain services; namely, the PSAP Credentialing Agency (PCA) Public Key Infrastructure (PKI) and the Forest Guide (see IETF RFC 5582). Operating services like this involves financial commitments and needs to be done with independent oversight in order to be operated ethically and fairly. The NENA board committed to stand up these services subject to independent oversight and so established NIOC in 2020. 

A PKI is a chain of trust established using X.509 certificates that works very much like the public internet. The key difference between a PKI and the general public internet’s trust chain is that there is a shared root for a PKI. Examples of PKI include SHAKEN used to authenticate telephone numbers (learn more at the STI-GA website) or the US Federal Government PKI (learn more at the FPKI website). NIOC will endeavor to comply with the CA/Browser Forum essential requirements for operating a Certificate Authority (CA) and a PKI (learn more at the CA/Browser Forum website).

 A X.509 digital certificate is a unique digital identity normally issued to a URI or a domain name (for example, nearly every public website has an X.509 certificate issued to its domain; ng911ioc.org has a certificate assigned to it for example). In NG9-1-1, X.509 certificates are used not only to assert identity of individual elements within the network (for example, ESInet functional elements all have certificates issued to them to authenticate as NG9-1-1 network elements), but also some other novel uses, such as to manage roles (individuals have certificates issued to them that are used to assert their roles and privileges). More information is available at our resources page, while technical details are available in NENA standards, available at NENA’s website.

There may be a nominal charge for the issuance of an end-entity certificate to each entity. This is per the Certificate Practice Statement (CPS) for each issuing certificate authority throughout the trust chain, and the entity that operates the issuing certificate authority (for example, a state ESInet operator). There may be cases where the ESInet operator passes on costs to operate the certificate authority to its individual endpoints (e.g., 9-1-1 operating positions), or there may be cases where the ESInet operator pays for all costs itself. NIOC notes that NIOC itself is forbidden from making a profit from operating the trust chain and that its finances are open. More information is available at our resources page, and our finances are publicly available here.

There will be many certificate authorities for NG9-1-1. The PCA only signs certificates for issuing certificate authorities; we anticipate there being up to hundreds of certificate authorities for NG9-1-1, typically with one per NG9-1-1 system. However, they all share a common root. Even though every endpoint in NG9-1-1 is required to have a certificate in the i3 standard for NG9-1-1 (more information available at NENA’s website), generally speaking, no endpoints will have a certificate issued directly by the PCA. More information is available at our resources page. 

A Forest Guide (RFC5582) is part of the Location to Service Translation (LoST) protocol (RFC5222) query process and allows client functional elements to discover call routing information outside of its domain (typically their ESInet or state level ECRF/LVF). In plain terminology, the Forest Guide is used when location-based routing fails to find a location locally within an NG9-1-1 system, and the Forest Guide will help NG9-1-1 network find the right network to route to, whether that is another state or another country’s Forest Guide. More information is available at our resources page. 

The Industry Council for Emergency Response Technologies (iCERT) defines conformance testing as:

The testing of a vendor system, subsystem, component, or
element against a promulgated/published standard. This type of testing requires a
known working standard implementation as the “reference implementation,” and
formalized test plans specific to a system, subsystem, component, or element. This
testing is typically done in a lab environment by an independent third party. Vendors can
perform testing without coordinating with other vendors.  

Conformance testing is a long-term study item for NIOC, and we have plans to engage in a conformance testing program of some sort in collaboration with industry and the appropriate associations, including NENA. 

You can access iCERT’s research on this topic at their website. 

No, NIOC plays no material role in FirstNet, the nationwide public safety cellular broadband network operated by the US federal government with a commercial partner. However, mission-critical services that support NG9-1-1 operations do need to interoperate with public safety broadband services. The programs that NIOC oversees, including the NG9-1-1 PKI, support that interoperability.

Future meetings will be open to the public. We are currently working on our open meetings policy. Please check back soon for more information.

In the meantime, please contact admin@ng911ioc.org with any questions or comments, or if you would like to attend one of our meetings or submit something for our agenda.

The NENA i3 family of standards require certain services be established to ensure a baseline level of interoperability between the US and Canada and beyond. In the interest of advancing NG9-1-1 implementation interoperability, NENA took the initiative and established a neutral, independent governing entity (the NIOC) to provide governance over the PCA and Forest Guide. Because the Services are part of the critical infrastructure chain for NG9-1-1, and because operating the Services requires investment by NENA and its stakeholders, the Services require independent oversight by affected stakeholders. The NIOC serves in this oversight capacity.

NIOC bylaws require the Services shall be operated without profit motive for NIOC. Financially sustainable operation of the Services, including reasonable fee schedules, will be developed as the Certificate Policy, Forest Guide and other services are developed. The PSAP Credentialing Agency (PCA) establishes the Certificate Policy and does not necessarily impose a new cost category on NG9-1-1 providers, because providers would otherwise incur cost in acquiring or generating certificates. The contract pricing for PCA and Forest Guide services will be published on the NIOC website when costs are known which should be early 2021.

Membership on the NIOC is publicly solicited by the NENA Board and the NIOC has a broad representation within the 9-1-1 industry. The NIOC is responsible for overseeing the implementation of industry standard components to enable interoperability within NG911 architecture. Industry associations shape the establishment of these industry standard components and their continued participation is welcome as we move forward with NG9-1-1.

Many of the Commission members belong to other associations including APCO, NENA, NASNA, iCERT, and many others. The NIOC bylaws require that the Commission’s membership shall be representative of 9-1-1’s needs and interests, including stakeholder entities that are involved with the PKI for NG9-1-1.

Any 9-1-1 entity willing and capable of operating an ICA can. The service agreement with NIOC, administered by NENA, requires DigiCert to provide facilities for hosted ICA facilities for states/localities who choose to contract CA-as-a-service at rates pre-negotiated with NIOC. However, conventional CA operations, where an ICA certificate is signed and delivered to participant’s facilities (e.g., a state data center) are permitted.