Important Notes to Understand Beforehand

• A Third Party Partner (TPP) is required to generate and store private keys for certificates (we rely upon) using a FIPS 140-2 Level 3 HSM; see the Service Provider Security Requirements Document (SPSRD), accessible from the Third Party Security policy domain section on Flagscape.
• Wildcard certificates using an asterisk (*) as any part of the Common Name (CN) or Subject Alternative Name (SAN) fields are not acceptable.
• Certificates must be an extended validation (EV) issued certificates that legally verify the identity on the certificate is, indeed, who it claims to be.
• Any approval is only valid for the lifetime of a reviewed certificate; e.g., an End-Entity (EE; aka leaf) certificate replaced yearly must be evaluated upon every subsequent reissuance.
• Approvals are environment-specific; i.e., approvals for UAT or other lower level environments do not convey to production and vice versa.  Requests involving multiple environments must include all certificate objects for all environments the requestor indicates as being relevant.
• If we are also authenticating an individual, group, or server to an external entity using Mutual TLS (mTLS) request the supplemental mTLS form from the contacts given below.
• A review will only commence once PKI Governance receives and accepts ALL required items. 
• Any certificate for a bank-owned domain issued via VTPP (Venafi) for BAC usage is not to be evaluated; this process is only for certificates issued by external PKIs for which BAC will be asked to rely upon and trust for secure communication (TLS) with or authentication to external third parties (partners).
• Any approved external PKI end-entity certificate must be added to VTPP (Venafi), in order for the designated parties to receive notifications of certificate expiration in advance (typically 90/60/30 days before certificate expiration).
• Submit checklists and/or any questions to PKI Governance.

Request Summary

Briefly describe the use case and what you are asking approval for.  Common use cases:

• Install/use external PKI trust chains only
• Install/use external PKI trust chains or certificates with a restricted usage type
• Install/use non-approved external PKI trust chains and/or certificates

(Replace above with your use case description & justification here)