GSA · JBPayne007 · Oct 3, 2024 · Sep 13, 2024 · Sep 24, 2024 · Sep 24, 2024
@@ -4,6 +4,8 @@
 # Status Post - Post it to the website; 
 # Status Archive - Document is three years old or no longer valid. The document is actually retained in this repository, but not posted to the website.
 # Remove - Date to change status from post to archive. This could be three years for change proposals or three years from when a document was replaced.
+# 
+# Used on: https://www.idmanagement.gov/fpki/
 
 - category: FPKIMA Audit Letter
   numberProposal: 2023
@@ -325,14 +327,6 @@
   status: post
   remove: 05/06/2025
 
-- category: Supplementary Guidance
-  numberProposal: 1.01
-  name: FPKI Annual Audit Review Guidelines v1.01
-  date: 09/29/2021
-  url: /docs/archived/fpki-annual-review-requirements_v1.01_20210929.pdf
-  status: post
-  remove: 09/29/2024
-
 - category: Supplementary Guidance
   numberProposal: 2.0.1
   name: Personal Identity Verification Interoperability for Issuers v2.0.1
@@ -951,14 +945,6 @@
   status: post
   remove: 06/28/2024
 
-- category: Supplementary Guidance
-  numberProposal: 1.0
-  name: FPKI Annual Audit Review Guidelines v1.0
-  date: 04/11/2017
-  url: /docs/archived/fpki-annual-review-requirements-v1-20170411.pdf
-  status: post
-  remove: 09/30/2024
-
 - category: Supplementary Guidance
   numberProposal: 2.0
   name: NIST SP 800-53 Security Controls Overlay for PKI Systems v2.0
@@ -1014,3 +1000,27 @@
   url: /docs/archived/us-federal-public-trust-tls-cp-v1-0-final.pdf
   status: post
   remove: 02/06/2026
+
+- category: Annual Review Guidance
+  numberProposal: 1.2
+  name: FPKI Annual Review Requirements v1.2
+  date: 05/06/2022
+  url: /docs/archived/fpki-annual-review-requirements_v1.2_20240913.pdf
+  status: post
+  remove: 09/13/2027
+
+- category: Annual Review Guidance
+  numberProposal: 1.01
+  name: FPKI Annual Review Requirements v1.01
+  date: 09/29/2021
+  url: /docs/archived/fpki-annual-review-requirements_v1.01_20210929.pdf
+  status: post
+  remove: 09/29/2024
+
+- category: Annual Review Guidance
+  numberProposal: 1.0
+  name: FPKI Annual Review Requirements v1.0
+  date: 04/11/2017
+  url: /docs/archived/fpki-annual-review-requirements_v1.0_20170411.pdf
+  status: post
+  remove: 09/30/2024
@@ -64,7 +64,7 @@ Independent compliance audits are the primary way that the Federal Public Key In
 
 Audits are required annually for supporting functions and elements of each entity.  Annual review packages should be submitted to [[email protected]](mailto:[email protected]).
 
-- [FPKI Annual Review Requirements (PDF, May 2022)]({{site.baseurl}}/docs/fpki-annual-review-requirements.pdf){:target="_blank"}{:rel="noopener noreferrer"} – This document includes requirements for performing and reporting annual compliance audits.
+- [FPKI Annual Review Requirements (PDF, September 2024)]({{site.baseurl}}/docs/fpki-annual-review-requirements.pdf){:target="_blank"}{:rel="noopener noreferrer"} – This document includes requirements for performing and reporting annual compliance audits.
 - [RA Audit Guidance Memorandum (PDF, October 2022]({{site.baseurl}}/docs/fpki-ra-audit-guidance.pdf){:target="_blank"}{:rel="noopener noreferrer"} – This FPKIPA Memorandum reiterates the necessity of RA audits in supporting PKI operations, normalizes differing terminology used across various references, and provides options for reducing potential duplication of RA audit efforts, as applicable to PIV issuers.
 - Annual PIV and PIV-I Credential Issuer (PCI) Test Report: This test report supports the FPKI Annual Reviews and can be done either in person at the GSA FIPS 201 lab or remotely by the package submitter. Further details related to the Annual PCI Testing are located [here]({{site.baseurl}}/fips201ep/#personal-identity-verification-credentials).
 - [Non-Compliance Management Framework For The Federal Public Key Infrastructure (FPKI) (PDF, January 2016)]({{site.baseurl}}/docs/fpki-nmf.pdf){:target="_blank"}{:rel="noopener noreferrer"} - This document provides guidance for the FPKI Policy Authority (FPKIPA) for responding to situations in which an FPKI FBCA member is not meeting their Memorandum of Agreement (MOA) requirements and obligations.