DoD PKI Security Policy for SecretAgent® 5.7/5.8

The security policy settings provided on this page bring a SecretAgent 5.7/5.8 installation into strict conformance with the following:

Furthermore, with this policy installed, SecretAgent 5.6 satisfied all DoD PKI interoperability requirements according to DISA's Joint Interoperability Test Command (JITC). A certificate of compliance has been awarded.

Consequences of Installing this Security Policy

This policy turns ON or enables the following SecretAgent 5.7/5.8 security features impacting certificate path validation:

  • full certificate chain validation is always performed
  • CRLs are required and CRL checking is performed at all levels
  • all intermediate certificates must have their 'certSign' and 'crlSign' keyUsage bits set

It also turns OFF or disables the following product features:

  • Generate keys, certificate requests, and self-signed certificates
  • Use/trust self-signed certificates when encrypting and/or signing
  • Export private keys
  • Use DESX or EA2 for encryption
  • Create OpenPGP files
  • Create self-decrypting archives

WARNING: If you install this security policy, you will NOT be able to generate keys, certificate requests, self-signed certificates, self-decrypting archives, or OpenPGP files using SecretAgent!

DO NOT INSTALL this policy unless you have been directed to do so by your system administator or you fully understand the above consequences.

To install this security policy:

  1. If you are running Windows NT/2000/XP, ensure that you are logged into an administrative account.
  2. Click the following link to download the signed security policy settings file:

    DoD PKI Security Policy for SecretAgent 5.7/5.8

    You must direct your browser to save the file to the SecretAgent program directory (typically 'C:\Program Files\SecretAgent 5') on your hard drive.
  3. Click the following link to download the registry update file:

    DoD PKI Security Policy for SecretAgent 5.7/5.8

    Direct your browser to save this file to the same SecretAgent program directory that you used for the previous file.
  4. In Windows Explorer (or SecretAgent's Explorer view), navigate to the SecretAgent program directory. Right click on the registry file 'policy.inf' and select Install.

The next time SecretAgent starts the new security policy will be enforced.


  • You must be an administrator and have SecretAgent 5.7/5.8 already installed to successfully install this security policy.
  • If you are a system administrator and wish to distribute this security policy so that it is automatically installed on end-users' systems by the SecretAgent installation process (i.e., by SETUP.EXE), contact ISC for additional information.