Digitally Signing MACROS
(CT:IM-322; 06-14-2024)
(Office of Origin: DT/ES/IS/ICAM)
5 FAM 891 POLICY
(CT:IM-322; 06-14-2024)
All macros in applications designated by the Information Integrity Branch of the Systems Integrity (DT/ITI/SI/IIB) division must be digitally signed. IIB maintains a list of applications which require their macros to be signed. Macros that are not digitally signed in these applications will not work. This policy affords no waivers.
5 FAM 892 PROCEDURE
(CT:IM-293; 02-02-2023)
The Department has implemented an online signing application to digitally sign macros. Once the files containing macros are submitted, this tool will digitally sign the macros contained in the file and return the file to the user. The online application is available via the Public Key Infrastructure (PKI) Signing Utility (PSU). See the PKI Signing Utility User Instructions for information about the Public Key Infrastructure (PKI) Signing Utility (PSU).
5 FAM 893 MACRO Security
(CT:IM-322; 06-14-2024)
a. The Department’s PKI program in DT/FO/ITI/SI/IIB, which has the mission to digitally sign code, is the only office authorized to sign macros. Except for development purposes, the PKI program will not issue certificates for signing macros to other entities within the Department of State. Using the certificates for operational purposes by any other entity in the Department of State is explicitly prohibited.
b. The Department will implement the signing of macros within applications based on known threats.
5 FAM 894 through 899 UNASSIGNED