Public Key Infrastructure (PKI) is the framework of hardware, software, policies, and procedures used to create, manage, distribute, store, and revoke digital certificates and manage public-key encryption. PKI makes it possible for two parties who have never met to establish a trusted encrypted connection because they both trust the Certificate Authority that issued the digital certificates verifying their identities.
Every time you visit an HTTPS website, PKI is working behind the scenes. Your browser trusts certain root Certificate Authorities whose certificates are built into the browser. When the website presents a certificate signed by one of those trusted CAs, the browser accepts it as proof of the website’s identity.
CISSP Relevance
PKI is a major topic in Domain 3 (Security Architecture and Engineering). CISSP candidates must understand certificate lifecycle management, CA hierarchies, certificate revocation mechanisms (CRL and OCSP), and how PKI supports broader identity and encryption requirements.
External reference: NIST SP 800-57 Key Management Recommendations
Related terms: Digital Certificate, Cryptography