Notifications
Clear all
Topic starter
06/06/2026 1:34 am
TL;DR: U.S. federal agencies now have a cloud-based path to discover, issue, renew, and report on certificates across hybrid environments while reducing manual certificate work and outage risk, according to Keyfactor for Government CLAaaS, which has achieved FedRAMP Moderate authorization. The governance issue is not automation alone, but whether certificate operations can stay consistent as NHI scale and cryptographic change accelerate.
NHIMG editorial — what this means for NHI practitioners
Questions worth separating out
Q: How should agencies automate certificate lifecycle management in hybrid environments?
A: Agencies should start with complete certificate inventory, then automate issuance, renewal, reporting, and retirement for the highest-risk systems first.
Q: Why do certificates become an IAM problem instead of a PKI-only issue?
A: Certificates become an IAM problem because they authenticate workloads, services, and other non-human identities.
Q: How do teams know whether certificate automation is actually working?
A: Look for fewer human-mediated renewals, cleaner ownership records, lower expiry-driven outage rates, and reliable reporting across hybrid systems.
Practitioner guidance
- Inventory certificates across hybrid estates before automating renewal Build a complete map of certificate locations, owners, expiry dates, and renewal paths across cloud and on-premises systems.
- Tie certificate automation to approved cloud control boundaries Confirm that issuance, renewal, logging, and access governance all sit inside the agency’s authorised operating model.
- Measure automation coverage against renewal and outage risk Track how many certificates are still managed manually, how many renewals depend on human intervention, and where expiry has historically caused service disruption.
What's in the full announcement
Keyfactor’s full press release covers the operational detail this post intentionally leaves in the source:
- The specific CLAaaS capabilities for discovery, issuance, renewal, and reporting across federal certificate environments
- The FedRAMP Moderate authorization context and what it means for cloud operating assumptions inside government programmes
- The product’s placement in Keyfactor Command and the hybrid deployment model behind it
- The stated federal use cases tied to zero trust readiness, reduced on-prem infrastructure, and cryptographic change
👉 Read Keyfactor’s FedRAMP Moderate authorization update for government certificate automation →
FedRAMP Moderate for certificate automation: what changes for IAM teams?
Explore further
06/06/2026 2:46 am
Certificate lifecycle governance is now an identity control, not a back-office PKI task. Once certificates become the trust fabric for workloads, services, and government systems, renewal failure becomes an access failure and visibility failure at the same time. That shifts certificate automation into the core of NHI governance, where inventory accuracy, ownership, and policy enforcement matter more than infrastructure convenience. Practitioners should treat certificate operations as an identity programme capability, not a peripheral support function.
A few things that frame the scale:
- 66% say their current tooling is not adequate to manage the scale of machine identities they now have, according to The Critical Gaps in Machine Identity Management report.
- 61% still rely on spreadsheets or manual tracking for machine identity management, which is why lifecycle automation keeps surfacing as a governance priority.
A question worth separating out:
Q: Who should be accountable when certificate renewal failures affect service access?
A: Accountability should sit with the identity and platform owners who control certificate policy, inventory, and renewal orchestration, not with operators who discover the failure at the end of the chain. In regulated environments, the governance boundary should make it clear who owns the lifecycle, who approves exceptions, and who can evidence control performance.
👉 Read our full editorial: FedRAMP Moderate authorization shifts certificate lifecycle governance
