Next:
INTRODUCTION
Up:
cps-medium
Previous:
cps-medium
Contents
Contents
INTRODUCTION
Overview
Identification
Community and Applicability
Certification authorities
Registration authorities
End entities
Applicability
Contact Details
Specification administration organisation
Contact person
Person determining CPS suitability for the policy
GENERAL PROVISIONS
Obligations
CA obligations
RA obligations
Subscriber obligations
Relying party obligations
Repository obligations
Liability
CA liability
RA liability
Financial responsibility
Indemnification by relying parties
Fiduciary relationships
Administrative processes
Interpretation and Enforcement
Governing law
Severability, survival, merger, notice
Dispute resolution procedures
Fees
Certificate issuance or renewal fees
Certificate access fees
Revocation or status information access fees
Fees for other services such as policy information
Refund policy
Publication and Repository
Publication of CA information
Frequency of publication
Access controls
Repositories
Compliance audit
Frequency of entity compliance audit
Identity/qualifications of auditor
Auditor's relationship to audited party
Topics covered by audit
Actions taken as a result of deficiency
Communication of results
Confidentiality
Types of information to be kept confidential
Types of information not considered confidential
Disclosure of certificate revocation/suspension information
Release to law enforcement officials
Release as part of civil discovery
Disclosure upon owner's request
Other information release circumstances
Intellectual Property Rights
IDENTIFICATION AND AUTHENTICATION
Initial Registration
Types of names
Need for names to be meaningful
Rules for interpreting various name forms
Uniqueness of names
Name claim dispute resolution procedure
Recognition, authentication and role of trademarks
Method to prove possession of private key
Authentication of organisation identity
Authentication of individual identity
Routine Re-key
Re-key after Revocation
Revocation Request
OPERATIONAL REQUIREMENTS
Certificate Application
Certificate Issuance
Certificate Acceptance
Certificate Suspension and Revocation
Circumstances for revocation
Who can request revocation
Procedure for revocation request
Revocation request grace period
Circumstances for suspension
Who can request suspension
Procedure for suspension request
Limits on suspension period
CRL issuance frequency (if applicable)
CRL checking requirements
On-line revocation/status checking availability
On-line revocation checking requirements
Other forms of revocation advertisements available
Checking requirements for other forms of revocation advertisements
Special requirements re key compromise
Security Audit Procedures
Types of event recorded
Frequency of processing log
Retention period for audit log
Protection of audit log
Audit log backup procedures
Audit collection system (internal vs external)
Notification to event-causing subject
Vulnerability assessments
Records Archival
Types of event recorded
Retention period for archive
Protection of archive
Archive backup procedures
Requirements for time-stamping of records
Archive collection system (internal or external)
Procedures to obtain and verify archive information
Key changeover
Compromise and Disaster Recovery
Computing resources, software, and/or data are corrupted
Entity public key is revoked
Entity key is compromised
Secure facility after a natural or other type of disaster
CA Termination
PHYSICAL, PROCEDURAL, AND PERSONNEL SECURITY CONTROLS
Physical Controls
Site location and construction
Physical access
Power and air conditioning
Water exposures
Fire prevention and protection
Media storage
Waste disposal
Off-site backup
Procedural Controls
Trusted roles
Number of persons required per task
Identification and authentication for each role
Personnel Controls
Background, qualifications, experience, and clearance requirements
Background check procedures
Training requirements
Retraining frequency and requirements
Job rotation frequency and sequence
Sanctions for unauthorised actions
Contracting personnel requirements
Documentation supplied to personnel
TECHNICAL SECURITY CONTROLS
Key Pair Generation and Installation
Key pair generation
Private key delivery to entity
Public key delivery to certificate issuer
CA public key delivery to users
Key sizes
Public key parameters generation
Parameter quality checking
Hardware/software key generation
Key usage purposes (as per X.509 v3 key usage field)
Private Key Protection
Standards for cryptographic module
Private key (n out of m) multi-person control
Private key escrow
Private key backup
Private key archival
Private key entry into cryptographic module
Method of activating private key
Method of deactivating private key
Method of destroying private key
Other Aspects of Key Pair Management
Public key archival
Usage periods for the public and private keys
Activation Data
Activation data generation and installation
Activation data protection
Other aspects of activation data
Computer Security Controls
Specific computer security technical requirements
Computer security rating
Life Cycle Technical Controls
System development controls
Security management controls
Life cycle security ratings
Network Security Controls
Cryptographic Module Engineering Controls
CERTIFICATE AND CRL PROFILES
Certificate Profile
Version number(s)
Certificate extensions
Algorithm object identifiers
Name forms
Name constraints
Certificate policy Object Identifier
Usage of Policy Constraints extension
Policy qualifiers syntax and semantics
Processing semantics for the critical certificate policy extension
CRL Profile
Version number(s)
CRL and CRL entry extensions
SPECIFICATION ADMINISTRATION
Specification change procedures
Publication and notification policies
CPS approval procedures
VERSIONS
Change log
David Groep
2001-11-05
