CPS profile.

  1. Objective.
  2. Introduction
    1. Overview
    2. Identification
    3. Community and Applicability
      1. Certification authorities
      2. Registration authorities
      3. End entities
      4. Applicability
    4. Contact Details
      1. Specification administration organization
      2. Contact person
      3. Person determining CPS suitability for the policy
  3. General provisions
    1. Obligations
      1. CA obligations
      2. RA obligations
      3. Subscriber obligations
      4. Relying party obligations
      5. Repository obligations
    2. Liability
      1. CA liability
      2. RA liability
    3. Financial responsibility
      1. Indemnification by relying parties
      2. Fiduciary relationships
      3. Administrative processes
    4. Interpretation and Enforcement
      1. Governing law
      2. Severability, survival, merger, notice
      3. Dispute resolution procedures
    5. Fees
      1. Certificate issuance or renewal fees
      2. Certificate access fees
      3. Revocation or status information access fees
      4. Fees for other services such as policy information
      5. Refund policy
    6. Publication and Repository
      1. Publication of CA information
      2. Frequency of publication
      3. Access controls
      4. Repositories
    7. Compliance audit
      1. Frequency of entity compliance audit
      2. Identity/qualifications of auditor
      3. Auditor's relationship to audited party
      4. Topics covered by audit
      5. Actions taken as a result of deficiency
      6. Communication of results
    8. Confidentiality
      1. Types of information to be kept confidential
      2. Types of information not considered confidential
      3. Disclosure of certificate revocation/suspension information
      4. Release to law enforcement officials
      5. Release as part of civil discovery
      6. Disclosure upon owner's request
      7. Other information release circumstances
    9. Intellectual Property Rights
  4. Identification and Authentication
    1. Initial Registration
      1. Types of names
      2. Need for names to be meaningful
      3. Rules for interpreting various name forms
      4. Uniqueness of names
      5. Name claim dispute resolution procedure
      6. Recognition, authentication and role of trademarks
      7. Method to prove possession of private key
      8. Authentication of organization identity
      9. Authentication of individual identity
    2. Routine Rekey
    3. Rekey after Revocation
    4. Revocation Request
  5. Operational Requirements
    1. Certificate Application
    2. Certificate Issuance
    3. Certificate Acceptance
    4. Certificate Suspension and Revocation
      1. Circumstances for revocation
      2. Who can request revocation
      3. Procedure for revocation request
      4. Revocation request grace period
      5. Circumstances for suspension
      6. Who can request suspension
      7. Procedure for suspension request
      8. Limits on suspension period
      9. CRL issuance frequency (if applicable)
      10. CRL checking requirements
      11. On-line revocation/status checking availability
      12. On-line revocation checking requirements
      13. Other forms of revocation advertisements available
      14. Checking requirements for other forms of revocation advertisements
      15. Special requirements re key compromise
    5. Security Audit Procedures
      1. Types of event recorded
      2. Frequency of processing log
      3. Retention period for audit log
      4. Protection of audit log
      5. Audit log backup procedures
      6. Audit collection system (internal vs external)
      7. Notification to event-causing subject
      8. Vulnerability assessments
    6. Records Archival
      1. Types of event recorded
      2. Retention period for archive
      3. Protection of archive
      4. Archive backup procedures
      5. Requirements for time-stamping of records
      6. Archive collection system (internal or external)
      7. Procedures to obtain and verify archive information
    7. Key changeover
    8. Compromise and Disaster Recovery
      1. Computing resources, software, and/or data are corrupted
      2. Entity public key is revoked
      3. Entity key is compromised
      4. Secure facility after a natural or other type of disaster
    9. CA Termination
  6. Physical, Procedural, and Personnel Security Controls
    1. Physical Controls
      1. Site location and construction
      2. Physical access
      3. Power and air conditioning
      4. Water exposures
      5. Fire prevention and protection
      6. Media storage
      7. Waste disposal
      8. Off-site backup
    2. Procedural Controls
      1. Trusted roles
      2. Number of persons required per task
      3. Identification and authentication for each role
    3. Personnel Controls
      1. Background, qualifications, experience, and clearance requirements
      2. Background check procedures
      3. Training requirements
      4. Retraining frequency and requirements
      5. Job rotation frequency and sequence
      6. Sanctions for unauthorized actions
      7. Contracting personnel requirements
      8. Documentation supplied to personnel
  7. Technical Security Controls
    1. Key Pair Generation and Installation
      1. Key pair generation
      2. Private key delivery to entity
      3. Public key delivery to certificate issuer
      4. CA public key delivery to users
      5. Key sizes
      6. Public key parameters generation
      7. Parameter quality checking
      8. Hardware/software key generation
      9. Key usage purposes (as per X v key usage field)
    2. Private Key Protection
      1. Standards for cryptographic module
      2. Private key (n out of m) multi-person control
      3. Private key escrow
      4. Private key backup
      5. Private key archival
      6. Private key entry into cryptographic module
      7. Method of activating private key
      8. Method of deactivating private key
      9. Method of destroying private key
    3. Other Aspects of Key Pair Management
      1. Public key archival
      2. Usage periods for the public and private keys
    4. Activation Data
      1. Activation data generation and installation
      2. Activation data protection
      3. Other aspects of activation data
    5. Computer Security Controls
      1. Specific computer security technical requirements
      2. Computer security rating
    6. Life Cycle Technical Controls
      1. System development controls
      2. Security management controls
      3. Life cycle security ratings
    7. Network Security Controls
    8. Cryptographic Module Engineering Controls
  8. Certificate and CRL Profiles
    1. Certificate Profile
      1. Version number(s)
      2. Certificate extensions
      3. Algorithm object identifiers
      4. Name forms
      5. Name constraints
      6. Certificate policy Object Identifier
      7. Usage of Policy Constraints extension
      8. Policy qualifiers syntax and semantics
      9. Processing semantics for the critical certificate policy extension
    2. CRL Profile
      1. Version number(s)
      2. CRL and CRL entry extensions
  9. Specification Administration
    1. Specification change procedures
    2. Publication and notification policies
    3. CPS approval procedures
  10. Navigate.

Objective.

Built to have RFC 2527 recommendation for CPS in a structured HTML document.

Introduction

Overview

Identification

Community and Applicability

Certification authorities
Registration authorities
End entities
Applicability

Contact Details

Specification administration organization
Contact person
Person determining CPS suitability for the policy

General provisions

Obligations

CA obligations
RA obligations
Subscriber obligations
Relying party obligations
Repository obligations

Liability

CA liability
RA liability

Financial responsibility

Indemnification by relying parties
Fiduciary relationships
Administrative processes

Interpretation and Enforcement

Governing law
Severability, survival, merger, notice
Dispute resolution procedures

Fees

Certificate issuance or renewal fees
Certificate access fees
Revocation or status information access fees
Fees for other services such as policy information
Refund policy

Publication and Repository

Publication of CA information
Frequency of publication
Access controls
Repositories

Compliance audit

Frequency of entity compliance audit
Identity/qualifications of auditor
Auditor's relationship to audited party
Topics covered by audit
Actions taken as a result of deficiency
Communication of results

Confidentiality

Types of information to be kept confidential
Types of information not considered confidential
Disclosure of certificate revocation/suspension information
Release to law enforcement officials
Release as part of civil discovery
Disclosure upon owner's request
Other information release circumstances

Intellectual Property Rights

Identification and Authentication

Initial Registration

Types of names
Need for names to be meaningful
Rules for interpreting various name forms
Uniqueness of names
Name claim dispute resolution procedure
Recognition, authentication and role of trademarks
Method to prove possession of private key
Authentication of organization identity
Authentication of individual identity

Routine Rekey

Rekey after Revocation

Revocation Request

Operational Requirements

Certificate Application

Certificate Issuance

Certificate Acceptance

Certificate Suspension and Revocation

Circumstances for revocation
Who can request revocation
Procedure for revocation request
Revocation request grace period
Circumstances for suspension
Who can request suspension
Procedure for suspension request
Limits on suspension period
CRL issuance frequency (if applicable)
CRL checking requirements
On-line revocation/status checking availability
On-line revocation checking requirements
Other forms of revocation advertisements available
Checking requirements for other forms of revocation advertisements
Special requirements re key compromise

Security Audit Procedures

Types of event recorded
Frequency of processing log
Retention period for audit log
Protection of audit log
Audit log backup procedures
Audit collection system (internal vs external)
Notification to event-causing subject
Vulnerability assessments

Records Archival

Types of event recorded
Retention period for archive
Protection of archive
Archive backup procedures
Requirements for time-stamping of records
Archive collection system (internal or external)
Procedures to obtain and verify archive information

Key changeover

Compromise and Disaster Recovery

Computing resources, software, and/or data are corrupted
Entity public key is revoked
Entity key is compromised
Secure facility after a natural or other type of disaster

CA Termination

Physical, Procedural, and Personnel Security Controls

Physical Controls

Site location and construction
Physical access
Power and air conditioning
Water exposures
Fire prevention and protection
Media storage
Waste disposal
Off-site backup

Procedural Controls

Trusted roles
Number of persons required per task
Identification and authentication for each role

Personnel Controls

Background, qualifications, experience, and clearance requirements
Background check procedures
Training requirements
Retraining frequency and requirements
Job rotation frequency and sequence
Sanctions for unauthorized actions
Contracting personnel requirements
Documentation supplied to personnel

Technical Security Controls

Key Pair Generation and Installation

Key pair generation
Private key delivery to entity
Public key delivery to certificate issuer
CA public key delivery to users
Key sizes
Public key parameters generation
Parameter quality checking
Hardware/software key generation
Key usage purposes (as per X v key usage field)

Private Key Protection

Standards for cryptographic module
Private key (n out of m) multi-person control
Private key escrow
Private key backup
Private key archival
Private key entry into cryptographic module
Method of activating private key
Method of deactivating private key
Method of destroying private key

Other Aspects of Key Pair Management

Public key archival
Usage periods for the public and private keys

Activation Data

Activation data generation and installation
Activation data protection
Other aspects of activation data

Computer Security Controls

Specific computer security technical requirements
Computer security rating

Life Cycle Technical Controls

System development controls
Security management controls
Life cycle security ratings

Network Security Controls

Cryptographic Module Engineering Controls

Certificate and CRL Profiles

Certificate Profile

Version number(s)
Certificate extensions
Algorithm object identifiers
Name forms
Name constraints
Certificate policy Object Identifier
Usage of Policy Constraints extension
Policy qualifiers syntax and semantics
Processing semantics for the critical certificate policy extension

CRL Profile

Version number(s)
CRL and CRL entry extensions

Specification Administration

Specification change procedures

Publication and notification policies

CPS approval procedures

Select Style