DigiCert Private PKI CPS V.3
DigiCert Certificate Policy/ Certification Practices Statement for Private PKI Services DigiCert, Inc. Version 3.7 4/05/2022 801 N. Thanksgiving Way Suite 500 Lehi, UT 84043 USA Tel: 1‐801‐877‐2100 Fax: 1‐801‐705‐0481 www.digicert.com
TABLE OF CONTENTS 1. INTRODUCTION . 8 1.1. OVERVIEW . 8 1.2. DOCUMENT NAME AND IDENTIFICATION. 8 1.3. PKI PARTICIPANTS . 9 1.3.2. 1.3.3. 1.3.4. 1.3.5. Registration Authorities and Other Delegated Third Parties . 9 Subscribers. 9 Relying Parties . 9 Other Participants. 9 1.4.1. 1.4.2. Appropriate Certificate Uses . 10 Prohibited Certificate Uses . 10 1.5.1. 1.5.2. Organization Administering the Document. 10 Contact Person . 10 1.4. CERTIFICATE USAGE . 10 1.5. POLICY ADMINISTRATION. 10 Verified Mark Certificate Revocation Reporting Contact Person . 10 1.5.3. 1.5.4. Person Determining CP/CPS Suitability for the Policy . 11 CP/CPS Approval Procedures. 11 1.6.1. 1.6.2. 1.6.3. Definitions . 11 Acronyms. 12 References . 13 1.6. DEFINITIONS AND ACRONYMS . 11 2. 3. 2.1. 2.2. 2.3. 2.4. PUBLICATION AND REPOSITORY RESPONSIBILITIES . 14 REPOSITORIES . 14 PUBLICATION OF CERTIFICATION INFORMATION . 14 TIME OR FREQUENCY OF PUBLICATION . 14 ACCESS CONTROLS ON REPOSITORIES . 14 IDENTIFICATION AND AUTHENTICATION . 15 3.1. NAMING . 15 3.1.1. 3.1.2. 3.1.3. 3.1.4. 3.1.5. 3.1.6. Types of Names . 15 Need for Names to be Meaningful . 15 Anonymity or Pseudonymity of Subscribers. 15 Rules for Interpreting Various Name Forms. 15 Uniqueness of Names . 15 Recognition, Authentication, and Role of Trademarks . 15 3.2. INITIAL IDENTITY VALIDATION . 16 3.2.1. Method to Prove Possession of Private Key . 16 3.2.2. Authentication of Organization Identity . 16 3.2.3. Authentication of Individual Identity . 16 3.2.4. Non-verified Subscriber Information . 17 3.2.5 Validation of Authority . 17 3.3. IDENTIFICATION AND AUTHENTICATION FOR RE-KEY REQUESTS . 17
3.3.1. Identification and Authentication for Routine Re-key . 17 3.3.2 Identification and Authentication for Re-Key after Revocation . 17 3.4 IDENTIFICATION AND AUTHENTICATION FOR REVOCATION REQUEST . 17 4. CERTIFICATE LIFE‐CYCLE OPERATIONAL REQUIREMENTS. 19 4.1. CERTIFICATE APPLICATION . 19 4.1.1. 4.1.2. Who Can Submit a Certificate Application. 19 Enrollment Process and Responsibilities. 19 4.2. CERTIFICATE APPLICATION PROCESSING . 19 4.2.1. 4.2.2. 4.2.3. Performing Identification and Authentication Functions. 19 Approval or Rejection of Certificate Applications . 19 Time to Process Certificate Applications . 19 4.3.1. 4.3.2. CA Actions during Certificate Issuance . 20 Notification to Subscriber by the CA of Issuance of Certificate . 20 4.4.1. 4.4.2. 4.4.3. Conduct Constituting Certificate Acceptance . 20 Publication of the Certificate by the CA . 20 Notification of Certificate Issuance by the CA to Other Entities. 20 4.5.1. 4.5.2. Subscriber Private Key and Certificate Usage. 20 Relying Party Public Key and Certificate Usage . 20 4.6.1. 4.6.2. 4.6.3. 4.6.4. 4.6.5. 4.6.6. 4.6.7. Circumstance for Certificate Renewal . 20 Who May Request Renewal . 21 Processing Certificate Renewal Requests . 21 Notification of New Certificate Issuance to Subscriber . 21 Conduct Constituting Acceptance of a Renewal Certificate . 21 Publication of the Renewal Certificate by the CA. 21 Notification of Certificate Issuance by the CA to Other Entities. 21 4.7.1. 4.7.2. 4.7.3. 4.7.4. 4.7.5. 4.7.6. 4.7.7. Circumstance for Certificate Re-key . 21 Who May Request Certificate Re-key. 21 Processing Certificate Re-key Requests . 21 Notification of Certificate Re-key to Subscriber. 22 Conduct Constituting Acceptance of a Re-keyed Certificate . 22 Publication of the Issued Certificate by the CA . 22 Notification of Certificate Issuance by the CA to Other Entities. 22 4.3. CERTIFICATE ISSUANCE . 20 4.4. CERTIFICATE ACCEPTANCE . 20 4.5. KEY PAIR AND CERTIFICATE USAGE . 20 4.6. CERTIFICATE RENEWAL . 20 4.7. CERTIFICATE RE-KEY. 21 4.8 CERTIFICATE MODIFICATION . 22 4.9 CERTIFICATE REVOCATION AND SUSPENSION . 23 4.8.2 4.8.3 4.8.4 4.8.5 4.8.6 4.8.7 4.9.2 4.9.3 4.9.4 4.9.5 4.9.6 4.9.7 4.9.8 4.9.9 4.9.10 4.9.11 4.9.12 4.9.13 Who May Request Certificate Modification . 22 Processing Certificate Modification Requests. 22 Notification of Certificate Modification to Subscriber . 23 Conduct Constituting Acceptance of a Modified Certificate . 23 Publication of the Modified Certificate by the CA . 23 Notification of Certificate Modification by the CA to Other Entities . 23 Circumstances for Revocation. 23 Who Can Request Revocation. 24 Procedure for Revocation Request . 24 Revocation Request Grace Period . 25 Time within which CA Must Process the Revocation Request . 25 Revocation Checking Requirement for Relying Parties . 25 CRL Issuance Frequency . 25 Maximum Latency for CRLs . 25 On-line Revocation/Status Checking Availability. 25 On-line Revocation Checking Requirements . 25 Other Forms of Revocation Advertisements Available . 25 Special Requirements Related to Key Compromise . 25
4.9.14 4.9.15 4.9.16 4.9.17 Circumstances for Suspension . 25 Who Can Request Suspension . 25 Procedure for Suspension Request . 25 Limits on Suspension Period . 26 4.10.1 4.10.2 4.10.3 Operational Characteristics . 26 Service Availability . 26 Optional Features . 26 4.12.1 4.12.2 Key Escrow and Recovery Policy Practices . 26 Session Key Encapsulation and Recovery Policy and Practices . 26 4.10 CERTIFICATE STATUS SERVICES . 26 4.11 END OF SUBSCRIPTION . 26 4.12 KEY ESCROW AND RECOVERY . 26 5 5.1 FACILITY, MANAGEMENT, AND OPERATIONAL CONTROLS . 27 5.2 PROCEDURAL CONTROLS . 28 5.3 PERSONNEL CONTROLS . 29 5.4 AUDIT LOGGING PROCEDURES . 30 5.5 RECORDS ARCHIVAL . 32 5.6 5.7 KEY CHANGEOVER . 33 COMPROMISE AND DISASTER RECOVERY. 33 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7 5.1.8 5.2.1 5.2.2 5.2.3 5.2.4 5.3.1 5.3.2 5.3.3 5.3.4 5.3.5 5.3.6 5.3.7 5.3.8 5.4.1 5.4.2 5.4.3 5.4.4 5.4.5 5.4.6 5.4.7 5.4.8 5.5.1 5.5.2 5.5.3 5.5.4 5.5.5 5.5.6 5.5.7 5.7.1 5.7.2 PHYSICAL CONTROLS . 27 Site Location and Construction . 27 Physical Access . 27 Power and Air Conditioning . 27 Water Exposures . 27 Fire Prevention and Protection. 27 Media Storage . 28 Waste Disposal . 28 Off-site Backup . 28 Trusted Roles . 28 Number of Persons Required per Task . 28 Identification and Authentication for each Role . 29 Roles Requiring Separation of Duties. 29 Qualifications, Experience, and Clearance Requirements . 29 Background Check Procedures . 29 Training Requirements . 29 Retraining Frequency and Requirements . 30 Job Rotation Frequency and Sequence . 30 Sanctions for Unauthorized Actions . 30 Independent Contractor Requirements . 30 Documentation Supplied to Personnel . 30 Types of Events Recorded . 31 Frequency of Processing Log. 31 Retention Period for Audit Log . 31 Protection of Audit Log . 31 Audit Log Backup Procedures . 31 Audit Collection System . 31 Notification to Event-causing Subject . 31 Vulnerability Assessments . 31 Types of Records Archived . 32 Retention Period for Archive . 33 Protection of Archive . 33 Archive Backup Procedures . 33 Requirements for Time-stamping of Records. 33 Archive Collection System (internal or external) . 33 Procedures to Obtain and Verify Archive Information . 33 Incident and Compromise Handling Procedures . 33 Computing Resources, Software, and/or Data Are Corrupted . 34
5.7.3 5.7.4 6 5.8 CA OR RA TERMINATION . 34 6.1 TECHNICAL SECURITY CONTROLS . 35 6.2 PRIVATE KEY PROTECTION AND CRYPTOGRAPHIC MODULE ENGINEERINGCONTROLS . 35 6.3 OTHER ASPECTS OF KEY PAIR MANAGEMENT . 37 6.4 ACTIVATION DATA. 37 6.5 COMPUTER SECURITY CONTROLS . 38 6.6 LIFE CYCLE TECHNICAL CONTROLS. 38 6.7 6.8 NETWORK SECURITY CONTROLS . 39 TIME-STAMPING . 39 7.1 CERTIFICATE, CRL, AND OCSP PROFILES . 40 7.2 CRL PROFILE . 40 6.1.1 6.1.2 6.1.3 6.1.4 6.1.5 6.1.6 6.1.7 6.2.1 6.2.2 6.2.3 6.2.4 6.2.5 6.2.6 6.2.7 6.2.8 6.2.9 6.2.10 6.2.11 6.3.1 6.3.2 6.4.1 6.4.2 6.4.3 6.5.1 6.5.2 6.6.1 6.6.2 6.6.3 7 Entity Private Key Compromise Procedures . 34 Business Continuity Capabilities after a Disaster . 34 7.1.1 7.1.2 7.1.3 7.1.4 7.1.5 7.1.6 7.1.7 7.1.8 7.1.9 7.2.1 KEY PAIR GENERATION AND INSTALLATION . 35 Key Pair Generation. 35 Private Key Delivery to Subscriber . 35 Public Key Delivery to Certificate Issuer . 35 CA Public Key Delivery to Relying Parties. 35 Key Sizes . 35 Public Key Parameters Generation and Quality Checking. 35 Key Usage Purposes (as per X.509 v3 key usage field) . 35 Cryptographic Module Standards and Controls . 35 Private Key (n out of m) Multi-person Control . 36 Private Key Escrow . 36 Private Key Backup . 36 Private Key Archival .
DigiCert . Certificate Policy/ Certification Practices Statement for Private PKI Services . DigiCert, Inc. Version 3.7 . 4/05/2022 . 801 N. Thanksgiving Way
PKI belonging to the testers' organization, in this case the DoD PKI, is referred to as the Host PKI, and the external PKI to be tested is referred to as the Partner PKI. For the purpose of testing transitive trust, the third party PKI cross-certified with the Partner PKI but not the Host PKI will be referred to as the Third Party PKI.
The US DoD has two PKI: DoD PKI is their internal PKI; DoD ECA PKI is the PKI for people outside of the DoD [External Certification Authority] who need to communicate with the DoD [i.e. you]. Fortunately, the DoD has created a tool for Microsoft to Trust the DoD PKI and ECA PKI; the DoD PKE InstallRoot tool.File Size: 1MBPage Count: 10
Product Viscosity in Centipoise Water 1 cps Milk 3 cps SAE 10 Motor Oil 85 - 140 cps Castor Oil 1,000 cps Karo Syrup 5,000 cps Honey 10,000 cps Chocolate Syrup 25,000 cps 275 Ketchup 50,000 cps Sour Cream 100,000 cps Shortening 1,200,000 cps . Epoxy and Urethane compounds can be heated to reduce viscosity however there are other .
Client is an integral part of this vision. The next section will look at some of the PKI Client differentiating features in detail. 2.3 Symantec PKI Client Software PKI Client can issue and automatically renew Symantec Managed PKI software and hardware certificates for a simplified user experience that works across various Web browsers.
Continuous Global Monitoring Dedicated monitoring: DigiCert Network Operations Center provides 24x7 monitoring of the DigiCert infrastructure, systems and network. Third-party monitoring: DigiCert employs external third party global services to monitor its critical infrastructure, systems, and networks.
Configuring PKI This chapter describes the Public Key Infrastructure (PKI) support on the Cisco NX-OS device. PKI allows the device to obtain and use digital certificates for secure communication in the network. This chapter includes the following sections: Information About PKI, page 5-1 † Licensing Requirements for PKI, page 5-6
Document Name Miele PKI CP v1.0.pdf Description Certificate Policy for Miele PKI Service Document OID 1.3.6.1.4.1.44739.509.1.20.20.1 Latest available version v1.0 Last changed 22.06.2015 Document title Miele PKI Certificate Profiles Document Name Miele PKI Certificate Profiles RFC 5280 v1.0.pdf
Rumki Basu: Public Administration. 3. Hoihiar Sir and Pradeep Sachdeva, Administrative: Theory. 4. C.P. Bhambhari : Public Administration 5. M.P. Sharma and B.L. Sadna, Public Administration in Theory and Practice. SINGHANIA UNIVERSITY Detailed Syllabus of B A (Public Administration) (Effective from session 2016-17 onward) -----B. A. 1st, 2nd & 3rd Year (Public Administration) Page 53 BPAD 102 .
