2 October 1999. Thanks to RS.
Original document (854K) in RTF.DOC format: http://cryptome.org/ca-pki99.zip (176K)
|
Version: September 22, 1999
Foreword *
Objective *Background *
Intended Audience *
Part One: Overview *
Government of Canada Public Key Infrastructure – An Introduction *
Proposed Cross-Certification Process – A Summary *
Phase I: Initiation *Phase II: Examination *
Phase III: Arrangement *
Phase IV: Maintenance *
Part Two: Methodology *
Phase I – Initiation *Phase I, Step 1: Initial Request *
Step 1, Initial Request: Activities *
Phase I, Step 2: Request Review *
Step 2, Request Review: Activities *
Phase I, Step 3: Decision Point *
Step 3, Decision Point: Activities *
Phase II- Examination *
Phase II, Step 4: Examination of Certificate Policies *Step 4, Examination of Certificate Policies: Activities *
Phase II, Step 5: Test Bed Trial *
Step 5, Test Bed Trial: Activities *
Phase II, Step 6: System Survey (Production Testing) *
Step 6, System Survey: Activities *
Phase II, Step 7: Evaluation of Candidate’s Information Technology Security and Policy Compliance *
Step 7, Evaluation of Candidate’s Information Technology Security and Policy Compliance: Activities *
Phase III – Arrangement *
Phase III, Step 8: Negotiation of Arrangement *Step 8, Negotiation of Arrangement: Activities *
Phase III, Step 9: Policy Management Authority Decision *
Step 9, Policy Management Authority Decision: Activities *
Phase III, Step 10: Issuance of Cross-Certificates *
Step 10, Issuance of Cross-Certificates: Activities *
Phase IV - Maintenance *
Phase IV, Step 11: Compliance Review *Step 11, Compliance Review: Activities *
Phase IV, Step 12: Problem Resolution *
Step 12, Problem Resolution: Activities *
Phase IV, Step 13: Change Management *
Step 13, Change Management: Activities *
Phase IV, Step 14: Renewal or Termination *
Step 14, Renewal or Termination: Activities *
A. Common Process *
B. Renewal of Existing Arrangement with an External Certification Authority *
C. External Certification Authority Request for Termination of Arrangement *
Part Three: Criteria *
Part Four: Cross-Certification Annexes *
Annex 1 - Request for Cross-Certification *Annex 2 - NON-DISCLOSURE AGREEMENT *
Annex 3 - Request Review Report *
Annex 4 - Cross-Certification Team – Terms of Reference *
Annex 5 - CP MAPPING SHEETS *
Annex 6 - CP Mapping Report *
Annex 7 - System Survey QUESTIONNAIRE *
Annex 8 - Testbed Trial Report *
Annex 9 - Information Technology Security Checklist *
Annex – 10 Security Policy Index *
Annex 11 - Security Procedures Index *
Annex 12 - COMPLIANCE INSPECTION CHECKLIST *
Annex 13 - Information Technology Security and Policy Compliance Certificate (Corporation) *
Annex 14 - ITS and Policy Compliance Evaluation Report *
Annex 15 - Cross-Certification Arrangement *
Annex 16 - Government of Canada Public Key Infrastructure Internal Cross-certification – Memorandum of Understanding *
Annex 17 - Negotiation Report *
Annex 18 - Consolidated Evaluation Report *
Article 19 - Compliance Review Report *
Annex 20 - Problem Resolution Report *
Annex 21 - Change Management Report *
Annex 22 - Renewal/Termination Report *
This document outlines the procedures and criteria for cross-certification with the Canadian Central Facility of the Government of Canada Public Key Infrastructure.
In May 1999, Treasury Board Ministers approved the policy for Public Key Infrastructure Management in the Government of Canada. The policy defines the Government of Canada Public Key Infrastructure as a "public key infrastructure for use by Departments which operates in accordance with the standards, guidelines and directions of the Policy Management Authority".
The Policy Management Authority comprises representatives of each federal department operating at least one Certification Authority that is part of the Government of Canada Public Key Infrastructure. Its membership also includes a representative of the Canadian Central Facility. The Policy Management Authority is responsible for the oversight and management of the Government of Canada Public Key Infrastructure.
The Policy Management Authority is also responsible for recommending, to the Secretary of the Treasury Board, the approval or rejection of requests for cross-certification. It is the authority for establishing procedures and standards both for the Canadian Central Facility and for Certification Authorities that are part of the Government of Canada Public Key Infrastructure. The policy for Public Key Infrastructure Management in the Government of Canada stipulates that if a departmental Certification Authority intends to issue, or have issued on its behalf, certificates outside the department, it must cross-certify with the Canadian Central Facility.
For cross-certifications internal to the federal community, the Government of Canada Public Key Infrastructure Management policy requires departments to be members of the Government of Canada Public Key Infrastructure, and to sign a cross-certification arrangement formally describing the terms and conditions of the cross-certification. Cross-certifications with the private sector or with certification authorities not part of the Government of Canada Public Key Infrastructure require the implementation of formal cross-certification arrangements between the Government of Canada and the external entity.
The Government of Canada Public Key Infrastructure Secretariat supports the Policy Management Authority and the Treasury Board Secretary in their respective responsibilities for the direction and management of the Government of Canada Public Key Infrastructure.
This publication, which is issued under the authority of the Policy Management Authority, is intended for the use of federal information technology officials, Certification Authorities and public key infrastructure managers and personnel involved in cross-certification activities within the government and between government and external Certification Authorities.
These cross-certification guidelines should be read in conjunction with the Treasury Board policy for Public Key Infrastructure Management in the Government of Canada, particularly Appendices B and D, the Memorandum of Understanding, and Minimum Terms and Conditions required for Cross-Certification Arrangements, respectively. It is also important to consult federal Public Key Infrastructure Certificate Policies. Both these texts are published on the Internet at
http://www.cio-dpi.gc.ca/pki/Documents/documents_e.html.
Readers can find further detail on the Government of Canada Public Key Infrastructure at
http://www.cio-dpi.gc.ca/pki/home_e.html.
Requests for information can also be directed to the Government of Canada Public Key Infrastructure Secretariat at pki-icp@tbs-sct.gc.ca.
A Public Key Infrastructure supports data encryption and digital signature applications, using a system of mathematical formulae to produce public and private keys. A trusted third party, known as a Certification Authority, associates the public and private key pairs with a specific person or entity. The Certification Authority identifies the person or entity who is to receive a key pair, issues keys, revokes them when required, and provides notice of revocations.
The Certification Authority issues digital certificates – the electronic document or record associating a particular key pair to a specific person or entity, thus verifying the identity of the key holder. In the Government of Canada Public Key Infrastructure, certificates operate at four levels of assurance: rudimentary, basic, medium and high. Federal departments determine the appropriate level of assurance necessary, depending on their business, security and legal requirements. As the need for assurance escalates, so too does the effort taken by the Certification Authority to confirm the identity of the certificate holder.
Depending on a number of factors, including the level of assurance required, Certification Authorities issue different types of certificates. Rules governing the issuance of specific classes of certificates are captured in Certificate Policies, which serve as the cornerstone of trust in a public key certificate and form the basis for cross-certification. Certification Authorities cross-certifying with each other establish a trust relationship in which each recognizes one or more Certificate Policies of the other. In the Government of Canada Public Key Infrastructure, these trust relationships – or cross-certifications – are established through the Canadian Central Facility, whether such relationships exist between federal bodies governed by the Treasury Board’s Public Key Infrastructure management policy, or with external Certification Authorities.
The proposed federal cross-certification methodology contains four phases, with up to 14 discrete steps. The following is an executive overview of the proposed methodology, which is fully detailed in Part Two.
Phase I covers the initiation of the cross-certification process. It comprises
three steps:
Phase II covers the examination phase of the process. Its four steps
include:
conduct a security analysis to ensure that, as part of an information technology system, the Candidate Certification Authority provides an appropriate level of trust.establish if the technical, physical, procedural and personnel policies of the Candidate Certification Authority meet the assurance requirements of its Certificate Policies.
determine if the Candidate Certification Authority’s actual performance meets the standards established in its Certificate Policies and other Certification Authority operational documents.
Phase III relates to the formal documentation of the terms and conditions
under which a candidate becomes a member of the Government of Canada Public
Key Infrastructure and it cross-certified by the Canadian Central Facility.
Its three steps encompass:
Phase IV concerns the maintenance of the trust established in the
cross-certification arrangement. It provides mechanisms both for managing
the relationship between cross-certified Certification Authorities and for
terminating the arrangement if either party contravenes its terms and conditions.
The elements of this phase are not sequential and apply as circumstances
warrant. It comprises four possible steps:
Government of Canada Public Key Infrastructure – Cross-Certification Process
A request to cross-certify with the Government of Canada Public Key Infrastructure triggers a multi-phase process designed to achieve a mutually reliable trust relationship.
Phase I, Step 1: Initial Request
Purpose
To prepare and submit the required information to cross-certify with the Government of Canada Public Key Infrastructure.
Step 1, Initial Request: Activities
If required, the desk officer will also provide (e) a non-disclosure
agreement.
If the Candidate Certification Authority is an organization not governed
by the scope of the Policy for Public Key Infrastructure Management in the
Government of Canada (an external Candidate Certification Authority), it
may be asked to provide:
|
Standard Activities |
Additional Activities – External CCAs |
Phase I, Step 1: Initial Request – Activities |
|
1. |
CCA initiates process. |
|
|
2. |
Desk officer provides background documentation. |
|
|
3. |
Desk officer provides Request for Cross-Certification form. |
|
|
3.a |
External CCA provides information on legal and financial status (if necessary). |
|
|
4. |
CCA submits completed Request for Cross-Certification, Certification Policy and CA Test Bed System Survey. |
|
|
5. |
External CCA submits sponsoring department statement. |
|
|
6. |
External CCA submits non-disclosure agreement. |
|
|
7. |
Desk officer reviews submission and other documentation. |
Phase I, Step 2: Request Review
Purpose
To establish the Candidate’s suitability for cross-certification.
Step 2, Request Review: Activities
|
Phase I, Step 2: Application Review - Activities |
|
|
1. |
Desk officer undertakes initial review of Request for Cross-Certification. |
|
2. |
Desk officer seeks additional information from CCA (if necessary). |
|
3. |
Desk officer prepares Request Review Report recommending either to proceed ,or terminate the process. |
|
4. |
Desk officer submits Request Review Report to PMA. |
Phase I, Step 3: Decision Point
Purpose
To decide whether to continue the cross-certification request process.
Step 3, Decision Point: Activities
If the decision is to proceed with the cross-certification process:
|
Phase I, Step 3: Decision Point - Activities |
|
|
1. |
PMA reviews Request Review Report. |
|
2. |
PMA renders decision on whether to proceed with Request for Cross-Certification. |
|
3. |
PMA chair signs decision and informs desk officer. |
|
4. |
Desk officer informs CCA of decision. |
|
If decision is to proceed … |
|
|
5. |
PMA creates cross-certification team. |
|
6. |
Desk officer provides the CCA the cross-certification team’s Terms of Reference. |
|
7. |
Desk officer informs GOC PKI members of the Request.. |
|
8. |
Desk officer informs CCF of GOC PKI members wishing to cross-certify with candidate if request accepted. |
|
9. |
Cross-certification team leader and CCA contact organize information meeting. |
Phase II, Step 4: Examination of Certificate Policies
Purpose
To examine the candidate’s Certificate Policies and to establish their degree of harmonization with the Certificate Policies of the Government of Canada.
Step 4, Examination of Certificate Policies: Activities
|
Phase II, Step 4: Examination of Certificate Policies – Activities |
|
|
1. |
CCA identifies Certificate Policies to be cross-certified with GOC PKI. |
|
2. |
The cross-certification team determines the CP type submitted by the CCA. |
|
3. |
The cross-certification team maps the CCA’s CP(s) to the GOC PKI CP(s). |
|
4. |
The cross-certification team completes the Certificate Mapping Report and provides a copy to the desk officer. |
|
5. |
The Certificate Mapping Report makes one of three recommendations:
|
|
6. |
The desk officer informs the PMA of the Report’s recommendation. |
|
7. |
The PMA reviews the recommendation and decides whether to proceed to the next step or terminate the process. |
|
8. |
The desk officer informs the candidate of the outcome of the PMA review and decision. |
If the decision is to proceed, then the process moves to:
Phase II, Step 5: Test Bed Trial
Purpose
To identify and resolve potential incompatibilities between the Certification Authority technologies of the Government of Canada Public Key Infrastructure and the candidate, using a Test Bed Certification Authority and thus minimizing the risk to cross-certified Certification Authorities already in production mode.
Step 5, Test Bed Trial: Activities
|
Phase II, Step 5: Test Bed Trial – Activities |
|
|
1. |
PMA designates a GOC PKI Test Bed CA. |
|
2. |
The cross-certification team reviews the candidate’s System Survey. |
|
3. |
The cross-certification team provides the candidate the System Survey for the GOC PKI CA. |
|
4. |
The candidate and the GOC PKI undertake a test cross-certification. |
|
5. |
The cross-certification team prepares a Test Bed Trial Report and provides a copy to the desk officer. |
|
6. |
The Test Bed Trial Report makes one of three recommendations:
|
|
7. |
The desk officer provides the Report’s recommendation to the PMA. |
|
8. |
The PMA reviews the recommendation and decides whether to proceed to the next step or terminate the process. |
|
9. |
The desk officer informs the candidate of the outcome of the PMA review and decision. |
If the decision is to proceed, then the process moves on to:
Phase II, Step 6: System Survey (Production Testing)
Purpose
To confirm that the technical details of the respective Certification Authorities are available for production mode cross-certification.
Step 6, System Survey: Activities
|
Phase II, Step 6: System Survey (Production Testing) – Activities |
|
|
1. |
The candidate contact completes a System Survey for the CA, which will be connected permanently to the Canadian Central Facility. |
|
2. |
The contact returns the completed Survey to the cross-certification team. |
|
3. |
The cross-certification team provides the candidate contact the Canadian Central Facility’s latest System Survey. |
Phase II, Step 7: Evaluation of Candidate’s Information Technology Security and Policy Compliance
Purpose
Step 7, Evaluation of Candidate’s Information Technology Security and Policy Compliance: Activities
|
Phase II, Step 7: Evaluation of ITS and Policy Compliance – Activities |
|
|
1. |
The candidate completes the ITS Evaluation checklist. |
|
2. |
The candidate uses the ITS Evaluation and Compliance Inspection checklists as baseline criteria for evaluations. |
|
3. |
The candidate undertakes an ITS evaluation. |
|
4. |
The candidate provides the cross-certification team a comparison of its ITS criteria and the GOC PKI ITS checklist. |
|
5. |
The candidate undertakes a Compliance Inspection, certifying a specific assurance level and providing the cross-certification team the framework it used for the compliance inspection. |
|
6. |
If it has already conducted a compliance inspection, the candidate provides the cross-certification team a comparison between its compliance evaluation criteria and the Compliance Inspection checklist. |
|
7. |
The candidate’s contact completes an ITS and Policy Compliance certificate (Annex 13). |
|
8. |
A senior officer of the candidate organization signs the ITS and Policy
Compliance Certificate, attesting:
|
|
9. |
The cross-certification team may undertake a visit to the candidate’s CA facilities, its LRA sites, or specific Subscribers, to ensure full compliance in the candidate’s CA procedures. |
|
10. |
The cross-certification team reviews the signed ITS and Policy Compliance Certificate and CPS to confirm that the candidate has met the checklist security requirements. |
|
11. |
The cross-certification team documents its findings in an ITS and Policy Compliance Evaluation Report and provides a copy to the desk officer. |
|
12. |
The ITS and Policy Compliance Report makes one of three recommendations:
|
|
13. |
The PMA reviews the recommendation and decides whether to proceed to the next step or terminate the process. |
|
14. |
The desk officer informs the candidate of the PMA decision. |
If the decision is to proceed, then the process moves on to:
Phase III, Step 8: Negotiation of Arrangement
Purpose
To negotiate the terms and conditions of the cross-certification arrangement.
Step 8, Negotiation of Arrangement: Activities
|
Phase III, Step 8: Negotiation of Arrangement – Activities |
||
|
1. |
Cross-certification team determines appropriate type of arrangement for cross-certification. |
|
|
2. |
External Cross-Certification |
|
|
2.1 |
Cross-certification team provides the candidate a copy of the appropriate draft arrangement. |
|
|
2.2 |
Cross-certification team provides additional information or clarification. |
|
|
2.3 |
Cross-certification team and candidate personnel negotiate text. |
|
|
2.4 |
Cross-certification team details differences between negotiated arrangement and prototype arrangement. |
|
|
3. |
GOC PKI Memorandum of Understanding |
|
|
3.1 |
Cross-certification team provides the candidate a copy of the GOC PKI MOU. |
|
|
3.2 |
Cross-certification team provides additional information or clarification. |
|
|
4. |
Cross-certification team reviews relevant documentation |
|
Phase III, Step 9: Policy Management Authority Decision
Purpose
To decide whether to enter into cross-certification arrangement with candidate.
Step 9, Policy Management Authority Decision: Activities
|
Phase III, Step 9: Policy Management Authority Decision – Activities |
|
|
1. |
Cross-certification team prepares the Consolidated Evaluation Report containing recommendation on cross-certification request. |
|
2. |
The Consolidated Evaluation Report makes one of three recommendations:
|
|
3. |
Desk officer forwards the Consolidated Evaluation Report and recommendation to PMA. |
|
4. |
PMA reviews the Consolidated Evaluation Report and recommendation, as well as any of the various cross-certification process reports it deems necessary. |
|
5. |
PMA forwards its recommendation on the cross-certification request to the TB Secretary, for the consideration of the TB President. |
|
6. |
PMA decision advises the TBS Secretary and ultimately the TB President either
to :
|
|
7. |
Desk officer issues a decision letter informing the CCA contact of the President’s decision. |
|
8. |
The desk officer informs the contact that the candidate’s written response to a conditional acceptance must be received no later than 20 days from the date of the President’s decision. |
|
9. |
The cross-certification team undertakes any necessary repetition of steps in the process. |
|
10. |
If necessary, desk officer issues a second letter of decision signed by the PMA chair, indicating acceptance or rejection of cross-certification request. |
|
11. |
If the decision is to accept, representatives of both parties sign the appropriate cross-certification agreement. |
|
12. |
Desk officer and candidate contact determine an appropriate start date for the arrangement. |
Phase III, Step 10: Issuance of Cross-Certificates
Purpose
To initiate the process allowing the Canadian Central Facility and the Candidate Certification Authority to issue cross-certificates.
Step 10, Issuance of Cross-Certificates: Activities
|
Phase III, Step 10: Issuance of Cross-Certificates – Activities |
|
|
1. |
The cross-certification team provides the CCA’s completed System Survey to the CCF. |
|
2. |
The CCF provides a completed System Survey for its CA to the CCA. |
|
3. |
The CAs issue cross-certificates. |
|
4. |
The CCF informs the desk officer of the cross-certification |
|
5. |
The desk officer informs the PMA and GOC PKI members of the new cross-certification |
It is important to ensure that, once in place and for its duration, the cross-certification arrangement continues to maintain a level of trust between the two parties. Each cross-certification is governed by the arrangement entered into in Phase III. For example, the Government of Canada Public Key Infrastructure Memorandum of Understanding governs the relationship between departmental Certification Authorities and the Canadian Central Facility. The federal policy on Public Key Infrastructure Management in the Government of Canada and Policy Management Authority decisions also govern the relationship.
The maintenance phase provides mechanisms both for managing the relationship between cross-certified Certification Authorities as required for the proper operation of the arrangement, and for terminating the arrangement if either party contravenes its terms and conditions. The elements of this phase are not sequential, they will apply as circumstances warrant.
Should the Government of Canada Public Key Infrastructure Secretariat, the Canadian Central Facility or the Policy Management Authority become aware of any information that creates any doubt that there has been a failure:
1. in the integrity of the Affiliated Certification Authority’s information technology security, or2. in the Affiliated Certification Authority’s compliance with its stated Certificate Policy or Certificate Practice Statement,
and such failure may adversely affect the security of the Government of Canada Public Key Infrastructure, the Chair of the Policy Management Authority may, at his or her discretion, instruct the Canadian Central Facility to revoke immediately the cross-certificate of the Affiliated Certification Authority. The Canadian Central Facility does so, informing the desk officer responsible for relations with the Affiliated Certification Authority of the revocation. The desk officer then informs the Affiliated Certification Authority and departmental Certification Authorities of the revocation.
Phase IV, Step 11: Compliance Review
Purpose
To determine if the Affiliated Certification Authority is operating in compliance with its stated polices and practices.
Step 11, Compliance Review: Activities
|
Phase IV, Step 11: Compliance Review – Activities |
|
|
1. |
Affiliated CA provides the GOC PKI Secretariat a report on ITS and Policy Compliance. |
|
2. |
Desk officer establishes a Compliance Review Team. |
|
3. |
Compliance Review Team reviews the review report as well as any Problem or Change Management Reports. |
|
4. |
The Compliance Review Team leader may request the Team be allowed to visit the Affiliated CA’s facilities, its LRA sites or specific subscribers to ensure there is full compliance in the Affiliated CA’s procedures. |
|
5. |
The team provides the desk officer a copy of its Compliance Review report, recommending one of three possible courses:
|
|
6. |
The desk officer forwards the Compliance Review Report to the PMA for review and decision within 30 days. |
|
7. |
The desk officer informs the CCF and the Affiliated Certification Authority of the PMA decision. |
|
8. |
If the PMA directs, the CCF revokes the existing cross-certificate. If required, the CCF issues a new certificate. |
|
9. |
The CCF informs the desk officer of the revocation and, if applicable, the issuance of a new cross-certificate. |
|
10. |
If during its review, the Compliance Review Team notes a deficiency which can be rectified immediately, the teams informs the Affiliate CA contact. |
|
11. |
If deficiencies cannot be correctly immediately, the desk officer advises the contact of the length of time the Affiliated CA has to make the corrections. The point of contact informs the desk officer of Affiliated CA actions to respond to deficiencies. |
Phase IV, Step 12: Problem Resolution
Purpose
To report and correct problems the parties may encounter over the effective period of the cross-certification arrangement.
Step 12, Problem Resolution: Activities
|
Phase IV, Step 12: Problem Resolution – Activities |
|
|
1. |
Either signatories to the cross-certification arrangement submits a Problem Resolution Report to the desk officer. |
|
2. |
The desk officer authenticates the information in the Problem Resolution Report. |
|
3. |
The desk officer, working with the cross-certification signatories, attempts to solve the problem expeditiously. |
|
4. |
If the desk officer cannot resolve the problem expeditiously, it is documented in the Problem Resolution Report, copies of which are provided to the PMA and the cross-certification signatories. |
|
5. |
The desk officer documents all outcomes in the Problem Resolution Report. |
Phase IV, Step 13: Change Management
Purpose
To manage changes to the Public Key Infrastructure associated with a particular cross-certification arrangement. and to decide what actions to take as a result of implementing such changes.
Step 13, Change Management: Activities
|
Phase IV, Step 13: Change Management – Activities
|
|
|
1. |
Either party to the cross-certification arrangement submits a Change Management Report to the desk officer. |
|
2. |
The desk officer authenticates the information in the Change Management Report. |
|
3. |
The desk officer completes the Change Management Report and forwards it to
the PMA. The Report advises:
|
|
4. |
PMA reviews the Report and comes to a decision. |
|
5. |
If one of the parties implements a change that has been deemed unacceptable, the PMA may terminate the cross-certification arrangement or downgrade the assurance level. |
|
6. |
If either the CCF or the Affiliated CA are dissatisfied with the PMA decision, they must resolve the matter according to provisions in the cross-certification arrangement. |
|
7. |
The desk officer documents all outcomes in the Change Management Report and provides a copy to the Canadian Central Facility. |
Phase IV, Step 14: Renewal or Termination
Purpose
To decide whether to renew or terminate an existing cross-certification arrangement, and to specify the process for either renewal or termination.
Step 14, Renewal or Termination: Activities
The Government of Canada Public Key Infrastructure Secretariat serves as the repository for signed cross-certification arrangements. Whether in the form of an external cross-certification arrangement or the Government of Canada Public Key Infrastructure Memorandum of Understanding, any arrangement will last for the period specified in the arrangement.
B. Renewal of Existing Arrangement with an External
Certification Authority
C. External Certification Authority Request for Termination of Arrangement
D. Government of Canada Public Key Infrastructure Member Withdrawal from the Government of Canada Public Key Infrastructure
E. Departmental Certification Authorities and Removal from the Government of Canada Public Key Infrastructure
|
Phase IV, Step 14:Renewal or Termination – Activities |
|
A. Common Process |
|
The desk officer provides the PMA a Renewal/Termination Report, containing: a. a summary of all relevant issues and information |
|
B. Renewal of Existing Arrangement with External Certification Authority |
|
|
1. |
180 days before the expiry of a cross-certification arrangement, the desk officer informs the PMA. |
|
2. |
The desk officer contacts the other signatory to determine if the party wishes to renew the arrangement. |
|
3. |
The PMA uses the criteria in Part III to review the Renewal/Termination Report. |
|
4. |
The PMA decides either to:
|
|
5. |
If the PMA recommends renewal with no changes, the desk officer informs the other signatory, initiating Phase II activities. Once the activities are completed, the desk officer prepares a recommendation for the TBS Secretary and a new arrangement for both parties to sign. |
|
6. |
If the PMA recommends negotiating a new arrangement, the desk officer informs the other party in writing. If that party wishes to proceed, Parts II and III apply. |
|
7. |
If the other party declines the PMA recommendation, the arrangement expires. |
|
C. External Certification Authority Request for Termination of Arrangement |
|
|
1. |
Any signatory to an external cross-certification arrangement may request the termination of the arrangement, specifying the reasons for seeking termination and the desired termination date. |
|
2. |
The desk officer, the CCF and the Affiliated CA determine a mutually agreeable termination date. The CCF and the Affiliated CA carry out appropriate termination procedures. |
|
3. |
The CCF notifies the desk officer of the completion of the termination procedures and the revocation of cross-certificates. |
|
D. GOC PKI Member Withdrawal from GOC PKI |
|
|
1. |
A departmental CA may request to withdraw from the GOC PKI at any time, stating the reason(s) for seeking termination and the desired termination date. |
|
2. |
The PMA specifies the terms and conditions for withdrawal, and notifies the desk officer. |
|
3. |
The desk officer informs the withdrawing member of the PMA terms and conditions for withdrawal. |
|
4. |
The CCF and the withdrawing member undertake the termination procedures. |
|
5. |
The desk officer informs all departmental CAs of the withdrawal. |
|
E. Departmental CAs and Removal from the GOC PKI |
|
|
1. |
The desk officer notifies the member CA of a PMA decision to remove the member from the GOC PKI, stating the reason(s) for removal and the termination date. |
|
2. |
The PMA uses the criteria in Part III in deciding to remove a member from the GOC PKI. |
Text to follow.
Annex 1 Phase 1, Step 1 Request for Cross-CertificationAnnex 2 Phase 1, Step 1 Non-Disclosure Agreement
Annex 3 Phase 1, Step 2 Request Review Report
Annex 4 Phase 1, Step 3 Cross-Certification Team - Terms of Reference
Annex 5 Phase 2, Step 4 CP Mapping Sheets
Annex 6 Phase 2, Step 4 CP Mapping Report
Annex 7 Phase 2, Step 5 System Survey Questionnaire
Annex 8 Phase 2, Step 5 Test Bed Trial Report
Annex 9 Phase 2, Step 7 Information Technology Security Checklist
Annex 10 Phase 2, Step 7 Security Policy Index
Annex 11 Phase 2, Step 7 Security Procedures Index
Annex 12 Phase 2, Step 7 Compliance Inspection Checklist
Annex 13 Phase 2, Step 7 ITS and Policy Compliance Certificate
Annex 14 Phase 2, Step 7 ITS and Policy Compliance Evaluation Report
Annex 15 Phase 3, Step 8 Cross-Certification Arrangement
Annex 16 Phase 3, Step 8 GOC PKI Memorandum of Understanding
Annex 17 Phase 3, Step 8 Negotiation Report
Annex 18 Phase 3, Step 9 Consolidated Evaluation Report
Annex 19 Phase 4, Step 11 Compliance Review Report
Annex 20 Phase 4, Step 12 Problem Resolution Report
Annex 21 Phase 4, Step 13 Change Management Report
Annex 22 Phase 4, Step 14 Renewal/Termination Report
Government of Canada
Public Key Infrastructure
Section 1 Candidate Certification Authority ("Candidate")
(a) Name of Candidate
(b) Name of Organization(s) which operates Candidate
(c) Name of Individual(s) to serve as Candidate’s Point of Contact
(d) Address
(e) Telephone
(f) Fax
(g) E-Mail address
Section 2 Department(s) serving as Candidate’s Sponsor ("Sponsor")
(a) Name(s) of Department(s)
(b) Name(s) of Individual(s) to serve as Sponsor’s Point of Contact
(c) Address
(d) Telephone
(e) Fax
(f) E-Mail address
Explanatory Note: Points of Contact, in consultation with the Candidate’s policy, operations, technical and legal personnel, are to represent their Candidate, as required, at relevant stages of the cross-certification process.
Section 3 - Technology
The Candidate must indicate:
(a) Technology product employed (including version number);
(b) Signature and encryption algorithms supported;
(c) Directory technologies employed;
(d) Certificate verification process employed;
(e) Level of assurance sought;
(f) Existence, if any, of key recovery.
Section 4 - Documentation
Before any Request for Cross-certification can be considered complete, the Candidate must submit the following documentation:
(a) A letter from a Department in the Government of Canada indicating that department’s sponsorship of the Candidate.(b) A document containing the reasons why the Government of Canada should enter into a cross-certification arrangement with the Candidate, and a list of the specific departments with which the Candidate wishes to cross-certify.
(c) A copy of the Candidate’s Certificate Policy.
(d) A statement of security assessment.
(e) A compliance inspection report indicating the results of any inspection of the Candidate within the preceding 12 months.
(f) A completed Testbed System Survey.
(g) A signed undertaking not to disclose any security-related information revealed for the purposes of facilitating cross-certification.
(h) A list of all Certification Authorities to which the Candidate has issued cross-certificates.
(i) A statement disclosing any laws concerning sovereign immunity that may apply to the Candidate or any organization that controls, directly or indirectly, the Candidate.
(j) If the organization operating the Candidate is a corporate entity, a copy of documents indicating current standing in the jurisdiction of incorporation and legal status.
(k) Evidence of financial standing.
Date:
Signature(s) of senior official(s) of the organization that operates the Candidate CA
Government of Canada
Public Key Infrastructure
This Agreement made
Between:
HER MAJESTY THE QUEEN IN RIGHT OF CANADA
as represented by the President off the
Treasury Board of Canada
(hereinafter called "the Government of Canada")
Party of the First Part
and
XYZ
(hereinafter called "X")
Party of the Second Part
WHEREAS the Government of Canada is interested in entering into a cross-certification arrangement with X;
AND WHEREAS the Government of Canada understands that in order for X to make its decision to cross-certify, X will need to review existing confidential information in written, electronic, and oral form, and to create, compile, or arrange, records and information with respect to the Government of Canada Public Key Infrastructure, whether or not derived from an investigation of the facilities of the Canadian Central Facility, collectively referred to as the Confidential Information;
NOW THEREFORE, in consideration of the Government of Canada making the Confidential Information available to X, X agrees on its behalf, and agrees to cause its directors, officers, employees, agents and advisors:
(i) not to use for any purpose any portion of the Confidential Information, or notes, summaries or other material prepared by X or derived from any inspection conducted by Xor from X's evaluation of the Confidential Information (referred to as X's "Notes"), except to determine whether X wishes to issue a cross-certificate to the Canadian Central Facility;(ii) not to disclose to others any portion of the Confidential Information or X's Notes, except to those employees, agents, advisors, consultants and other representatives of whom X has notified the Government of Canada in writing and who have agreed in writing to be bound by the terms of this agreement (X's "Permitted Representatives") and then only for the purpose described in clause (i) above;
(iii) not to make copies or otherwise reproduce the Confidential Information or any part thereof, or remove any of the Confidential Information from the place where it is made available, except:
(a) in the form of Notes made by X or X's Permitted Representatives during X's inspection of the Confidential Information to assist X in evaluating the proposed cross-certification; or(b) as permitted with the specific written consent of the Government of Canada;
(iv) to maintain in a secure place X's Notes and copies of any part of the Confidential Information in the possession of X or X's Permitted Representatives and to take all steps reasonably necessary to ensure that no one other than X's Permitted Representatives will have access thereto; and
(v) not to assert or allege the existence of any representation, warranty or agreement by any of the Interested Parties, it being the intent of this clause that none of the Interested Parties shall have any liability or obligation to X except in respect of any representations, warranties and agreements which are in writing and hereafter duly executed by them. The Confidential Information is being given to X without liability on the part of the Government of Canada and no representation or warranty with respect to the Confidential Information is made by the Government of Canada or its employees, agents, contractors, representatives or advisors (the "Interested Parties"); and
(vi) if the Government of Canada withdraws its request for cross-certification, or if X decides not to issue a cross-certificate to the Canadian Central Facility, then X shall forthwith, without further notice, either:
(a) deliver to the Government of Canada, or as it may direct, the Confidential Information and X's Notes related thereto, without retaining any copies or extracts therefrom; or(b) deliver to the Government of Canada, or as it may direct, a certificate that X has destroyed the Confidential Information and X's Notes related thereto, without retaining any copies or extracts therefrom.
X agrees to comply with clauses (i) through (v) for a period of five years.
If X is required at any time by law to disclose any portion of the Confidential Information or X's Notes, X shall provide the Government of Canada with prompt written notice of such requirement so that it may either seek an appropriate court order which would have the effect of relieving X of the requirement to disclose or else waive X's compliance with the provisions of this agreement. If the protective court order or other remedy is not obtained and the Government of Canada does not waive compliance, X agrees to furnish only that portion of the Confidential Information or X's Notes which X is advised by legal counsel is legally required and to use X's best efforts to ensure that confidential treatment will be accorded to that portion of the Confidential Information or X's Notes. X will not have any liability to the Government of Canada for disclosing Confidential Information or X's Notes in accordance with this paragraph.
Notwithstanding the foregoing, Confidential Information is not subject to the terms of this agreement if it consists of:
(i) documents already in X's possession before being disclosed to X under this agreement, unless designated as confidential or otherwise protected on their face or in an attachment;(ii) documents or information in the public domain at the time of disclosure to X or which, after disclosure to X, enter into the public domain through no fault of X's or of X's Permitted Representatives
X agrees that Interested Parties shall be entitled to equitable relief, including injunction and specific performance, in the event of any breach of the provisions of this agreement, in addition to all other remedies available to the Interested Parties at law or in equity and X agrees that an award of damages may not be an effective remedy to the Interested Parties in the event of a breach of this agreement. X agrees to indemnify and hold harmless the Interested Parties from any damages, loss, cost or liability (including legal fees and the cost of enforcing this indemnity) arising out of the breach of this agreement by X or any of X's Permitted Representatives.
It is understood and agreed that no failure or delay by the Interested Parties in exercising any right, power or privilege under this agreement will operate as waiver therefor, nor will any single or partial exercise thereof preclude any other or further exercise thereof or the exercise of any right, power or privilege under this agreement.
If any provision of this agreement or any part thereof is held to be invalid or unenforceable in whole or in part, such invalidity or unenforceability shall attach only to that provision or part thereof and the remaining part of that provision and all other provisions hereof shall continue in full force and effect.
This agreement shall be governed by and construed in accordance with applicable laws in force in the Province of ................and the laws of Canada applicable thereto, exclusive of their conflict-of-laws principles.
Her Majesty the Queen in right of Canada as represented by the President of the Treasury Board of Canada
........................................................
Date:.......................................................................
Signed on behalf of X
..................................................................
Date:..........................................................................
Government of Canada
Public Key Infrastructure
The purpose of this report is to detail the results of a preliminary review by the PMA Desk Officer of the Candidate CA’s request for cross-certification with the GOC PKI. The Desk Officer will conduct a preliminary review to ensure the CCA meets the required criteria to cross-certify with the GOC PKI and has met the document requirements. A preliminary analysis will determine if there is any obvious policy, administrative, technical, legal and financial issues that would impede entering into the cross-certification process.
The document is to be organized in the following manner:
1. Executive Summary
Candidate CASponsoring Department
Key issues and rationale
Recommendations
2. Description of CCA and sponsoring agency endorsement
3. Business Rationale for Considering this Request for Cross-Certification
4. Description of Issues, if any
PolicyAdministrative
Technological
Legal
Financial
5. Analysis of possible implications associated with cross-certification
6. Key issues for consideration and rationale
7. Recommendations
ProceedProceed with conditions
Do not proceed
Government of Canada
Public Key Infrastructure
A GOC PKI Cross-certification Team will have responsibility for the review and recommendation for acceptance/non-acceptance of specific cross-certification requests between an internal/external PKIs and the GOC PKI. This team, under the guidance of the Policy Management Authority (PMA), will interact with the Candidate CA to review and make recommendations with respect to cross-certification with the Candidate Ca with the Canadian Central Facility.
The mandate of a GOC PKI Cross-certification Team is to conduct all activities in Phases II and III that are assigned to it as per the GOC PKI Cross-Certification Methodology and report its findings to the PMA.
Tasks
The GOC PKI Cross-certification Team is responsible for ensuring that the following tasks are done:
1) review of Certificate Policy (CP) Mapping Standards;
2) review of GOC PKI CP;
3) examination of Candidate CA CPs;
4) examination of Candidate CA Certification Practice Statement (CPS);
5) review of PMA directions;
6) CP Mapping Report;
7) Testbed Trial Report;
8) ITS and Policy Compliance Certificate;
9) ITS and Policy Compliance Evaluation Report;
10) System Survey;
11) legal arrangements for cross-certification;
12) Negotiation Report;
13) Consolidated Evaluation Report, and
14) such other tasks as assigned by the PMA
Membership and Expertise
The GOC PKI Cross-certification Team comprises personnel with a range of professional backgrounds: technical, policy, legal and administrative. Collectively, the GOC PKI Cross-certification Team has a comprehensive understanding of the GOC PKI and all relevant issues.
A GOC PKI Cross-certification Team Leader will be designated from the team members. The Team Leader will interact and liaise on an "as-required" basis with the appropriate personnel (e.g. the POC of the Candidate CA, the sponsor).
The GOC PKI Cross-certification Team Leader will be the representative to the GOC PKI Secretariat and, as required, the PMA.
The GOC PKI Cross-certification Team requires personnel with expertise in the following areas:
1) legal issues;
2) CPs and CPSs;
3) GOC PKI technology;
4) Compliance Inspections;
5) IT security and technology and
6) Other areas as required (e.g., international relations).
Name of Organization: Date:
Negotiation Team Member: Registration Number:
|
Type of Document Information (circle one) 1. Digital Signature CP; Encryption CP; Combined CP/CPS 2. OID: 3: URL: 4. Level of Assurance(s): Rudimentary: Basic; Medium; High |
|
Compliance Inspection Document Information 5. Compliance Inspection: Y N 6. Internal of External 7. Date Completed (yyyy/mm/dd): 8. Inspection performed by (name of firm, individual):
9. Level of assurance approved: Rudimentary; Basic; Medium; High 10. Comments:
|
|
CATEGORY/ELEMENT |
M/D |
GoC PKI CP SECTIONS |
Comparable Section |
Comments |
C |
|
Community and applicability |
D |
1.3 |
|||
|
Community of interest |
D |
1.3.1-1.3.5 |
|||
|
Applicability and intended applications |
D |
1.3.6, 1.3.6.1 |
|||
|
General provisions |
M |
(2) |
|||
|
Liability |
M |
2.2, 2.2.4 |
|||
|
Obligations |
M |
2.1, 2.1.1, 2.1.1.2, 2.1.1.4, 2.1.2 |
|||
|
Financial responsibilities |
M |
2.3 |
|||
|
Compliance with laws and regulations |
M |
2.4 |
|||
|
Identification and Authentication |
M |
3, 5.2.3 |
|||
|
Initial registration |
M |
3.1.1, 3.1.2 |
|||
|
Authentication of Entities |
M |
3.1.8, 3.1.9, 3.1.10, 3.2, 3.3, 3.4 |
|||
|
Operations policy |
M |
4 |
|||
|
Certificate application |
M |
4.1 |
|||
|
Acceptance |
M |
4.3 |
|||
|
Revocation |
M |
4.4, 4.8.2 |
|||
|
Suspension. |
D |
4.4 |
|||
|
Key compromise |
M |
4.4.1, 4.8.3, 4.4.15, 2.1.3.4 |
|||
|
Audit policy |
M |
4.5 |
|||
|
Records and records keeping |
M |
4.6 |
|||
|
Compliance audit |
M |
2.7 |
|||
|
Confidentiality |
M |
2.8 |
|||
|
Business resumption |
M |
4.8 |
|||
|
Termination |
M |
4.9 |
|||
|
Local security policy |
M |
5, 6 |
|||
|
Physical controls |
M |
5.1 |
|||
|
Procedural controls |
M |
5.2 |
|||
|
Personnel controls |
M |
5.2.3, 5.3 |
|||
|
Technical controls |
M |
6, 6.1 |
|||
|
Security controls |
M |
6.2, 6.5, 6.6, 6.7, 6.8 |
|||
|
Key management policy |
M |
6, 6.2, 6.3, 6.4 |
|||
|
Key Protection; |
M |
2.1.1.5, 2.1.2.3, 2.1.3.2, 6.2 |
|||
|
Key Delivery; |
M |
6.1.2, 6.1.3, 6.1.4 |
|||
|
Key Escrow; |
M |
6.2.3 |
|||
|
Key Backup; |
M |
6.2.4 |
|||
|
Key Archive; |
M |
6.2.5, 6.3.1 |
|||
|
Key Expiration |
M |
6.2.9 |
|||
|
Key Usage |
M |
6.1.9, 6.2.2 |
|||
|
Validity period of public and private keys |
M |
6.3.2 |
|||
|
Certificate and CRL Profile |
M |
7 |
|||
|
Certificate version |
M |
7.1 |
|||
|
CRL version |
M |
7.2 |
|||
|
Policy administration |
D |
8 |
|||
|
Policy authority and contact details |
M |
1.4 |
|||
|
Publications and Repository |
M |
2.6 |
Notes:
1. M = Mandatory – category or element must be present
2. D = Desirable – category should be present
3. C = special considerations, Cross-Certification Team should use [C= critical (possible failing condition); F = flag (further examination required, i.e. details in CPS); W = warning (small difference not critical); no mark section ok
Government of Canada
Public Key Infrastructure
The purpose of this report is to detail the results of the policy mapping process comparing the CCAs CPs with the GOC PKI CPs. The Cross-Certification Team will perform the policy mapping using the CP Mapping sheets.
The document is to be organized in the following manner:
1. Executive Summary
CPs mapped to GOC PKI CPAny discrepancies
Key issues and rationale
Recommendations
2. Description of CPs mapped to GOC PKI CP
3. Description of Issues, if any
DiscrepanciesCP references
4. Analysis of possible implications
5. Key issues for consideration and rationale
6. Recommendations
ProceedProceed with conditions
Do not proceed
Government of Canada
Public Key Infrastructure
System Survey Questionnaire
Cross-certification
with the
Government of Canada
Public Key Infrastructure
(GOC PKI)
V 1.0
Purpose:
The purpose of the System Survey Questionnaire (SSQ) is to evaluate the technical functionality requirement of the candidate CA to ensure compatibility and interoperability with GOC PKI.
Methodology:
The System Survey questionnaire has been categorized in 3 groupings: Administrative, Maintenance and Support, and Network Architecture. The SSQ is to confirm the system readiness and is being distributed to the candidate CA requesting to cross-certify with the GOC PKI Canadian Central Facility (CCF).
Reference documents:
a. Internet X.509 Public Key Infrastructure Certificate and CRL Profile, RFC 2459, January 1999b. Internet X.509 Public Key Infrastructure Certificate Management Protocols, RFC 2510, March 1999
c. Internet X.509 Certificate Request Message Format, RFC 2511, March 1999
d. PKCS #10: Certification Request Syntax Version 1.5, RFC 2314, March 1998
e. ITU-T Recommendation X.509, Information Technology – Open Systems Interconnection – The Directory: Authentication Framework, June 1997
f. Recommendation X.509 and ISO 9594-8, Information Processing System - Open Systems Interconnection - The Directory - Authentication Framework, 1988.
g. ITU-T Recommendation X.830 (1994) | ISO/IEC 11586-1:1996, Information Technology – Open Systems Interconnection – Generic Upper Layers Security: Overview, Models and Notation
h. ITU-T Recommendation X.831 (1994) | ISO/IEC 11586-2:1996, Information Technology – Open Systems Interconnection – Generic Upper Layers Security: Security Exchange Service Element (SESE) Service Definition
i. ITU-T Recommendation X.832 (1994) | ISO/IEC 11586-3:1996, Information Technology – Open Systems Interconnection – Generic Upper Layers Security: Security Exchange Service Element (SESE) Protocol Specification
|
Table 1 - Cross Certification System Survey Questionnaire |
||||
|
# |
INFORMATION REQUIRED
|
DESCRIPTION |
REMARK |
|
|
1. |
Administration |
|||
|
Point of contact (POC):
|
||||
|
Specific location of facility:
|
||||
|
System access:
|
||||
|
2. |
Maintenance and Support |
|||
|
System prime representatives for the purpose of problem reporting and information exchange amongst system primes.
|
||||
|
3. |
Network Architecture |
|||
|
Environment: Can you provide a high level overview of the candidate CA system and network architecture for the following environment?
Please include a general description of the candidate CA’s:
|
|
|||
Please identify the firewall application software (by release number, including all incorporated patches, if any) used by the candidate CA. |
||||
Please provide a summary of the candidate CA’s firewall access policy. For example, the policy is expected to address issues such as:
|
||||
|
Firewall Functional Requirements : Is your firewall capable of being configured to address each of the following functional requirements? Please identify those (if any) that your firewall is incapable of supporting? Are there any additional capabilities of your firewall that are not addressed by the following? Please identify. The firewall is expected to have no fewer than the following capabilities:
|
||||
|
Firewall Audit Events: Please describe the candidate CA firewall generated audit event capabilities. For example, such a firewall is expected to generate an audit event for no fewer than the following items per each attempted session:
|
||||
|
Firewall Audit Event Grouping: Please describe the audit trail capabilities provided by the candidate CA firewall. For example, it is expected that the firewall should be able to group audit events in no fewer than the following categories:
|
||||
|
Firewall – Trusted Time Source: Does the candidate CA utilize an external source of trusted time? If so, what port number is used? |
||||
|
Router: Please identify the router used by the candidate CA. In so doing, please:
|
||||
|
Router Functional Capabilities: Specifically address whether your Router addresses each of the following (suggested) functional requirements:
|
||||
|
Ethernet Hub Description: Please provide a description of the Ethernet Hub used by the candidate CA. For example, the GOC PKI Ethernet Hubs all have the following functional capabilities:
|
||||
|
Key Management Application:
|
||||
|
X.500 Directory:
|
||||
|
X.500 Directory: Is your X.500 Directory compatible with commercial X.500 Directories that comply with the Lightweight Directory Access Protocol (LDAP) interface requirements? |
||||
|
X.500 Directory: What version of LDAP does your directory support? Note:
|
||||
|
X.500 Directory: What standards are being followed for your X.500 Directory?
|
||||
|
X.500 Directory: Is your X.500 Directory available to the public in general? |
||||
|
X.500 Directory: What is your internal X.500 Directory Information Tree (DIT) structure?
X.500 Naming convention for nodes and leaf entries (e.g. cn + serialNumber) |
||||
|
X.500 Directory Chaining:
Please provide the following information in order to ensure that the CCF and candidate CA can chain their directories:
|
||||
|
Candidate CA Distinguished Name:
What is the DN of the candidate CA? For example, the GOC PKI CA DN is: c=CA, o=GC, ou=CCF-ICC, ou=1CA-AC1 |
||||
|
X.500 Directory: What is your X.500 DSA requirement? The GOC PKI is compliant with:
|
||||
|
X.500 Directory: Can your DSA support anonymous chaining requests? |
||||
|
X.509 Certificate Format: Does the candidate CA generate base certificates that comply with Recommendation X.509 IS0/IEC 9594-8: 1993? |
||||
|
X.509 Certificate and CRL Extensions: Please describe the Certificate and CRL Extensions supported by the candidate CA specifically addressing the following:
|
||||
|
X.509 PKIX CMP Compliance:
Please state the degree to which the candidate CA PKI Key Management application identified earlier at 3.10 supports key transfer pursuant to the Internet X.509 Public Key Infrastructure Certificate Management Protocol defined by RFC 2510 dated March 1999. |
||||
|
Certification Request Syntax:
In conjunction with 3.24, please confirm that the candidate CA PKI Key Management application identified earlier at 3.10 supports PKCS #10: Certification Request Syntax Version 1.5 (RFC 2314 dated March 1998). |
||||
|
Secure Exchange Protocol Compliance:
In the event that the candidate CA PKI Key Management application identified earlier at 3.10 does not support PKIX-CMP (refer to 3.23), please state the degree to which the application supports key transfer using a secure exchange protocol based upon a sub-set of the Generic Upper Layers Security (GULS) standard defined by the following: X.830 (1994) | ISO/IEC 11586-1:1996 X.832 (1994) | ISO/IEC 11586-2:1996 X.833 (1994) | ISO/IEC 11586-3:1996 |
||||
|
PKIX Certificate and CRL Extensions: Please describe the certificate and CRL extension PKIX profile of the candidate CA. In the event that the candidate CA is not using Entrust Version 5.0 or equivalent, the candidate CA will need to comply with the minimum PKIX profile, as defined in e. ITU-T Recommendation X.509, and identified in Table 2 (refer to page *) |
||||
|
Table 2 - CA Minimum
PKIX Compliance |
|
|
Element |
CA Support |
|
Certificate extensions |
|
|
authorityKeyIdentifier |
Yes |
|
subjectKeyIdentifier |
Yes |
|
keyUsage |
Yes |
|
certificatePolicies |
Yes |
|
subjectAltName |
Yes |
|
basicConstraints |
Yes |
|
nameConstraints |
Optional |
|
policyConstraints |
Optional |
|
extKeyUsage |
Optional |
|
cRLDistributionPoints |
Optional |
|
CRL extensions |
|
|
authorityKeyIdentifier |
Yes |
|
CRLNumber |
Yes |
|
CRL entry extensions |
|
|
reasonCode |
Optional |
|
invalidityDate |
Optional |
Government of Canada
Public Key Infrastructure
The purpose of this report is to document the Testbed Trial results to determine if there has been a successful exchange of certificates between the CCA and the CCF and if the certificates can be validated. The Cross-Certification Team will collaborate with the CCF in producing this report.
The document is to be organized in the following manner.
1. Executive Summary
Testing resultsAny discrepancies
Key issues and rationale
Recommendations
2. Description of Testbed Trial activities and methodology
Testing resultsDescription of discrepancies
3. Analysis of discrepancies and implications associated with cross certification
4. Key issue for consideration and rationale
5. Recommendations
ProceedProceed with conditions
Do not proceed
Government of Canada
Public Key Infrastructure
|
Institution Name: Reference Number: Inspection participant(s): Negotiation Team Member(s): |
Address:
|
|
Date: Date of any previous Inspections: |
|
|
Level of Assurance:
|
Internal or external to the GOC PKI:
|
|
ADMINISTRATIVE AND ORGANIZATIONAL |
Appointment of Security Personnel
|
Item |
Activities |
Yes |
No |
Comments |
|
1 |
Has an IT security representative been appointed for the CA physical domains? |
|
|
|
|
2 |
Have CA employees been assigned responsibility for the CA security aspects of personnel, physical and environment, hardware, software, operations, and communications? |
Security Policy
|
Item |
Activities |
Yes |
No |
Comments |
|
3 |
Do you have a set of CA IT security policies? |
|||
|
4 |
Does your CA password policy for the CA systems include the following:
|
|
|
|
Security Procedures
|
Item |
Activities |
Yes |
No |
Comments |
|
5 |
Do you have a set of CA IT security procedures? |
|
|
|
|
6 |
Do you have a procedure for security incident handling? |
|||
|
7 |
Do you have a procedure for monitoring activities during periods of privileged access? |
|||
|
8 |
Do you have a procedure for de-briefing, revoking of access privileges, and returning security-related items when employment of CA personnel and/or contractor are transferred or terminated? |
|||
|
9 |
Do you have a procedure for the maintenance of CA hardware, software, communications, network and environmental components, and IT media? |
|||
|
10 |
Do you have a problem management procedure for all CA system components? |
|||
|
11 |
Do you have a procedure to define priorities and conditions for escalation? |
|||
|
12 |
Do you have a change management procedure for all CA system components? |
|||
|
13 |
Do you have a procedure for the handling, transport, transmittal, sanitation, and destruction of particularly sensitive (Protected "B") CA IT assets information for the following:
|
|||
|
14 |
Do you have a procedure to verify hardware/software security configuration and mechanisms for the following:
|
|
||
|
15 |
Does your procedure to obtain root password and use root on the CA systems include the following:
|
|
||
|
16 |
Do you have a procedure for testing hardware, software, communications and network components prior to implementing in the production environment, and migration to the production environment? |
|||
|
17 |
Do you have a procedure to verify on a weekly basis the integrity and consistency of the CA database and the X.500 Directory? |
|||
|
18 |
Do you have backup and compare procedures according to the following schedule:
|
|||
|
19 |
Do you have operation procedures for the following:
|
|
||
|
20 |
Have procedures been developed and implemented to allow removable IT media containing CA information to be placed in a protected status and used only with written authorization? |
|||
|
21 |
Have procedures been developed and implemented for the handling, protection, and accountability for all removable IT media entering, remaining within, and leaving the CA environment? |
|||
|
22 |
Have verification procedures for CA backups been developed and implemented to ensure backups were successful? |
|||
|
23 |
Have procedures been developed and implemented for the preparation, issuance, change, cancellation and audit of CA personnel identifiers? |
|||
|
24 |
Have procedures been developed, documented, and implemented for reporting, recording, tracking, and resolving CA hardware, software, communications, network and environmental components, and IT media problems affecting security? |
|||
|
25 |
Do you have a procedure to conduct and document security review of the CA IT-related activities that includes the following items and frequencies:
|
|
Statements of Sensitivity (SOS)
|
Item |
Activities |
Yes |
No |
Comments |
|
26 |
Has a CA statement of sensitivity specifying the security designation, availability requirements, and integrity concerns of the CA systems been prepared? |
|
|
|
|
27 |
Is the CA statement of sensitivity available to personnel responsible for the security of the CA systems? |
Contracting
|
Item |
Activities |
Yes |
No |
Comments |
|
28 |
Do contracts include a configuration chart agreed upon by the CA Manager and the contractor? |
|||
|
29 |
Have configuration changes made during the period of the contract been documented, reported, reviewed, and approved prior to implementation? |
|||
|
30 |
Did configuration changes made during the period of the contract reduce the level of security provided? |
|||
|
31 |
Has the CA specified security requirements in all contracts with external organizations where those contracts affect the CA services, information, or system components for the following:
|
|
|
|
Threat and Risk Assessment (TRA)
|
Item |
Activities |
Yes |
No |
Comments |
|
32 |
Has a CA TRA been prepared and maintained, outlining existing and proposed safeguards and describing threats and risks of which account has been taken on the following:
|
|
|
|
Access Control and Authorization
|
Item |
Activities |
Yes |
No |
Comments |
|
33 |
Have access privileges to the CA been authorized and controlled for:
|
|
|
|
Security Logs and Records
|
Item |
Activities |
Yes |
No |
Comments |
|
34 |
Did the CA identify and document:
|
|||
|
35 |
Are the CA security logs, documents, and records being retained for one year? |
Change Control
|
Item |
Activities |
Yes |
No |
Comments |
|
38 |
Are all changes to CA hardware components being centrally controlled and documented? |
Problem Reporting
|
Item |
Activities |
Yes |
No |
Comments |
|
39 |
Are CA systems problems affecting security being immediately reported to the Departmental and/or Organizational IT security coordinator? |
|||
|
40 |
Is a contact list identifying CA systems support personnel, field service personnel, communications software services personnel, data communications vendors, and telecommunications carriers being maintained? |
Contingency Planning
|
Item |
Activities |
Yes |
No |
Comments |
|
41 |
Did the CA define and document the essential levels of service and the maximum acceptable periods of downtime for the CA systems? |
|
|
|
|
42 |
Does your contingency plan been developed, documented, and maintained to ensure the essential level of CA service (on-site and off-site) will be provided following any loss of processing capability or destruction of a CA facility include the following:
|
|||
|
43 |
Does your cold back-up site have physical and environmental safeguards? |
|||
|
44 |
Is your cold backup site location subject to the same physical and environmental threats as your primary site? |
|||
|
45 |
If the CA contingency plan requires the use of facilities not under the control of the CA, have formal agreements or contracts for the use of such facilities been established and reviewed annually? |
|||
|
46 |
Does the CA ensure that the implementation of the CA contingency plan does not compromise confidentiality or integrity requirements? |
|||
|
47 |
Is the CA contingency plan being tested annually to the extend practicable and does it remain consistent with security? |
|||
|
48 |
Are there sufficient alternate trained personnel to assure the confidentiality, integrity, and availability of the CA? |
|||
|
49 |
Have employees identified to take an active role in CA-related contingency situations received training and practice in their assigned duties? |
|||
|
50 |
Are the following items being stored off-site:
|
|
PERSONNEL |
Security Screening
|
Item |
Activities |
Yes |
No |
Comments |
|
51 |
Has the CA Manager been assigned the following responsibilities:
|
|
|
|
Security Awareness
|
Item |
Activities |
Yes |
No |
Comments |
|
52 |
Have security briefings been given to personnel and contractors who have access to the CA include the following:
|
|
|
|
|
53 |
Are the security briefings conducted in person, where possible? |
|||
|
54 |
Does the security briefing include the following:
|
Training of Personnel
|
Item |
Activities |
Yes |
No |
Comments |
|
55 |
Do you have a CA training program and material which includes as a minimum:
|
|
|
|
|
PHYSICAL AND ENVIRONMENTAL |
Facility
|
Item |
Activities |
Yes |
No |
Comments |
|
56 |
Do physical and environmental security safeguards for the CA facilities (wiring closet and secure rooms) in accordance with the Departmental and/or Organizational standard for IT facilities include the following:
|
|
|
|
Restricted Zones
|
Item |
Activities |
Yes |
No |
Comments |
|
57 |
Is access to the CA physical domains controlled, authorized and monitored as appropriate to IT facilities for the following:
Closed-circuit television (CCTV)? |
|
|
|
|
58
|
When servicing CA system components, are maintenance and service personnel properly escorted and supervised by knowledgeable and authorized CA personnel? |
Security Containers
|
Item |
Activities |
Yes |
No |
Comments |
|
59 |
Do IT media containing sensitive CA assets (including magnetic cartridges, diskettes, removable hard drives, and computer printouts) meet the following criteria:
|
|||
|
60 |
Are keys and combinations for containers storing sensitive CA assets issued only to authorized personnel and properly controlled? |
|
|
|
Methods of Controlling Access
|
Item |
Activities |
Yes |
No |
Comments |
|
61 |
Are the identities and the authorization of individuals being authenticated verified prior to granting access to CA facilities? |
|||
|
62 |
Do appropriate methods implemented to control access to CA facilities include the following:
|
|
|
|
Method of Authorizing Access
|
Item |
Activities |
Yes |
No |
Comments |
|
63 |
Is an access list being maintained of persons authorized to access the CA physical domains? |
|
|
|
|
64 |
Do access records being maintained on non-CA personnel accessing CA physical domains include the following:
|
Method of Monitoring Access
|
Item |
Activities |
Yes |
No |
Comments |
|
65 |
Are records being maintained documenting issuance and retrieval of CA security-related items for the following:
|
|
|
IT Utilities and Services
|
Item |
Activities |
Yes |
No |
Comments |
|
66 |
Are maintenance procedures consistent with the manufacturers’ specifications being documented and implemented for the following environmental components:
|
|
|
|
|
67 |
Are records maintained of all environmental component maintenance activities being:
|
|||
|
68 |
Are all environmental component faults being:
|
Electric Systems
|
Item |
Activities |
Yes |
No |
Comments |
|
69 |
Do you have a UPS with power conditioning for the following hardware components:
|
|
|
|
|
70 |
Are power services for CA hardware components equipped with power conditioners capable of providing a stable power supply? |
|||
|
71 |
Have CA systems been configured so as to shutdown automatically (e.g. 10 minutes) prior to the maximum duration time of the UPS batteries? |
Destruction of IT Media
|
Item |
Activities |
Yes |
No |
Comments |
|
72 |
Is IT media containing sensitive CA information being destroyed in an approved manner? |
|
|
|
|
73 |
While awaiting destruction or in transit to destruction, is IT media containing sensitive CA information being safeguarded according to the highest sensitivity of information? |
|||
|
74 |
Is destruction of IT media containing sensitive CA information being monitored by an employee with a security screening level at least equal to the highest sensitivity of information? |
Disposal/Re-use
|
Item |
Activities |
Yes |
No |
Comments |
|
75 |
Are erasable IT media previously used to store CA information being kept in the CA environment until the IT media has been sanitized using an approved erasure technique? |
|
|
|
|
76 |
Are erasable IT media and their containers being divested of all markings only after verification of the sanitation procedure? |
|||
|
77 |
Are erasable IT media sanitized using an approved technique when CA hardware components are to be removed from the CA environment for servicing? |
IT Media - General
|
Item |
Activities |
Yes |
No |
Comments |
|
78 |
Have write-protection mechanisms been enabled for all removable IT media containing CA information? |
IT Media Library
|
Item |
Activities |
Yes |
No |
Comments |
|
79 |
Do records being generated for accountability of IT media include the following:
|
|
|
|
|
80 |
Are controls for CA removable IT media stored in off-site locations commensurate with the designation of particularly sensitive (Protected "B")? |
Markings
|
Item |
Activities |
Yes |
No |
Comments |
|
81 |
Is IT media containing CA information assigned a security designation of particularly sensitive (Protected "B")? |
|
|
|
|
82 |
Have security designations been clearly marked on all CA IT media on the casing and the outer container in plain language and eye-readable form? |
|||
|
83 |
Have records concerning system authentication mechanisms, codes, or passwords used to authenticate identities been provided the designation of particularly sensitive and marked as Protected "B"? |
|||
|
84 |
Are the following items considered particularly sensitive been marked as Protected "B":
|
|||
|
85 |
Has ownership of all CA removable IT media been clearly indicated in eye-readable form on the IT media itself and on the containers used for such IT media when they are to be removed from the CA environment? |
|
HARDWARE |
Configuration /Inventory
|
Item |
Activities |
Yes |
No |
Comments |
|
86 |
Is the chart of the current CA hardware configuration, identifying all hardware components and interconnections (e.g. CPU, peripheral devices, channels, controllers, etc.) being maintained and reviewed at least annually or when changes are made? |
|
|
|
|
87 |
Does the current CA hardware inventory being maintained identify the following:
|
Security Prevention
|
Item |
Activities |
Yes |
No |
Comments |
|
88 |
Is remote diagnostic access to CA system components being controlled at all times? |
|
|
|
|
89 |
Do all essential CA hardware components left powered up and unattended have an automatic power-down capability, which will respond to environmental conditions outside the specifications detailed by the supplier? |
|||
|
90 |
Are the CA system components’ protective mechanisms being checked periodically to ensure they are functioning properly? |
|||
|
91 |
Have the CA and X.500 hosts been restricted to provide only CA and X.500 services and no additional non-PKI applications? |
|||
|
92 |
Have all unnecessary services, including network services, been disabled on the CA and X.500 hosts, routers and firewall? |
|||
|
93 |
Have the CA and X.500 hosts, routers and firewall operating systems been updated with the latest pertinent patches? |
|||
|
94 |
Have all CA and X.500 host, router and firewall default names, especially administrator and root accounts, been appropriately renamed? |
|||
|
95 |
Have all user, group and system accounts, not explicitly required for provision and support of the CA and X.500 hosts and firewall and associated services, been removed or disabled? |
|||
|
96 |
Have CA and X.500 hosts and firewall been appropriately configured to lock console or login sessions after a specified period of inactivity? |
|||
|
97 |
Have appropriate security policies and restrictions been applied to user accounts (ie. password length, password age, password re-use, and account lockout)? |
|||
|
98 |
Have appropriate permissions been assigned to CA and X.500 hosts files and directories to prevent unauthorized access and remove excessive user rights? |
|||
|
99 |
Have all unnecessary network protocols been disabled on the CA and X.500 hosts? |
|||
|
100 |
Have all TCP/IP ports been disabled on the CA and X.500 hosts except for those explicitly required to support the CA and X.500 services? |
|||
|
101 |
Have all shared network resources that are not required for the support of the CA and X.500 services been disabled? |
|||
|
102 |
Have all network services not explicitly required been disabled? |
|||
|
103 |
Have all accounts not explicitly required been removed? |
|||
|
104 |
Is the UNIX umask variable set so that new files and directories are automatically created with restrictive permissions? |
|||
|
105 |
Are UNIX shell and CDE login sessions configured to be automatically locked or logged out after a specified period of inactivity? |
|
COMMUNICATIONS |
Inventory
|
Item |
Activities |
Yes |
No |
Comments |
|
106 |
Does the current CA communications components inventory being maintained and reviewed annually identify the following:
|
|||
|
107 |
Do CA inventory records for each communications software item include the following items:
|
|||
|
108 |
Do CA communications terminals and/or circuits identified by the following:
|
|||
|
109 |
Have CA communications inventory items that are necessary for, or could affect the system’s protective mechanisms been assigned and marked with the security designation of particularly sensitive (Protected "B")? |
Configuration
|
Item |
Activities |
Yes |
No |
Comments |
|
110 |
Is a chart of the current CA communications configuration being maintained, reviewed annually, and marked with an issue date? |
|
|
|
Routine Maintenance
|
Item |
Activities |
Yes |
No |
Comments |
|
111 |
Are the use of communications test equipment, privileged and powerful communications software utilities, network monitoring tools, and diagnostics for monitoring the network being authorized and controlled by the CA Manager? |
Operational and Control Procedures
|
Item |
Activities |
Yes |
No |
Comments |
|
112 |
Are CA communications equipment being operated only by CA authorized personnel? |
|
|
|
Detection and Surveillance
|
Item |
Activities |
Yes |
No |
Comments |
|
113 |
Are tests of security features being conducted periodically to ensure CA communications controls have not been compromised or misused? |
|||
|
114 |
Are results of these security features tests recorded for audit and quality assurance purposes? |
|
|
|
Protection of Information in the CA Communications Environment
|
Item |
Activities |
Yes |
No |
Comments |
|
115 |
Is direction and guidance for COMSEC being obtained from the Departmental COMSEC Authority? |
|||
|
116 |
Does the Departmental COMSEC Authority select the approved encryption technique? |
|||
|
117 |
Has a CA encryption key management plan been developed? |
|
|
|
|
SOFTWARE |
Inventory
|
Item |
Activities |
Yes |
No |
Comments |
|
118 |
Do CA software inventory records being maintained include the following:
|
|||
|
119 |
Do CA software inventory records for each item indicate:
|
Surveillance
|
Item |
Activities |
Yes |
No |
Comments |
|
120 |
Are CA surveillance and protective mechanisms being tested at least annually, or following changes to security-relevant software, to ensure continued capability of the system to prevent:
|
|
|
|
|
121 |
Do CA systems recording security-relevant events include the following:
|
|||
|
122 |
Has the following information, if applicable, been recorded for each security event:
|
Data and Database Administration
|
Item |
Activities |
Yes |
No |
Comments |
|
123 |
Have audit checks of the CA database and the X.500 Directory been conducted to verify the logical and physical consistency of the database and identify discrepancies such as lost records, open chains, and incomplete sets? |
|||
|
124 |
Have CA database maintenance utilities that bypass controls been considered to be privileged and powerful software that must be restricted and monitored? |
|
OPERATIONS |
Operating Procedures
|
Item |
Activities |
Yes |
No |
Comments |
|
125 |
Are hardware and software techniques in place to detect hardware/software/communications/ network failures in the following:
|
|
|
|
|
126 |
Are sufficient generations of CA backup data being maintained to ensure that data can be recovered? |
|||
|
127 |
Is the two person integrity principle applied to the following functions:
|
|||
|
128 |
Is remote access to CA system components for diagnostic purposes prohibited? |
|||
|
129 |
Are the CA operating systems and product (e.g. Entrust) application components designated as particularly sensitive information being safeguarded accordingly? |
|||
|
130 |
Is the use of privileged and powerful software prohibited unless explicitly authorized by the CA Manager and used by authorized and knowledgeable CA personnel? |
|||
|
131 |
Are CA systems automatically terminated and interactive sessions re-authenticated after a determined period (e.g. 5 minutes) of inactivity? |
|||
|
132 |
Does the CA ensure, to the extent possible, that no individual performs all aspects of the CA process? |
|||
|
133 |
Are CA employees with privileged access trained and their activities monitored to ensure the appropriate security is maintained during their periods of access? |
|||
|
134 |
Have redundant hardware, software, and communications components been implemented as part of the CA availability mechanisms? |
|||
|
135 |
Do back-up systems automatically switch the required hardware, software, and communications components to primary status upon failure of the primary CA system? |
Detection and Surveillance
|
Item |
Activities |
Yes |
No |
Comments |
|
136 |
Are CA system logs being checked at randomly selected periods to verify that all processes were authorized? |
|
|
|
Government of Canada
Public Key Infrastructure
The following is a list of Information Technology Security Policy Statements that must be addressed in a Certification Authority’s CA policy to enter into a Cross-certification arrangement with the CCF. An example of an ITS Policy may be obtained at http://.
Introduction
Policy ObjectivePolicy Statement
Application
Accountability
Policy Requirements
CA Organization
Risk Management Process
Contingency Planning
Awareness and Training
Job Descriptions
Operating Procedures
Monitoring
Reviews
Inspections
Breaches and Violations
Personnel Security
CA Privileged Users
Local Registration Authorities
Subscribers
Segregation of Responsibilities
Information Security Policy
Information Labeling
Safeguarding of Information
Backups
Audit Logs
Archives
Disposal of Information
Physical Security
CA Facilities
Local Registration Authorities Facilities
Hardware and Software Security
Configuration Management
Connectivity
Communications
Software Components
Hardware Components
System Privileges
Operational Security
Policy Revisions
Government Of Canada
Public Key Infrastructure
The following is a list of information technology security procedures that must be addresses to enter into a cross-certification arrangement with the CCF. An example of ITS procedures may be obtained at http://.[None in original]
Hierarchy of CA Policies and Procedures
Physical and Environmental Security Procedures
Security Incident Reporting
Personnel Security Procedures
IT Security Roles and Responsibilities
Procedural Security Practices
Handling and Storage of IT Media
Monitoring and Reviewing Privileged Access
Configuration Management Procedures
Problem Management Procedures
Change Management Procedures
Security Event Monitoring, Logging, and Incident Handling Procedures
Audit and Security Review Procedures
Technical Security Procedures
Master User Functions
Security Officers Functions
Administrators Functions
Key Management
Backup and Restore
Account Management
Power-up/Power-down and Startup and Shutdown
Certification Revocation and Key Recovery
CA Organization Chart
Maintenance Procedures
PROTECTED "A"
(when completed)
Government of Canada
Public Key Infrastructure
|
Institution Name:
Name of Candidate CA participants:
Name of Negotiation Team Members:
|
Address:
Registration Number:
|
|
Date: Date of any previous Inspections: |
|
|
GOC PKI CP Level requested by Candidate CA.
|
Is this entity internal or external to the GOC PKI?
|
|
Item |
Question |
Answer |
||
|
ADMINISTRATIVE PRE-REQUISITES |
||||
|
1 |
Has the CA submitted an application to the Policy Management Authority (PMA) to cross certify with the GoC PKI? |
Yes No |
||
|
Was a Decision to Proceed Granted? |
Yes No |
|||
|
Do you have a representative of your organization on the PMA?(see PKI policy) |
Yes No |
|||
|
2 |
Has the CA published a Certification Practice Statement (CPS)? |
Yes No |
||
|
Which Certificate Policies (CPs) has the Certification Authority (CA) adopted? |
a) GoC CP b) Departmental/organizational CP c) Other |
|||
|
Have the CPs been mapped to the GoC CPs? |
Yes No |
|||
|
If so, has a summary report been provided to the Cross-Certification Team? |
||||
|
Has the CA cross-certified with any other CAs? |
Yes No This question does not appear to have been asked in Phase I |
|||
|
3 |
Were policies defined in your CP intended for use by your department and/or organization only? |
Yes No |
||
|
1.1 OVERVIEW (GOC PKI CP) |
||||
|
Does your policy state that the issuance of a public key certificate does not imply that a Subscriber has any authority to conduct business transactions on behalf of the organization operating the CA? |
This sort of statement should be incorporated into the Subscriber agreement |
|||
|
1.1.1 Policy Overview |
||||
|
6 |
What is the CA’s Policy Object Identifier Designation for its CPs? |
|||
|
Where cross-certificates have been issued, does the CA inform Subscribers which applications are intended to be used with the GoC PKI system? |
Yes No |
|||
|
Does the CA ensure that it associates itself and uses one Certificate and one CRL repository for each type of certificate? |
||||
|
Are Digital signature keys backed up or otherwise stored? |
Yes No |
|||
|
Has personal information collected by a CA ever been disclosed without the Subscriber’s consent? If so, it was required by law? |
Yes No
|
|||
|
8 |
Are certificates made available to Subscribers before or after publication? |
|||
|
Is there a vehicle for Subscribers to correct information contained in a published certificate? |
Yes No |
|||
|
How are disputes concerning key or certificate management resolved under this policy? |
||||
|
9 |
What maximum dollar amount is permitted per instance of use? |
$0 Up to $5000 Up to $50000 Up to 1000000 Other (specify) |
||
|
1.3.1 Certification Authorities (CAS) |
||||
|
10 |
For which of the following is your CA responsible?
|
Creating and signing certificates binding Subscribers with their signature verification keys
|
||
|
11 |
If a department and/or organization has chosen to use a contractor to provide CA services, does the department and/or organization assume responsibility and accountability for the operation of its CA? |
Yes No |
||
|
Is there a contract or other written arrangement? |
Yes No |
|||
|
12 |
Has the CA cross-certified with any other CA? |
Yes No |
||
|
13 |
If cross-certified with any other CAs are agreements made with other CAs documented? |
Yes No N/A |
||
|
14 |
If cross-certified with any other CAs, are applicable disclaimers made available to Subscribers? |
Yes No N/A |
||
|
1.3.2 Local Registration Authorities (LRAs) |
||||
|
Has your CA established LRAs? If so, how many? |
Yes How many? No |
|||
|
Has the CA assigned specific responsibilities to the LRA? |
Yes No |
|||
|
15 |
How do you ensure that LRAs operating under your Certificate Policy are responsible for all duties assigned to them by the CA? |
|||
|
What is the relationship between the CA and the LRAs? |
Same department Other department by MOU Private entity by contract Agent other |
|||
|
Has the CA ensured that the LRA satisfies all the requirements of the CP? |
Yes No |
|||
|
1.3.3 Repositories |
||||
|
17 |
Does the CA have at least one certificate and Certificate Revocation List repository associated with it? |
Yes No |
||
|
18 |
Is the repository in the form of one or more directories that comply with the Government of Canada (GoC) X.500 standards profile? |
Yes No If no, state the form of the repository? |
||
|
19 |
If the repository is not under the control of a CA, which of the following terms and conditions of its association does the CA included:
|
Other N/A |
||
|
1.3.4 Subscribers |
||||
|
Is responsibility and accountability attributable to an individual or an organization for certificates, which are issued to Subscribers? |
Yes No |
|||
|
Are PKI certificates only issued after authorization from one or more sponsors? |
Yes No |
|||
|
Is eligibility for a certificate at the sole discretion of the CA? |
Yes No |
|||
|
1.3.6 Policy Applicability |
||||
|
Are the certificates intended to be used to protect designated (insert GSP definition of designated) information? |
Yes No |
|||
|
If yes to the above, what consequences could be expected if the information was compromised? |
Explain N/A |
|||
|
1.3.6.1 Approved and prohibited applications |
||||
|
22 |
A CA must advise Subscribers which applications are to be used with the PKI system. Are these applications, as a minimum, meeting the following requirements:
|
|
||
|
Does the PKI correctly establish, transfer and using the public and private keys? |
Yes No |
|||
|
Is it capable of performing the appropriate certificate validity and verification checking? |
Yes No |
|||
|
Does it reporting appropriate information and warnings to the Subscribers? |
Yes No |
|||
|
23 |
Does the CA operate in accordance with the following when issuing and managing the keys provided to LRAs and Subscribers:
|
Yes No, explain: |
||
|
24 |
Does the CA verify the activities of the LRA to ensure that it is compliant to the CP requirements? |
Yes No |
||
|
25 |
Does the CA make Subscribers aware of their rights and obligations with respect to the operation and management of the following when used in connection with the PKI:
|
Yes No
|
||
|
If so, how? |
||||
|
26 |
Does the CA do each the following:
|
|||
|
27 |
Are the CA personnel associated with the following PKI roles individually accountable for transactions they perform:
|
Yes No |
||
|
2.1.1.1 Notification of certificate issuance and revocation |
||||
|
29 |
How does the CA make CRLs available to Subscribers or relying parties? |
|
||
|
30 |
Does the CA notify a Subscriber when a certificate bearing the Subscriber’s DN is issued or revoked? |
Yes No |
||
|
2.1.1.2 Accuracy of representations |
||||
|
31 |
Has the CA certified that the information stated in a certificate issued to a Subscriber was verified in accordance with its CP prior to publishing the certificate in a repository to which the subscriber has access? |
Yes No |
||
|
32 |
Has the CA provided each Subscriber with notice of the Subscriber’s rights and obligations under its CP? |
Yes No |
||
|
33 |
What are:
|
|||
|
35 |
Describe the Relying Party’s obligations with respect to the following:
|
|||
|
37 |
Does your policy ensure that the period for which the Entity has to complete its initialization process? If so what is the prescribed time allowed? |
|
||
|
2.1.1.4 Certificate revocation and renewal |
||||
|
38 |
Do procedures for the expiration, revocation and re-issuance of a certificate conform to the relevant provisions of the CP? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
39 |
Are the certificate revocation and renewal procedures expressly stated in the CPS, the Subscriber Agreement or any other applicable document outlining the terms and conditions of the certificate use? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
41 |
Is the location of the CRL defined in the certificate? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
2.1.1.5 Protection of private keys |
||||
|
42 |
Has the CA ensured that the private keys that it holds or stores, and the activation data are protected in the CA encrypted database? |
Yes No |
||
|
43 |
Does the CP require that all entities protect their private keys and activation data in accordance with departmental and/or organizational policy? |
Yes No |
||
|
44 |
Has the CA ensured that any Confidentiality private keys of a Subscriber that have been backed- up or archived are protected? |
Yes No |
||
|
How? |
||||
|
45 |
Does the CA have a policy of non-disclosure of private keys? |
Yes No |
||
|
2.1.1.6 Restrictions on issuing CA’s private keys |
||||
|
46 |
Has the CA ensured that its certificate signing private key is used only to sign certificates and CRLs? |
Yes No |
||
|
48 |
Has the CA ensured that private keys issued to its personnel to access and operate CA applications are used only for such purposes? |
Yes No |
||
|
2.1.2 LRA obligations |
||||
|
50 |
Has the CA ensured that all its LRAs comply with all the relevant provisions of the CA’s CP and the CA’s CPS? NOTE: Not applicable for Rudimentary |
Yes No |
||
|
51 |
Is the CA responsible through its LRAs to bring to the attention of Subscribers all relevant information pertaining to the rights and obligations of the CA, LRA, and Subscriber contained in the following:
NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
52 |
Do records of all transactions carried out in performance of LRA duties identify the individual who performed the particular duty? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
53 |
Are LRA Administrators individually accountable for transactions performed on behalf of the CA? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
55 |
When the LRA submits Subscriber information to the CA, does the LRA certify to the CA that it has authenticated the identity of that Subscriber? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
56 |
When performing LRA duties on-line through a remote administration application with the CA, do LRAs ensure that their private keys are protected? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
57 |
Are private keys used by LRAs to access and operate on-line LRA applications used for any other purpose? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
2.1.3 Subscriber obligations |
||||
|
58 |
Has the CA ensured that a Subscriber enters into an agreement or abides by an agreement by an acceptable use policy which outlines the terms and conditions of use, including permitted applications and purposes? |
Yes No |
||
|
2.1.3.1 Representations |
||||
|
59 |
Does the CA require that information submitted in connection with a certificate be complete and accurate? |
Yes No |
||
|
60 |
What proportion of every 24-hour period is the repository available? |
|
||
|
61 |
What is the availability of certificates and CRLs to Relying Parties? |
no stipulation? 24 hours? 12 hours? 4 hours? Other?
|
||
|
2.2 LIABILITY |
||||
|
2.2.1 Requirements |
||||
|
62 |
Has the CA ensured that the following are in accordance with its CP:
|
Yes No
|
||
|
64 |
Do you have a Disclaimer of warranties and obligations policy? |
Yes No |
||
|
What is the substance of the Disclaimer? |
||||
|
2.2.3 Limitations of liability |
||||
|
65 |
|
no stipulation? $5,000 per instance? $50,000 per instance? $1,000.000 per instance? |
||
|
2.2.4 Other terms and conditions |
||||
|
66 |
Are disclaimers or limitations of liability contained in the CPS consistent with the CP? |
Yes No |
||
|
2.3 FINANCIAL RESPONSIBILITY |
||||
|
67 |
Has the CA contracted for the provision of its CA services? |
Yes No |
||
|
68 |
If so, did the CA ensure that the contracted CA provided the following:
|
Yes No N/A |
||
|
2.4 INTERPRETATION AND ENFORCEMENT |
||||
|
2.4.1 Governing law |
||||
|
69 |
What laws govern the CA? |
|
||
|
2.4.2 Severability, survival merger, notice |
||||
|
70 |
Do agreements entered into by the CA contain appropriate provisions governing the following:
|
Yes No |
||
|
2.4.3 Dispute resolution procedures |
||||
|
71 |
Do agreements that the CA has entered contain provisions for appropriate dispute resolution procedures? |
Yes No |
||
|
2.5 FEES |
||||
|
72 |
Does the CA charge fees, and if so, how much and for what? How does the CA notify Subscribers? |
Yes No Explain |
||
|
2.6 PUBLICATION & REPOSITORY |
||||
|
73 |
Has the CA included within any certificate it issues the URL of a web site maintained by, or on behalf, of the CA? |
Yes No |
||
|
74 |
Does the CA ensure the publication of its CP and its CPS, digitally signed by an authorized representative of the CA, on a Web site maintained by, or on behalf, of the CA? |
Yes No |
||
|
75 |
Has the CA ensured, directly, or through agreement with a repository, that operating system and repository access controls are configured so that only authorized CA personnel can write or modify the online version of the CP and the CPS? |
Yes No |
||
|
77 |
Has the CA ensured, directly or with agreement with a repository, unrestricted access to CRLs? |
Yes No |
||
|
2.7 COMPLIANCE INSPECTION |
||||
|
2.7.1 Frequency of Compliance Inspection |
||||
|
79 |
Have Compliance Inspections been conducted prior to the initial cross certification with GoC PKI? Have Compliance Inspections been conducted as a minimum? for the following assurance levels:
|
Yes No
|
||
|
2.7.2 Identity/qualifications of CA Inspector |
||||
|
80 |
Who appoints the Inspectors? |
|||
|
81 |
Are Inspections performed by a person with significant experience with the following:
|
Yes No |
||
|
2.7.3 Inspector’s relationship to audited CA |
||||
|
82 |
Is the Inspector independent of the CA? |
Yes No |
||
|
83 |
Does the Inspector comply with the following:
|
Independent of the CA? Comply with the Conflict of Interest provisions?
|
||
|
2.7.4 Topics covered by Inspection |
||||
|
84 |
Which topics are covered by the Inspection?
|
The CPS outlines, in sufficient detail, the technical, procedural and personnel policies and practices of the CA which meet the requirements of all the certificate policies supported by the CA? The CA implements those technical, procedural and personnel practices and policies? The LRA, if used, implements those technical, procedural and personnel practices and policies set out by the CA? |
||
|
2.7.5 Actions taken as a result of inspection |
||||
|
85 |
Are there procedures for taking action, where required? |
Yes No |
||
|
86 |
What provisions are in place to protect confidential, sensitive or personal information?
|
|||
|
3.1 INITIAL REGISTRATION |
||||
|
3.1.1 Types of names |
||||
|
87 |
Does each Entity have a clearly distinguishable and unique X.501 DN in the certificate subject name field and in accordance with PKIX Part 1? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
89 |
Is the DN in the form of an X.501 printable String and not left blank? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
3.1.2 Need for names to be meaningful |
||||
|
90 |
Do the contents of each certificate Subject and Issuer name fields have an association with the authenticated name of the Entity? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
91 |
In the case of individuals, is the Relative Distinguished Name (RDN) a combination of the following: NOTE: Not applicable for Rudimentary |
First name? Surname? Initials (Optional)? N/A |
||
|
93 |
In the case of other entities, does the RDN reflect the authenticated legal name of the Entity? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
94 |
Where a certificate refers to a role or position, does the certificate also contain the identity of the person who holds that role or position? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
95 |
Where a certificate is issued for a device, does it include within the DN, the name of the person or organization responsible for the device? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
3.1.4 Uniqueness of names |
||||
|
96 |
Are Distinguished Names unique for all End-entities of a CA? |
Yes No |
||
|
3.1.5 Name claim dispute resolution procedure |
||||
|
98 |
Does the CA reserve the right to make all decisions regarding Entity names in all assigned certificates? |
Yes No |
||
|
100 |
Where there is a dispute about a name in a repository not under the CA’s control, does the CA ensure that there is a name claim dispute resolution procedure in its agreement with that repository? |
Yes No |
||
|
3.1.7 Method to prove possession of private key |
||||
|
101 |
Do the issuing CA and End-entity confirm their respective identities through the use of a shared secret prior to the issuance of a verification certificate? NOTE: Not applicable for Rudimentary |
Yes No If no, what other method is used: |
||
|
102 |
Do the Issuing CA and End-entity confirm their respective identities through the use of a shared secret prior to the exchange of a private decryption key? NOTE: Not applicable for Rudimentary |
Yes No If no, what other method is used: |
||
|
3.1.8 Authentication of organization identity |
||||
|
How is the identification of a prospective Subscriber verified? |
The CA or LRA examines notarized copies of documentation providing evidence of the existence of the organization? Other, specify:
|
|||
|
104 |
Where the technology does not permit the independent generation of Digital Signature and Confidentiality key pairs, is the Digital Signature key pair used? |
Yes No |
||
|
105 |
If not, is the Digital Signature key pair used to provide certificates for use by organizations? |
Yes No |
||
|
106 |
Is the authority verified of the individual representing the prospective Subscriber? |
Yes No |
||
|
108 |
Does the CA or LRA verify the identity and authority of the individual acting on behalf of the prospective Subscriber and his/her authority to receive the keys on behalf of that organization? |
Yes No |
||
|
109 |
Does the CA or LRA keep a record of the type and details of identification used? |
Yes No |
||
|
3.1.9 Authentication of individual identity |
||||
|
111 |
How is the identification and authentication of individuals making an application for an individual to be a Subscriber established?: |
|
||
|
3.1.10 Authentication of devices or applications |
||||
|
113 |
How was the identification and authentication of the applicant verified? NOTE: Not applicable for Rudimentary |
Explain N/A |
||
|
114 |
Did the CA or LRA also verify the identity of the individual or organization making the application and their authority to receive the keys for that device or application? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
3.2 AUTHENTICATION FOR ROUTINE REKEY |
||||
|
116 |
Does the CA authenticate all requests for re-key? |
Yes No |
||
|
117 |
Does the Entity authenticate the subsequent response? |
Yes No |
||
|
118 |
Is the authentication done by an on-line method in accordance with PKIX Part 3 – Certificate Management Protocol? |
Yes No |
||
|
120 |
Where one of the keys has expired, is the request for re-key authenticated in the same manner as for initial registration? |
Yes No |
||
|
3.3 AUTHENTICATION FOR REKEY AFTER REVOCATION |
||||
|
121 |
Does the CA authenticate a re-key in the same manner as for initial registration where there is a known or suspected compromise of the private key? |
Yes No |
||
|
122 |
Does the CA or LRA authorized to act on behalf of the CA verify any change in the authentication information contained in a certificate? |
Yes No |
||
|
3.4 AUTHENTICATION OF REVOCATION REQUEST |
||||
|
123 |
Does the CA, or LRA acting on its behalf, authenticate a request for revocation of a certificate? |
Yes No |
||
|
124 |
Does the CA establish and make publicly available the process by which it addresses such requests and the means by which it will establish the validity of the request? |
Yes No |
||
|
125 |
Does the CA or LRA log requests for revocation of certificates? |
Yes No |
||
|
4.1 APPLICATION FOR A CERTIFICATE
|
||||
|
126 |
Does the CA ensure that all procedures and requirements with respect to an application for a certificate are established and published in the CPS or a publicly available document? |
Yes No |
||
|
127 |
Are bulk applications on behalf of End-Entities permitted only by such persons authorized to make such applications? NOTE: Not applicable for Rudimentary |
Yes No |
||
|
128 |
Which of the following must accompany each application?:
|
Proof of the End-entity’s identity? Proof of authorization for any requested certificate attributes? A signed agreement, or for employees, an acknowledgement of the applicable terms and conditions governing their use of the certificate? A public verification key generated by the end-entity?
|
||
|
4.3 CERTIFICATE ACCEPTANCE |
||||
|
129 |
Does the CA ensure that an Entity acknowledges acceptance of a certificate? |
Yes No |
||
|
130 |
In the case of a device or application, does the CA ensure that the individual or organization responsible for that device or application does the acknowledgement? |
Yes No
|
||
|
4.4 CERTIFICATE SUSPENSION & REVOCATION |
||||
|
4.4.1 Circumstances for revocation |
||||
|
131 |
Does the CA revoke certificates for the following:
|
Always Only if cross-certified
|
||
|
4.4.3 Procedure for revocation request |
||||
|
133 |
Are all procedures and requirements with respect to the revocation of a certificate set out in the CPS or otherwise made publicly available? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
134 |
Does the CA record and retain authenticated revocation requests and any resulting actions taken by the CA? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
135 |
In the case where a certificate is revoked, is a description of the reason for the revocation documented? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
136 |
Is the revocation of an Entity certificate published in the appropriate CRL? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
4.4.4 Revocation request grace period |
||||
|
137 |
Specify the period of time within which action is taken as a result of a request initiated for the revocation of a certificate |
no stipulation? 24 hours? 12 hours?immediately? |
||
|
4.4.9 CRL issuance frequency |
||||
|
138 |
Specify the frequency for which the CA issues an up to date CRL: |
no stipulation? 24 hours? 12 hours? 4 hours?
|
||
|
139 |
Is the CA’s CRL issuance synchronized with any directory synchronization to ensure the accessibility of the most recent CRL to Relying Parties? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
140 |
Is an updated CRL issued immediately upon a certificate being revoked due to key compromise? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
4.4.15 Special requirements regarding key compromise |
||||
|
141 |
In the event of the compromise, or suspected compromise of the CA signing key, does the CA notify immediately all CAs to whom it has issued cross-certificate (e.g. CCF) and the PMA? |
Yes No |
||
|
142 |
In the event of the compromise or suspected compromise, of any other Entity’s signing key, and/or Entity’s decryption private key, does the Entity notify the issuing CA immediately? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
143 |
Does the CA ensure that its CPS or a publicly available document and appropriate agreements contain provisions outlining the means it will use to provide notice of compromise or suspected compromise? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
4.5 SYSTEM SECURITY AUDIT PROCEDURES |
||||
|
4.5.1 Types of event recorded |
||||
|
147 |
Does the CPS indicate what information is logged? Please elaborate. NOTE: Not applicable for Rudimentary |
Yes No. |
||
|
4.5.2 Frequency of audit log processing |
||||
|
149 |
With what frequency does the CA ensure that its audit logs are reviewed: |
There is no stipulation? Every 2 weeks? Every week? daily? |
||
|
150 |
Are all significant events explained in a audit log summary? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
151 |
Are actions taken from these reviews documented? NOTE: Note applicable for Rudimentary |
Yes no |
||
|
4.5.3 Retention period for audit log |
||||
|
152 |
How long does the CA retain its audit logs onsite? Are they subsequently archived? NOTE: Note applicable for Rudimentary |
How long: N/A
Yes No N/A |
||
|
4.5.4 Protection of audit log |
||||
|
153 |
Does the electronic audit log system include mechanisms to protect the log files from unauthorized viewing, modification, and deletion? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
154 |
Is manual audit information protected from unauthorized viewing, modification and destruction? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
4.5.5 Audit log backup procedures |
||||
|
155 |
Are audit logs and audit summaries backed up or copied if in manual form? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
4.5.6 Audit collection system |
||||
|
156 |
Are audit collection systems identified in the CPS? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
4.5.8 Vulnerability assessments |
||||
|
158 |
Events in the audit process are logged, in part, to monitor system vulnerabilities. Does the CA ensure that a vulnerability assessment is performed, reviewed and revised following an examination of these monitored events? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
4.6 RECORDS ARCHIVAL |
||||
|
159 |
Are Digital Signature certificates, Confidentiality private keys stored by the CA, and ARLs and CRLs generated by the CA retained for at least one year after the expiration of the key material? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
160 |
Are audit information, subscriber agreements and any identification and authentication information retained for at least (6) years? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
161 |
Are backed up CA Confidentiality private keys protected at a level of physical and cryptographic protection equal to or exceeding that in place at the CA site? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
162 |
Is a second copy of all retained or backed up material stored in a location other than the CA site and protected either by physical security alone, or a combination of physical and cryptographic protection? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
163 |
Does the secondary site provide adequate protection from environmental threats such as temperature, humidity and magnetism? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
164 |
Is material stored off-site periodically verified for integrity? (CP suggests every 6 months) NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
4.7 KEY CHANGEOVER |
||||
|
166 |
Does the CPS include the details of the process for a Subscriber’s renewal of a key pair and key changeover process? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
167 |
Does the CA or LRA re-authenticate Subscribers without valid keys in the same manner as the initial registration? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
168 |
Where a Subscriber’s certificate has been revoked as a result of non-compliance, does the CA verify that any reasons for non-compliance have been addressed to its satisfaction prior to certificate re-issuance? NOTE: Note applicable for Rudimentary |
Yes No N/A
|
||
|
4.8 COMPROMISE AND DISASTER RECOVERY |
||||
|
4.8.1 Computing resources, software, and/or data are corrupted |
||||
|
170 |
Are business continuity procedures, which outline the steps to be taken in the event of the corruption or loss of computing resources, software and/or data established? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
171 |
Did the CA ensure that any agreement with a repository not under the control of the CA, provides that business continuity procedures be established and documented by the repository? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
4.8.2 Entity public certificate is revoked |
||||
|
172 |
In the event of a need for revocation of a CA’s Digital Signature certificate, does the CA immediately notify the following:
NOTE: Note applicable for Rudimentary |
PMA? (next business day) All CAs to whom it has issued cross-certificates? (CCF only?) All of its LRAs?(through departmental channels) All Subscribers?(end entities & organizations) All individuals or organizations who are responsible for a certificate used by a device or application?(not mentioned) N/A |
||
|
173 |
Does the CA publish the certificate serial number on an appropriate CRL and revoke all cross-certificates signed with the revoked Digital Signature certificate? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
4.8.2.1 Entity public key is downgraded |
||||
|
174 |
If a CA’s Digital Signature certificate is downgraded, does the CA immediately notify the following:
NOTE: Note applicable for Rudimentary |
PMA?(next business day) All CAs to whom it has issued cross-certificates?(CCF) All of its LRAs?(through departmental channels) All Subscribers?(end entities and organizations) All individuals or organizations who are responsible for a certificate used by a device or application?(does not mention) N/A |
||
|
175 |
Prior to re-establishing cross-certification, does the CA do the following:
NOTE: Note applicable for Rudimentary |
Request revocation of cross-certificates issued to the CA? Revoke all certificates signed with the higher assurance key? Provide appropriate notice? Generate a new CA signing key pair? Re-issue certificates to all Entities? Ensure that all CRLs and ARLs are signed using the new key? |
||
|
176 |
In the event of a downgrade of any other Entity’s Confidentiality certificate, does the CA or LRA notify the subscriber in a manner set out in its CPS and the Subscriber agreement? NOTE: Note applicable for Rudimentary |
Yes No N/A
|
||
|
4.8.3 Entity key is compromised |
||||
|
177 |
In the event of the compromise of a CA’s Digital Signature key, does the CA do the followings prior to re-certification:
NOTE: Note applicable for Rudimentary |
|
||
|
178 |
Does the CPS and appropriate agreements contain provisions outlining the means it will use to provide notice of compromise or suspected compromise for the following keys:
NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
179 |
Does the CA notify the PMA immediately in the event of the compromise, or suspected compromise of a CA decryption private key? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
4.8.4 Secure facility after a natural or other type of disaster |
||||
|
180 |
Did the CA establish a disaster recovery plan, which outlines the steps to be taken to re-establish a secure facility in the event of a natural or other type of disaster? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
181 |
Where a repository is not under the control of the CA, did the CA ensure that any agreement with the repository provides that a disaster recovery plan is established and documented by the repository? NOTE: Note applicable for Rudimentary |
Yes No N/A? |
||
|
4.9 CA TERMINATION |
||||
|
182 |
In the event that a CA ceases operation, does the CA notify its Subscribers and all the CAs with whom it is cross-certified immediately upon termination of operations and arrange for the continued retention of the CA’s keys and information? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
183 |
In the event of a change in management of the CA’s operations, does the CA notify all Entities for which it has issued certificates and CAs with whom it has cross-certified? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
184 |
In the event of a transfer of a CA’s operations to another CA operating at a lower level of assurance, are the certificates issued by that CA, whose operations are being transferred, revoked through a CRL signed by that CA prior to the transfer? NOTE: Note applicable for Rudimentary |
Yes No N/A |
||
|
5.1 PHYSICAL CONTROLS |
||||
|
5.1.1 Site location, construction and physical access |
||||
|
186 |
Is the CA located in a Reception zone? (if unknown, answer the following) Is the CA located at the entry to the facility where initial contact between the public and the department occurs, where services are provided, information is exchanged and access to restricted areas is controlled? To varying degrees, is activity in this area monitored by the personnel who work there, by other personnel or by security staff? Is access by the public limited to specific times of the day or for specific reasons? Is entry to the area indicated by a recognizable perimeter such as a doorway or an arrangement of furniture and dividers in an open office environment? |
Yes No |
||
|
Is the CA located in an Operations Zone? (if unknown, answer the following?) Is the area to which access is limited to personnel and to properly-escorted visitors? Is the area monitored at least periodically, based on a TRA,? Is the area accessible from a Reception zone? |
Yes No |
|||
|
Is the CA located in a Security Zone? (if unknown, answer the following?) Is the CA in an area to which access is limited to authorized personnel and to authorized and properly-escorted visitors? Is the area access from an Operations zone and through an entry point? Is the Area monitored 24 hours a day and 7 days a week by security staff, other personnel or electronic means? |
Yes No |
|||
|
Is the CA located in a High-Security Zone? (if unknown, answer the following) Is the CA in an area to which access is controlled through an entry point and limited to authorized, appropriately-screened personnel and authorized and properly-escorted visitors? Is the area accessible only from a Security Zone and separated from Security Zones and Operations Zone by a perimeter built to the specifications recommended in the TRA? Is the area monitored 24 hours a day and 7 days a week by security staff, other personnel or electronic means? |
Yes No |
|||
|
187 |
Is the CA site manually or electronically monitored for unauthorized intrusion? |
At all times No Some of the time (specify) |
||
|
188 |
Is unescorted access to the CA server limited to those personnel identified on an access list? |
Yes No |
||
|
189 |
Are personnel not on the access list, properly escorted and supervised? |
Yes No |
||
|
190 |
Is a site access log maintained and audited periodically? |
Yes No |
||
|
191 |
Are all removable media and paper containing sensitive plain text information stored in containers either listed in, or of equivalent strength to those listed in, the Security Equipment Guide? |
Yes No |
||
|
192 |
Are all LRAs located in an area that satisfies the controls required for a Reception Zone? |
Yes No |
||
|
193 |
If an LRA workstation is used for on-line Entity management with the CA, is the workstation located in one of the following zones:
|
Operations Zone OR a Reception Zone with all media security protected when unattended? A Security Zone OR a Operations Zone while attended with all media security protected when unattended? N/A |
||
|
194 |
Has the CA ensured that there is appropriate security protection for the following and how:
|
Yes No Explain:
|
||
|
195 |
Does the CA ensure, by a TRA, that the operations of the LRA site provides appropriate security protection of the cryptographic module, all system software and the LRA Administrator’s private key? |
Yes No |
||
|
196 |
Are recorded PINs and passwords stored in a security container accessible only to authorized personnel? |
Yes No |
||
|
197 |
Rhonda Lazarus notes that this question cannot be answered by a CA. |
|||
|
198 |
Is the hard drive on a workstation containing private keys physically secured or protected with an appropriate access control product? |
Yes No |
||
|
199 |
Is the Subscribers hardware cryptographic module physically protected by the following:
NOTE: for High Assurance only |
Yes No N/A
|
||
|
5.1.3 Power and air conditioning |
||||
|
200 |
Did the CA ensure that the power and air conditioning facilities are sufficient to support the operation of the CA system? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
5.1.4 Water exposures |
||||
|
201 |
Has the CA ensured that the CA system is protected from water exposure? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
5.1.5 Fire prevention and protection |
||||
|
202 |
Has the CA ensured that the CA system is protected with a fire suppression system? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
5.1.6 Media storage |
||||
|
203 |
Has the CA ensured that storage media used by the CA system is protected from environmental threats such as temperature, humidity and magnetism? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
5.1.7 Waste disposal |
||||
|
204 |
Has all media used for the storage of sensitive information such as keys, activation data or CA files been sanitized or destroyed before release for disposal? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
5.1.8 Off-site backup |
||||
|
205 |
Does the CA have off-site backup facilities? NOTE: Not applicable for Rudimentary |
|
||
|
206 |
Do these off-site backup facilities have the same level of security as the primary CA site? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
5.2.1.1 CA Trusted Roles |
||||
|
207 |
Does the CA ensure a separation of duties for critical CA functions to prevent one person from maliciously using the CA system without detection? |
Yes No (if no go to question 215) |
||
|
208 |
Is each user’s system access limited to those actions for which they are responsible to perform in fulfilling their responsibilities? |
Yes No N/A |
||
|
213 |
If an alternative division of responsibilities is used, does it provide the same degree of resistance to insider attack? |
Yes No Explain N/A |
||
|
5.2.1.2 LRA Trusted Roles |
||||
|
215 |
Does the CA ensure that LRA personnel understand their responsibility for the identification and authentication of prospective Subscribers and perform the following functions:
Provision of authorization codes for on-line key exchange and certificate creation? NOTE: Not applicable for Rudimentary |
Yes No |
||
|
5.2.2 Number of persons required per task |
||||
|
218 |
Does the key recovery operation require a minimum of two individuals using a split knowledge technique such as twin passwords? NOTE: Not applicable for Rudimentary |
yes no N/A |
||
|
220 |
Is multi-user control exercised for CA key generation? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
221 |
Does the CA ensure that any verification process it employs provides for oversight of all activities performed by privileged CA role holders? NOTE: Not applicable for Rudimentary |
Yes No N/A
|
||
|
5.2.3 Identification & Authentication for each role |
||||
|
222 |
Did all CA personnel have their identity and authorization verified for the following activities:
NOTE: Not applicable for Rudimentary |
Yes No N/A
|
||
|
223 |
Does each certificate and account (with the exception of CA signing certificates) meet the following standards:
NOTE: Not applicable for Rudimentary |
Yes No N/A
|
||
|
224 |
Are CA operations secured using mechanisms such as token-based strong authentication and encryption, when accessed across a shared network? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
5.3 PERSONNEL SECURITY CONTROLS |
||||
|
225 |
Have all personnel performing duties with respect to the operation of a CA or LRA been:
|
Yes No
|
||
|
226 |
What security clearance Do all personnel performing duties with respect to the operation of a CA hold |
Enhanced Reliability Check Level II (Secret) Other (specify) |
||
|
227 |
Do all personnel who operate a LRA workstation for the purpose of on-line Entity management with the CA, hold an Enhanced Reliability Check? Does it include fingerprint check and a credit check? |
Yes No Yes No |
||
|
5.3.2 Background Check Procedures |
||||
|
228 |
Have the background checks been performed in accordance with the Government Security Policy, or equivalent? |
Yes no |
||
|
229 |
Have the personnel performing duties with respect to the operation of a CA or LRA received comprehensive training in the following topics:
|
Yes No
|
||
|
230 |
Are the training requirements with respect to the operation of a CA or LRA operation kept current to accommodate changes in the CA system? |
Yes no |
||
|
231 |
Refresher training must be conducted as required to accommodate changes in the CA system. Does the CA review these requirements at least once a year? |
Yes No |
||
|
5.3.7 Contracting Personnel |
||||
|
233 |
Does the CA ensure that contractors are properly escorted and supervised? |
Yes No |
||
|
234 |
Do all CA and LRA personnel have the following documentation available to them:
|
Yes No
|
||
|
6 TECHNICAL SECURITY CONTROLS |
||||
|
6.1 Key Pair Generation and Installation |
||||
|
6.1.1 Key Pair Generation |
||||
|
235 |
Does each prospective certificate holder generate its own Digital signature key pair using a PMA approved algorithm? NOTE: Not applicable for Rudimentary |
Yes No |
||
|
236 |
Does each prospective certificate holder generate its own Confidentiality key pair using a PMA approved algorithm? NOTE: Not applicable for Rudimentary |
Yes No |
||
|
6.1.2 Private Key Delivery to Entity |
||||
|
237 |
If the private decryption key is not generated by the prospective certificate holder, is it delivered to the Entity in one of the following ways: NOTE: Not applicable for Rudimentary |
|
||
|
6.1.3 Public Key Delivery to Certificate Issuer |
||||
|
238 |
Is the public verification key delivered to the CA via one of the following ways:
NOTE: Not applicable for Rudimentary |
|
||
|
239 |
If the public encryption key is not generated by the CA, is it delivered to the CA in one of the following ways:
NOTE: Not applicable for Rudimentary |
|
||
|
6.1.4 CA Public Key Delivery to Users |
||||
|
240 |
Is the CA public verification key delivered to the prospective certificate holder in one of the following ways:
NOTE: Not applicable for Rudimentary |
|
||
|
6.1.5 Asymmetric Key Sizes |
||||
|
241 |
Which standards do key pairs for all PKI entities meet |
|
||
|
6.1.6 Public key parameters generation |
||||
|
242 |
Does the CA utilize the DSA algorithm that generate parameters in accordance with FIPS 186? |
Yes No |
||
|
6.1.8 Hardware/Software Key Generation |
||||
|
244 |
Is generation of Digital Signature keys for all Entities generated in a hardware cryptographic module for High Level Assurance? NOTE: For High Assurance only |
Yes No N/A |
||
|
245 |
Are CA Digital signature key pairs generated in a hardware cryptographic module for the following assurance levels: NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
6.1.9 Key Usage Purposes (as per X.509v3 field) |
||||
|
247 |
Are CA signing keys the only keys permitted for signing certificates and CRLs? NOTE: Not applicable for Rudimentary |
Yes No |
||
|
248 |
Is the certificate key Usage field used in accordance with PKIX-1 Certificate Profile and CRL Profile? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
249 |
Are the following Key Usage values present in all certificates:
NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
250 |
Are the following additional values present in CA certificate-signing certificates: NOTE: Not applicable for Rudimentary |
|
||
|
6.2.2 Private Key Multi-person Control |
||||
|
252 |
Is multiple person control exercised for CA key generation operations? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
253 |
Do two staff performing duties associated with the roles of PKI Master User or PKI Officer positions participate or are present for CA key generation operations? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
254 |
Is multiple person control exercised during private confidentiality key recovery? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
255 |
Do two staff performing duties associated with the roles of PKI Master User or PKI Officer or PKI Administrator positions participate or are present for private confidentiality key recovery? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
6.2.3 Private Key Escrow |
||||
|
256 |
Are Digital Signature Private keys ever escrowed? |
Yes No N/A |
||
|
6.2.4 Private Key Backup |
||||
|
257 |
Are backups of Digital Signature private key copied & stored in encrypted form and protected at a level no lower than stipulated for the primary version of the key? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
259 |
Does the CA back up private keys? If so, are backed up private confidentiality keys copied and stored in encrypted form and protected at a level no lower than stipulated for the primary version of the key? |
Yes No Yes No |
||
|
6.2.6 Private Key Entry into Cryptographic Module |
||||
|
260 |
Are private decryption keys not generated by the Entity’s cryptographic module entered into the following: NOTE: Not applicable for Rudimentary |
|
||
|
6.2.7 Method of Activating Private Key |
||||
|
261 |
Is the Entity authenticated (e.g. password) to the cryptographic module before activation of the private key? NOTE: Not applicable for Rudimentary |
Yes No |
||
|
262 |
Are deactivated private keys kept in encrypted form only? NOTE: Not applicable for Rudimentary |
Yes No |
||
|
6.2.8 Method of Deactivating Private Key |
||||
|
263 |
When keys are deactivated, are they cleared from memory before the memory is de-allocated? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
264 |
Is any disk space where keys were stored overwritten before the space is released to the operating system? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
265 |
Does the cryptographic module automatically deactivate the private key after a pre-set period of inactivity? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
6.2.9 Method of Destroying Private Key |
||||
|
266 |
Upon termination of use of a private key, are all copies of the private key in computer memory and shared disk space securely destroyed by overwriting? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
267 |
Is the method of overwriting approved by the PMA? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
268 |
Are private key destruction procedures described in the following documents:
NOTE: Not applicable for Rudimentary |
|
||
|
6.3 Other Aspects of Key Pair Management |
||||
|
6.3.1 Public Key Archival |
||||
|
269 |
Are all verification public keys retained by the issuing CA? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
6.3.2 Usage Periods for the Public and Private Keys |
||||
|
270 |
Do you have a validity period that meets the following minimum standards for the Digital Signature Key pair:
|
Yes No |
||
|
271 |
Do you have a validity period that meets the following minimum standards for the Confidentiality Key pair:
|
Yes No
|
||
|
6.4 Activation Data |
||||
|
Are activation data unique and unpredictable? NOTE: Not applicable for Rudimentary |
Yes No N/A |
|||
|
273 |
Does the activation data, in conjunction with any other access control, have an appropriate level of strength for the keys or data to be protected? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
274 |
Are the following codes protected from unauthorized use by a combination of cryptographic and physical access control mechanisms:
NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
275 |
Where passwords are used, does the entity have the capability to change its password at any time? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
276 |
Is the level of protection adequate to deter a motivated attacker with substantial resources? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
6.5 Computer Security Controls |
||||
|
6.5.1 Specific Computer Security Technical Requirements |
||||
|
280 |
Which of the following functionality does each CA server include (either provided by the operating system or through a combination of operating system, PKI CA software, and physical safeguards):
NOTE: Not applicable for Rudimentary |
|
||
|
6.5.2 Computer Security Rating |
||||
|
281 |
Did CSE, NSA or another accredited third party lab evaluate the security critical elements of the CA? |
Yes No If not CSE or NSA, please include the name of the accredited third party. |
||
|
282 |
Did the evaluation include system-level analysis? |
Yes No |
||
|
6.6 Life Cycle Technical Controls |
||||
|
6.6.1 System Development Controls |
||||
|
283 |
Does the CA use software that has been designed and developed under a development methodology such as MIL-STD-498, the system Security Engineering Capability Maturity Model (SSE CMM), or Information Security Engineering Handbook for the following assurance levels:
NOTE: Not applicable for Rudimentary |
Yes No If no, state the software used. |
||
|
284 |
Did the design and development process provide sufficient documentation to support third party security evaluation of the CA components and be supported by third party verification of process compliance and ongoing Threat Risk Assessments to influence security safeguard design and minimize residual risk for the following assurance levels:
NOTE: Not applicable for Rudimentary |
Yes No |
||
|
6.6.2 Security Management Controls |
||||
|
285 |
Is a formal configuration management methodology used for installation and ongoing maintenance for the following assurance levels:
|
Yes No N/A |
||
|
286 |
Does the CA software, when first loaded, provide a method for the Medium and High Level Assurances only CA to verify that the software on the system was:
NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
287 |
Does the CA have a mechanism to periodically verify the integrity of the software? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
288 |
Does the CA have mechanisms and policies in place to control and monitor the configuration of the CA system? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
289 |
Was the integrity of the CA system validated upon installation?
NOTE: Not applicable for Rudimentary |
Yes No N/A Frequency: |
||
|
6.7 Network Security Controls |
||||
|
290 |
Is the CA server protected from attack through any open or general purpose network with which it is connected? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
291 |
Does the protection provided through the installation of a device (e.g. firewall) configured to allow only the protocols and commands required for the operation of the CA? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
292 |
Does the protection device (e.g. firewall) log all successful and unsuccessful attempts to communicate through to the CA components? NOTE: Not applicable for Rudimentary |
Yes No N/A/ |
||
|
6.8 Cryptographic Module Engineering Controls |
||||
|
293 |
Are all CA Digital Signature key generation, CA Digital Signature key storage and certificate signing operations performed in the following :
|
Yes No
|
||
|
294 |
Are all other CA cryptographic operations performed in the following:
|
Yes No |
||
|
295 |
Are the LRA Administrator Digital Signature key generation and signing operations performed in the following:
|
Yes No |
||
|
296 |
Are all other LRA cryptographic operations performed in the following:
|
Yes no |
||
|
297 |
Do end entities use cryptographic modules validated to at least the following standards:
|
Yes no |
||
|
7 CERTIFICATE & CRL PROFILES |
||||
|
7.1.1 Profile |
||||
|
298 |
Does the CA issue X.509 Version 3 certificates in accordance with the PKIX Certificate and CRL Profile? |
Yes No |
||
|
299 |
Does the PKI End-Entity software support all the base (non-extension) X.509 fields as follows:
|
Yes No |
||
|
300 |
Does all entity PKI software correctly process the extensions identified in sections 4.2.1 and 4.2.2 of the PKIX certificate profile? |
Yes No |
||
|
301 |
Does the CPS define the use of any extensions supported by the CA, its LRA and End Entities? |
Yes No |
||
|
302 |
Is the "certificatePolicies" field set as critical in all of the certificates? |
Yes No |
||
|
7.1.3 Algorithm object Ids |
||||
|
303
|
What algorithms are used by the CA and supported by End Entities for certificate and object signing and verification? |
RSA 1024 in accordance with PKCS#1? RSA 2048 in accordance with PKCS#1? SHA-1 in accordance with FIPS PUB 180-1 and ANSI X9.30 (Part 2)? Other? |
||
|
304
|
Do the End-entities use the following algorithms for signing and verification: |
RSA 512 in accordance with PKCS#1? RSA 1024 in accordance with PKCS#1? RSA 2048 in accordance with PKCS#1? DSA in accordance with DSS (FIPS PUB 186) and ANSI X9.30 (Part 1)? MD5 in accordance with RFC-1321? SHA-1 in accordance with FIPS PUB 180-1 and ANSI X9.30 (Part 2)?
|
||
|
7.1.4 Name Forms |
||||
|
305 |
Is every DN in the form of an X.501 printableString? NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
306 |
Do Subject and Issuer DNs meet the following:
NOTE: Not applicable for Rudimentary |
Yes No N/A |
||
|
7.1.6 Certificate policy object identifier |
||||
|
307 |
Does the CA ensure that the policy OID is contained within the certificates it issues? |
Yes No |
||
|
7.1.7 Usage of policy constraints extension |
||||
|
308 |
Are the Certificate Policy Constraints used in accordance with X.509v3? |
Yes No |
||
|
7.1.8 Policy qualifiers syntax and semantics |
||||
|
309 |
Are Policy Qualifiers syntax in accordance with X.509v3? |
Yes No |
||
|
7.1.9 Processing semantics for the critical certificate policy |
||||
|
310 |
Are critical extensions interpreted as defined in X.509v3? |
Yes No |
||
|
7.2 CRL Profile |
||||
|
7.2.1 Version number |
||||
|
311 |
Does the CA issue X.509 v2 CRLs in accordance with the PKIX Certificate and CRL Profile? |
Yes No |
||
|
312 |
Does all Entity PKI software correctly process all CRL extensions identified in the PKIX Certificate and CRL profile? |
Yes No |
||
|
313 |
Does the CPS define the use of any extensions supported by the CA, its LRAs and End Entities? |
Yes No |
||
|
8 SPECIFICATION ADMINISTRATION |
||||
|
8.1.2 Changes with Notification |
||||
|
314 |
Prior to making any changes to your certificate policy, does the CA notify the CCF and all CAs directly cross-certified with the CCF? |
Yes No |
||
|
8.1.2.1 List of items |
||||
|
315 |
Are all items in the certificate policy subject to the notification requirement? |
|||
|
8.1.2.2 Notification Mechanism |
||||
|
316 |
Does the CA notify all Subscribers of any proposed changes to the certificate policy? |
Yes No |
||
|
317 |
Is the notification in writing? |
Yes No |
||
|
318 |
Does the notification contain the following:
|
Yes No |
||
|
319 |
Does the CA post a notice of the proposal on the CA Web site? |
Yes No |
||
|
8.1.2.3 Comment Period |
||||
|
320 |
Is the comment period 30 days unless otherwise specified? |
Yes No |
||
|
321 |
Is the comment period defined in the notification? |
Yes No |
||
|
8.1.2.4 Mechanism to handle comments |
||||
|
322 |
Are comments on proposed changes directed to the PMA? |
Yes No |
||
|
323 |
Are comments written and signed? |
Yes No |
||
|
8.2 Publication & Notification Procedures |
||||
|
327 |
Does the CA make an electronic copy of the CP and CPS, digitally signed by an authorized representative of the CA, available to its Subscribers and Relying Parties at the CA’s Web site? |
Yes No |
||
Government of Canada
Public Key Infrastructure
TO: Her Majesty the Queen in right of Canada,
as represented by the President of the Treasury Board ("Canada")
RE: Request for Cross-certification with the Government of Canada Public Key Infrastructure
(or Cross-certification Agreement between ................................................. ("the Corporation") and Canada dated................................, section........ annual certification)
I, .................................................., hereby certify for and on behalf of the Corporation ................................................and to the best of my knowledge as follows:
1. I am the ........................ and a Director of the Corporation and have read the Request for Cross-certification (or relevant section of the Cross-certification Agreement) and made due inquiry, including having consultations with other officers, directors and employees of the Corporation and reviewing such documents as were necessary in order to give this certificate.
2. The Corporation acknowledges receipt of the following:
a) Canada's Compliance Inspection Checklist and its Information Technology Security Evaluation Checklist;b) Canada's CP as at the date......; and
c) Canada's CPS as at ....... .
3. The Corporation has completed, or has had completed by a qualified inspector, an inspection and evaluation according to the Checklists referred to in paragraph 2 (a) above. (or the following:
a) an information technology security evaluation which accords substantively with Canada's ITS Evaluation Checklist;b) a compliance inspection which accords substantively with Canada's Compliance Inspection Checklist.)
4. The information technology security system of the Corporation's (PKI/CA) is accredited and certified (or approved) for and operates at a level of assurance (equivalent to Canada's Medium Assurance as defined in Canada's CP located at.... as at the date hereof.) (of................................as described in the Corporation's CP and CPS.)
5. The Corporation's technical, physical, procedural, and personnel security policies and practices comply with the requirements of the Corporation's CP and CPS, and the Corporation has implemented and fully performs in accordance with the standards established in its CP and CPS.
6. Exceptions or qualifications:
This certificate is made with the knowledge that it will be relied upon by Canada.
This certificate shall remain in full force and effect and be binding upon the Corporation until a certificate repealing or replacing this certificate shall have been received by Canada and duly acknowledged in writing.
DATED at.....................................................this.............day of.................... , ......... .
---------------------------------------------------
signature of......................................., A.S.O.
Information Technology Security
and Policy Compliance Certificate
(Department)
TO: Her Majesty the Queen in right of Canada, as represented by the President of the Treasury Board ("Canada")
RE: Request for Cross-certification with the Government of Canada Public Key Infrastructure (may have to specify which CA)
(or Memorandum of Understanding between .................................... (the "Department") and Canada dated................................, annual certification ........Cross-certification Guidelines
I, .................................................., hereby certify for and on behalf of the Department ................................................and to the best of my knowledge as follows:
1. I am the (eg Security Officer)............. of the Department and have read the Request for Cross-certification (or relevant section of the Cross-certification Guidelines) and made due inquiry, including having consultations with other officers, employees and contractors of the Department and reviewing such documents as were necessary in order to give this certificate.
2. The Department acknowledges receipt of the following:
a). Canada's Compliance Inspection Checklist and its Information Technology Security Evaluation Checklist;b) Canada's CP as at the date......;
c) Canada's CPS as at ....... .
3. The Department has completed, or has had completed by a qualified inspector, an inspection and evaluation according to the Checklists referred to in paragraph 2(a) above. (or the following:
a) an information technology security evaluation which accords substantively with Canada's ITS Evaluation Checklist;b) a compliance inspection which accords substantively with Canada's Compliance Inspection Checklist.)
4. The information technology security system of the Department's CA is accredited and certified (or approved) (pursuant to the Government Security Policy) for and operates at a level of assurance (equivalent to Canada's Medium Assurance as defined in Canada's CP located at.... as at the date hereof. )(of........................described in the Department's CP and CPS.)
5. The Department's technical, physical, procedural, and personnel security policies and practices comply with the requirements of the Department's CP and CPS, and the Department has implemented and fully performs in accordance with the standards established in its CP and CPS.
6. Exceptions or qualifications:
This certificate is made with the knowledge that it will be relied upon by Canada.
This certificate shall remain in full force and effect and be binding upon the Department until a certificate repealing or replacing this certificate shall have been received by Canada and duly acknowledged in writing.
DATED at.....................................................this.............day of.................... , ......... .
---------------------------------------------------
signature of………………….., specify position
Government of Canada
Public Key Infrastructure
The purpose of this report is to provide an analysis of the CCA’s ITS and Policy Compliance Certificate and the CCA’s CPS to confirm that the CCA satisfies the checklist security requirements. The Cross-Certification Team will conduct this analysis.
The document is to be organized in the following manner:
1. Executive Summary
DiscrepanciesKey issues and rationale
Recommendations
2. Description of security practices and safeguards
3. Compliance of the CCA’s CP and CPS requirements
TechnicalPhysical
Procedural
Personnel security
4. Evaluation of security practices and safeguards
5. Analysis of the discrepancies associated with cross-certification
6. Key issues for consideration and rationale
7. Recommendations
ProceedProceed with conditions
Do not proceed
Government of Canada
Public Key Infrastructure
Document not finalized
GOVERNMENT OF CANADA
PUBLIC KEY INFRASTRUCTURE
INTERNAL CROSS-CERTIFICATION
MEMORANDUM OF UNDERSTANDING
among
TREASURY BOARD SECRETARIAT
("TBS")
and
DEPARTMENT OF NATIONAL DEFENCE,
COMMUNICATIONS SECURITY ESTABLISHMENT, in its capacity
as the Canadian Central Facility
("CCF")
and
DEPARTMENT OF NATIONAL DEFENCE,
COMMUNICATIONS SECURITY ESTABLISHMENT, in its capacity
as a "Department"
DEPARTMENT OF Y
(individually called a "Department", and
collectively called the "Departments")
1. Preamble
1.1 It is the policy of the Government of Canada to establish and manage the Government of Canada Public Key Infrastructure (GOC PKI) in order to provide for service delivery, public administration, and communications in a secure manner electronically.1.2 The Departments wish to become members of the Policy Management Authority of the Government of Canada.
1.3 The Departments wish their Certification Authorities to be cross-certified with each other through the Canadian Central Facility (CCF), whereupon such cross-certified Certification Authorities become members of the Government of Canada Public Key Infrastructure.
1.4 The Departments, by entering into this Memorandum of Understanding (MOU), agree to the organizational structure of the GOC PKI described in this MOU, in the Government of Canada Certificate Policies, in government policies now existing or to be established, and in standards, guidelines and directions established by the Policy Management Authority.
2. Definitions
2.1 Words and expressions used in this Memorandum of Understanding mean:
Canadian Central Facility (CCF) is the Government of Canada Public Key Infrastructure’s central Certification Authority, and is operated by the Communications Security Establishment. Under Policy Management Authority direction, it serves as the Government of Canada's Level "0" Certification Authority. The Canadian Central Facility:
(a) provides the Policy Management Authority with technical assistance and support;(b) signs and manages the cross-certificates of Departments’ top-level Certification Authorities; and
(c) signs and manages the cross-certificates of top-level non-Government of Canada Certification Authorities with whom it has cross-certified.
Certification Authority (CA) is a person or organizational unit within a department that is responsible for:
(a) the operation of an authority trusted by one or more users to issue and manage public key certificates and certificate revocation lists; or(b) the management of:
(i) any arrangement under which a department contracts for the provision of services relating to the issuance and management of public key certificates and certificate revocation lists on its behalf; and(ii) policies and procedures within the department for the management of public key certificates issued on its behalf.
A Certification Authority within a department remains, at all times, responsible and accountable for the management of public key certificates that it issues or has arranged to be issued on behalf of the department.
For purposes of this MOU, and except where otherwise specified, CA includes the CCF.
Certificate Policy (CP) is a named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements. It indicates whether or not the public key certificate is suitable for a particular application or purpose. A Certification Authority may adopt more than one Certificate Policy.
Certification Practice Statement (CPS) is a statement of the practices that a Certification Authority employs in issuing certificates. It is a comprehensive description of such details as the precise implementation of service offerings and procedures of certificate life-cycle management, and is more detailed than the Certificate Policies supported by the Certification Authority.
Department means any Eligible Department which has become a party to this Memorandum of Understanding and for greater certainty, except where otherwise specified, includes CSE in its capacity as CCF.
Eligible Department includes all Departments and agencies listed in Schedule I, Parts I and II of the Public Service Staff Relations Act, the Canadian Forces, and the Royal Canadian Mounted Police, and for greater certainty, except where otherwise specified, includes CSE in its capacity as CCF.
Employee is any person employed by a Department and, for greater certainty, does not include persons under contracts of service.
Government of Canada Public Key Infrastructure (GOC PKI) is a public key infrastructure for use by Departments, which operates in accordance with standards, guidelines, and directions of the Policy Management Authority.
Policy Management Authority (PMA) is responsible for the oversight and policy management of the Government of Canada Public Key Infrastructure. It makes recommendations to the Secretary of the Treasury Board with respect to cross-certification, and provides a horizontal management structure and policy framework for the management and operation of the Government of Canada Public Key Infrastructure. Its permanent membership includes a representative of the CCF, and of each Department having at least one (1) CA which is a member of the GOC PKI. Representatives are appointed by the Secretary of the Treasury Board on the recommendation of the deputy head of each Department. Each such Department will be entitled to one (1) vote on the PMA, and the representative of the CCF has one (1) vote in that capacity. The chairperson of the PMA is appointed by the Secretary of the Treasury Board. In the interim until April 1, 2001, the PMA will consist of such Departmental representatives and others as the Secretary of the Treasury Board may appoint, (including any representatives of the permanent PMA appointed under section 4.2 hereof), with the Departments so represented and others so appointed having one (1) vote each, and the chairperson and CCF having one (1) vote each.
Repository is a system for storing and accessing certificates or other information relevant to certificates.
2.2 Any words or expressions not defined in this Memorandum of Understanding have the meaning assigned to them in the Government of Canada Certificate Policies, as amended from time to time, located on the Treasury Board Secretariat Public Key Infrastructure web site at www.cio-dpi.gc.ca (hereinafter called "GOC CP"). In the event of an inconsistency or ambiguity, the definitions or meaning in this Memorandum of Understanding shall prevail, unless otherwise specified.
3. Parties
3.1 The parties to this Memorandum of Understanding ("MOU") agree that:
(a) from time to time, this MOU will be signed by additional Eligible Departments;(b) any additional member Departments are subject to this MOU as if they were original parties to this MOU, and all other Departments are subject to this MOU with regard to the additional Departments as each additional Department signs this MOU, as if the additional Departments were original parties to this MOU; and
(c) from time to time, this MOU may be terminated with regard to one or more Departments in accordance with section 8.
4. Effective Date of this MOU
4.1 This MOU becomes effective with respect to a Department's Certification Authority on the day that the Canadian Central Facility issues a cross-certificate to that Certification Authority and publishes it in an appropriate Repository.
4.2 Each Department shall, upon the issuance and publication of the said cross-certificate to at least one Certification Authority of that Department, recommend for membership in the PMA, and for appointment as such by the Secretary of the Treasury Board, one senior official per Department, and each such Department will be entitled to one vote.
4.3 This MOU remains in effect for so long as there are at least two (2) Departments (excluding the CCF) having CAs that are cross-certified with the Canadian Central Facility.
5. Membership in the GOC PKI
5.1 Membership in the GOC PKI is open only to Eligible Departments.
5.2 Each Department agrees to be bound by and to comply with the standards, guidelines, practices and directions of the PMA.
5.3 Each Department agrees to ensure that its CAs which are members of the GOC PKI ("member CAs") comply with the provisions of any applicable policy, statute or regulation of Canada in force from time to time. In particular, each Department agrees to:
(a) implement and maintain appropriate security at least to the standard set out in its CPs;(b) comply with the provisions of its CPs;
(c) issue public key certificates only to those subscribers/relying parties, other than Employees, who have signed an agreement, and only to those Employees who have been apprised of the Department's policy on the use of public key certificates;
(d) cross-certify with other Departments or with anyone other than a Department only through the CCF acting on the direction of the PMA;
(e) remain responsible and accountable for the acts and omissions of its CAs notwithstanding that any of the CA services are provided by another Department or by an external service provider; and
(f) provide access for any compliance inspections as are required to be made pursuant to the GOC PKI.
5.4.1 Where a Department has established a member CA and intends to cross-certify with another of its CAs that is not a member of the GOC PKI ("non-member CA"), then such Department shall inform the PMA. Where the PMA is of the opinion that this cross-certification may adversely affect the GOC PKI, then the PMA may take appropriate action, including downgrading or revoking the cross-certificate it issued to the member CA, and publishing notice of same in the appropriate Authority Revocation List ("ARL").
5.4.2 Any such downgrade or revocation shall be subject to a vote of the PMA in the same manner as for termination under section 8.1, and the provisions of sections 8.1 and 8.3 shall also apply to the extent that revocation results in the termination of a CA or the Department, as the case may be, and in the case of a downgrade to the extent appropriate for the proper administration of the GOC PKI.
5.5 The CCF agrees:
(a) to adopt the Government of Canada Certificate Policies located at www.cio-dpi.gc.ca as its CP; and(b) to issue cross-certificates to CAs, or to downgrade or revoke cross-certificates of CAs, on the direction of the PMA.
5.6 The Departments acknowledge that certain information about their Employees, and subscribers/relying parties other than Employees, may be contained in certificates and in public Repositories, agree that they will comply with the provisions of the Privacy Act and other applicable privacy law, the Access to Information Act, and the Treasury Board policies on Access to Information and Privacy with respect thereto, and will secure the agreement of their agents, contractors, or subcontractors to so comply.
6. Repository
Each Department shall:
(a) have a Repository associated with its CA;(b) ensure that the Repository associated with its CA is maintained in such a manner that any information it contains is current, accurate, and conforms with the requirements of the CA’s Certificate Policy;
(c) register its Repository with the Government of Canada registrar for Repository service providers;
(d) ensure that its public key certificates and Certificate Revocation Lists ("CRLs") are published in its Repository; and
(e) ensure that its Repository conforms to applicable Government of Canada Repository standards and is interoperable with other repositories associated with Certification Authorities who are parties to this MOU.
7. Financial Responsibility
7.1 Where Her Majesty in right of Canada is held liable for the payment of money to any person outside of the Government of Canada pursuant to a final judgement, award, or settlement arising out of an act or omission of a Department's CA, then such payment shall be made by Her Majesty the Queen in right of Canada and, with respect to a judgement, shall be made in accordance with section 30 of the Crown Liability and Proceedings Act.
7.2 In the event that the liability referred to in section 7.1 is incurred as a result of the act or omission of the CAs of more than one (1) Department, including the CCF, then financial responsibility shall be allocated amongst them in proportion to the degree of fault, determined as follows:
(a) by agreement of the Departments. If the Departments fail to agree within 60 calendar days of the date of the judgement, award or settlement, then(b) in accordance with the procedure for dispute resolution set out in section 9.
7.3 In the event that a Department makes a payment to any person outside of the Government of Canada who was not entitled to it, in reliance on an act or omission of the CA of another Department or Departments, and such payment is not recovered despite reasonable efforts within a year, then the Department(s), including the CCF, whose act or omission resulted in the loss shall reimburse the Department which made the payment. Financial responsibility shall be allocated amongst the Departments responsible for the loss in proportion to the degree of fault, determined as follows:
(a) by agreement of the Departments. If the Departments fail to agree within 60 calendar days of the expiration of the year, then(b) in accordance with the procedure for dispute resolution set out in section 9.
7.4 In the event that the liability under section 7.2, or the payment under section 7.3, cannot reasonably be attributed to the act or omission of a CA or CAs, then financial responsibility shall be apportioned amongst the Departments, excluding the CCF, whose CAs were involved in the event giving rise to the liability or payment. Any dispute as to the application or interpretation of this section shall be referred to the dispute resolution process set out in section 9.
7.5 Notwithstanding anything in this MOU, if a Department establishes limits on liability higher than those set out in the GOC CP then, subject to any other written arrangement it may make, it is solely accountable for the difference between the liability limit in the GOC CP and its own higher liability limit. Any dispute as to the application or interpretation of this section shall be referred to the dispute resolution process set out in section 9.
7.6 No Department shall be responsible for a payment or reimbursement pursuant to any settlement unless it has consented to the settlement.
8. Termination; Withdrawal
8.1 Notwithstanding anything contained in the Department's CP, where a Department or its CA(s) is in default of any of its responsibilities under this MOU, the President of the Treasury Board of Canada may, on the recommendation of the Secretary acting on the advice of the PMA made by a three/quarters vote of all members present at a meeting of the PMA held for that purpose excluding the vote of the member of the said Department, give notice to the Department terminating the membership of the Department or of its CA, as the case may be, in the GOC PKI, either immediately, or at the expiration of a cure period specified in the notice if the Department or CA has not cured the default to the satisfaction of the President within that cure period. If the membership of the Department is so terminated, then the appointment of that Department's member to the permanent PMA is also terminated without additional notice.
8.2 A Department wishing to terminate the operation of one or more of its CAs must, by at least 30 calendar days' prior notice to the PMA:
(a) withdraw a specific CA or CAs from membership in the GOC PKI; and(b) in the case of termination of the operation of all its CAs, then withdraw from membership in the PMA.
8.3 In the event of termination or withdrawal under sections 8.1 or 8.2 of the Department or of one or more of its CAs, then, as soon as possible prior to the effective date of such termination or withdrawal, if not already done:
(a) the CCF shall revoke the cross-certificate(s) of the Department or the CA, and publish notice of the revocation in the appropriate Authority Revocation List;(b) the CA will revoke all certificates which it has issued, provide appropriate notice of such revocation to subscribers, and publish notice of the revocation in the appropriate Certificate Revocation List; and
(c) transfer or cause to be transferred to the PMA, or as the PMA may direct, for appropriate action, all its Repository records, private confidentiality keys retained by it, and other records, archival material, audit logs, CPS, or any other information or thing necessary for the continued and uninterrupted provision of services and for reissuance of certificates, all as determined in the discretion of the PMA.
8.4 Notwithstanding anything contained in this MOU, the Communications Security Establishment will not terminate or withdraw from the GOC PKI as manager and operator of the CCF unless the PMA has first given its approval and appropriate arrangements have been made for the transfer of the CCF responsibilities, functions, records, or any other information or thing necessary for the continued and uninterrupted provision of CCF services and for re-issuance of cross-certificates, if necessary, all as determined in the discretion of, and in a manner satisfactory to, the PMA.
8.5 Unless otherwise provided herein, any other provision for termination or withdrawal of a Department or a CA from the GOC PKI contained in that Department's CP also applies. In the event of any conflict or inconsistency between this section 8 and the Department's CP, then, unless otherwise provided herein, the provisions of this section 8 shall prevail.
9. Dispute Resolution
9.1 The parties to a dispute hereby undertake to use their best efforts to resolve any dispute in an amicable and expeditious manner, first by negotiation and, failing resolution, then through an independent mediator, as follows:
(a) Any party may, by notice in writing or by digitally signed electronic message, commence negotiations.(b) If the dispute is not resolved within 90 calendar days of the notice to commence negotiations, then either party may, by notice in writing or by digitally signed electronic message, submit the dispute to mediation.
(c) A single independent mediator, not being an employee or contractor of the parties, shall be appointed by the parties and, failing such appointment within 30 calendar days of the submission to mediation, the mediator shall, upon application by one or both of the parties, be appointed by the PMA within 30 calendar days after the expiration of the previous 30-day period.
(d) The costs of negotiation, or the mediation, as applicable, including the fees of the mediator, the mediator’s travel and accommodation expenses, and the costs of room rental and support services for the negotiation or mediation proceedings, shall be shared equally by the parties.
(e) Each party shall bear its own costs of legal representation, travel and accommodation for the negotiation or mediation, as applicable.
9.2 Any dispute which has not been resolved in the manner described within 90 calendar days of the appointment of the mediator as set out in 9.1 above shall then, but cannot before the lapse of the time periods set out for negotiation and mediation in 9.1 above, be referred to the PMA. The PMA shall, by a 51% vote of members present at a meeting held for the purpose, excluding the votes of members of the parties to the dispute, within 30 calendar days after the expiration of the previous 90-day period, appoint an expert in the subject-matter of the dispute who shall decide the dispute. The expert shall not be an employee or contractor of any of the parties to the dispute. The decision of the expert is binding on the parties and enforceable as an obligation of the parties under this MOU. In making its decision, the expert shall follow the rules of procedure established from time to time by the PMA.
10. Notice
10.1 Where this MOU calls for notice or notification, unless specified otherwise, such notice may be delivered by hand, by mail, by courier, by facsimile, or by digitally signed electronic mail. A notice shall be deemed to have been received on the fifth business day after mailing if sent by regular mail, on the date of delivery if sent by courier, and on the first business day after the date of transmission if sent by facsimile or electronic mail.
10.2 Delivery of notice to a Department in care of its representative on the PMA shall constitute notice to that Department for purposes of this MOU.
10.3 Delivery of notice to TBS in care of the chairperson of the PMA shall constitute notice to the TBS for purposes of this MOU. Notice to the chairperson of the PMA is to:
PMA Secretariat
Treasury Board Secretariat
275 Slater Street, 6th fl.
Ottawa, Ontario
K1A 0R5.
10.4 Delivery of notice to the CCF in care of its representative on the PMA shall constitute notice to the CCF for purposes of this MOU. Notice to the CCF is to:
Director, T
Communications Security Establishment.
P.O. Box 9703, Terminal
Ottawa, Ontario.
K1G 3Z4
11. General
11.1 This MOU may be amended in writing signed by all the parties. Amendments made from time to time to the GOC CP do not constitute such amendments to this MOU.
11.2 This MOU or any amendment thereto may be signed in counterpart.
11.3 The provisions of this MOU with respect to financial responsibility, dispute resolution, and any other responsibilities or obligations not resolved or completed by a Department upon such revocation, termination or withdrawal, shall survive the revocation of a cross-certificate under section 5, or the termination or withdrawal of a Department or its CA(s) under section 8.
___________________________________ _________________________________
Secretary of the Treasury Board for the Chief, Communications Security
Treasury Board Secretariat Establishment
_________________________ _________________________
Date Date
Government of Canada
Public Key Infrastructure
The purpose of this report is to document the differences between the model and the negotiated arrangement. The document is to be prepared by the Cross-Certification Team.
The document is to be organized in the following manner:
1. Executive Summary
Status of negotiationsPoints of disagreement
Key issues and rationale
Recommendations
2. Description of the status of the negotiations
3. Description of the points disagreement
Clauses in which changes have been madeDescription of deviation from model arrangement and reasons
4. Analysis of impact and possible consequences of changes and deviations
5. Key issues for consideration and rationale
6. Recommendations
ProceedProceed with conditions
Do not proceed
Government of Canada
Public Key Infrastructure
The purpose of this report is to consolidate relevant information from CP Mapping Report, the Testbed Trial Report and the System Survey, the ITS and Policy Compliance Evaluation Report, and the Negotiation Report to enable the PMA to make a decision on cross-certification. The report is to be prepared by the Cross-Certification Team.
The document is to be organized in the following manner:
1. Executive Summary
Points of discrepancies and disagreementsKey issues and rationale
Recommendations
2. Summary of Issues from the four major Reports
CP Mapping ReportDiscrepancies
Analysis of impacts and risk
Testbed Trial Report and the System Survey
Discrepancies
Analysis of impacts and risk
ITS and Policy Compliance Evaluation Report
Evaluation of security practices and safeguards
Discrepancies
Analysis of impacts and risk
Negotiation Report.
Points of disagreement
Clauses in which changes have been made
Description of deviation from model arrangement and reasons
Analysis of impact and possible consequences of deviations or changes
3. Analysis of possible implications associated with cross-certification
4. Key issues for consideration and rationale
5. Recommendations
Cross-certify without conditionsCross-certify with conditions
Do not cross-certify
Government of Canada
Public Key Infrastructure
The purpose of this report is to detail the results of a Compliance Review of an Affiliated CA. A Compliance Review may be initiated for cause by the PMA resulting from information received in a Compliance Certificate, issues that may arise from Problem Reports or Change Management Report, or changes to technology, business or legal circumstances.
The document is to be organized in the following manner:
1. Executive Summary
Affiliated CADiscrepancies or areas of concern
Key issues and rationale
Recommendations
2. Cause for Compliance Review
3. Results of the Compliance Review
Discrepancies and areas of concern
4. Description of Issues, if any
PolicyAdministrative
Technological
Legal
Financial
5. Corrective action taken or recommended
6. Analysis of possible implications associated with the continuation of the existing cross-certification arrangement
7. Key issues for consideration and rationale
8. Recommendations
Continue Affiliated CA’s cross-certification at its current level of assurance with the CCFDowngrade the assurance level of the cross-certificate with the CCF
Terminate the Affiliated CA’s cross-certification certificate with the CCF.
Government of Canada
Public Key Infrastructure
The purpose of this report is to identify disputed problems that may be encountered by any of the parties involved in a cross-certification agreement and to provides information to enable a problem resolution. A Problem Report may be initiated by any party to the cross-certification agreement and sent to the responsible PMA PKI Desk Officer for action. The Desk Officer will authenticate the information, co-ordinate responses, attempt to resolve outstanding issues and report on resolution results. The report is organised into three parts. Relevant supporting documentation should be attached.
The document is to be organized in the following manner:
Part I: Problem Report – Reporting Party
(This part states the problem from the Reporting Party’s point of view.)
1. Affiliated CA
2, Problem description
3. Key issues and areas of dispute
4. Proposed solution to resolve the problem
Part II: Problem Review – Desk Officer
(This part states other relevant information, precedence and recommends solutions)
5. Problem authentication
6. Alternate points of view
7. Identify any precedents
8. Steps taken to resolve the issues
9. Description of key issues, if any
10. Analysis of possible implications associated with the cross-certification arrangement
11. Key issues for consideration and rationale
12. Recommendations to resolve dispute, if required
Part III: Problem Resolution – Desk Officer
(This part documents the outcome.)
13. Resolution decision and rationale for decisions
14. Consequence or effect of issue on compliance
15. Conditions
Government of Canada
Public Key Infrastructure
The purpose of the report is to evaluate proposed changes to ensure that the integrity of the cross certification arrangement and participating Affiliated CA’s PKI is maintained. The report identifies proposed changes to a CA and the potential effect on performance, risk, existing policy and standards. The report may be initiated by any party to the cross certification arrangement and sent to the responsible PMA PKI Desk Officer. The Desk Officer authenticates the information, co-ordinates all responses, provides an analysis of the changes, provides recommendations and reports on the results. The report is organised into three parts. Relevant supporting documentation should be attached.
The document is to be organized in the following manner:
Part I: Proposed Change – Reporting Party
(This part states the proposed change from the reporting party’s perspective)
1. Affiliated CA
Description of the proposed change(s)Reason for proposed change
2. Discussion of policy, technical and legal issues
Anticipated effect on system performanceAnticipated effect on cross-certification arrangement and compliance issues
Adjustments or changes to cross-certification arrangement
3. Recommended change, rationale and statement of risk
Part II: Analysis of proposed change - Desk Officer
(This part states other relevant information, precedents, and an analysis
of
the proposed change and recommendations)
4. Authentication of the proposed change
5. Analysis of proposed change
Potential effects on existing arrangement or performanceDivergences from cross-certification arrangement
6. Key issues associated with the proposed change and rationale
7. Recommendation to the PMA
ProceedProceed with conditions
Do not proceed
Part III: Change Proposal Resolution – Desk Officer
(This part documents decisions and out comes of the change proposal resolution process)
8. PMA decision, conditions and rationale
Government of Canada
Public Key Infrastructure
The purpose of this report is to summarise all relevant issues and information from documentation to support a PMA decision to renew or terminate an existing cross-certification arrangement. This report will be used to renew an existing arrangement, to terminate an arrangement by an external CA, to withdraw from an arrangement by a GOC PKI member, or to terminate an arrangement by the PMA.
Part I: Request for Renewal or termination –
Desk Officer or any party to the arrangement
(Initiated by any party, or automatically by the desk officer 180 days
in advance of the expiration of a CA’s cross-certification arrangement.)
1. Reasons for renewal or termination
2. Desired date
Part II: Analysis of renewal/termination request - Desk Officer
(Desk officer staffs the request for a decision by the PMA.)
3. Description of Affiliated CA
4. Description of issues, if any
5. Analysis of implications of renewal or termination, if required
6. Key issues for consideration and rationale
7. Recommendations
RenewRenew with conditions
Terminate or withdraw from arrangement
Part III: Decisions – Desk Officer
(Decisions and outcomes of the decision to renew or terminate the arrangement)
8. PMA decision and conditions
9. Date of withdrawal/termination
[End]
HTML by JYA/Urban Deadline.