ACP 185

More documents

Recommendations

Info

UNCLASSIFIED ANNEX A TO ACP 185 components. In addition, the distribution of CA responsibilities between the CA itself and Registration Authorities (RA) may vary in the implementation of the PKI. If the NDPKI operates Certificate Status Authorities (CSA) or Key Escrow Servers (KES), all requirements that apply to a CA apply equally to these entities unless specifically excluded. Collectively the hardware, software, and operating personnel that create, sign, and issue public key certificates to Subscribers is a Certificate Authority System (CAS). 1.3.3 Registration Authority An RA is an entity authorized by the CAS to collect, verify, and submit information provided by potential Subscribers which is to be entered into public key certificates. The term RA refers to hardware, software, and individuals that collectively perform this function. Unless expressly stated otherwise, RA requirements are imposed on all RA components of the NDPKI. RA operations shall be performed in accordance with a CPS approved by the NDPKI PMA. RA functions may be included in a single CPS, which also governs CAS operations, or may be defined in a separate CPS. The RA is responsible for the following: • Control over the registration process • Identification and authentication process 1.3.4 Subscribers A Subscriber is the entity whose name appears in the Subject field of a certificate, and who asserts that the use of its public key and certificate is in accordance with the NDPKI CP. The Subscriber is sometimes also called an “applicant” after applying to a CAS for a certificate, but before the certificate issuance procedure is completed. Subscribers include entities that have been approved in the NDPKI CP, such as but not limited to: • Personnel • Devices (e.g. Workstations, Firewalls, Routers, Trusted Servers, applications, systems and other infrastructure components) • Organisational roles associated with individuals, groups of individuals or organisational entities A Subscriber with a certificate issued under a NDPKI does not automatically receive access, authority or privilege to the Defence assets or systems of the cross-certified NDPKI. Uncontrolled copy when printed 1.3.5 Relying Parties A Relying Party is the entity that relies on the validity of the binding of the Subscriber’s name to a public key. A Relying Party is responsible for deciding whether or how to check the validity of the certificate by checking the appropriate certificate status information. A Relying Party may A-3 UNCLASSIFIED
UNCLASSIFIED ANNEX A TO ACP 185 use information in the certificate (such as CP OID identifiers) to determine the suitability of the certificate for a particular use. A Relying Party uses a Subscriber’s certificate to verify or establish one or more of the following: • The identity and status of an individual, role, or device • The integrity of a digitally signed message • The identity of the creator of a message • Confidential communications with the Subscriber Relying Parties may base the reliance they choose to place on a certificate on the factors such as the amount and type of inherent risk of an activity, the consequence of failure, and the use of risk mitigation controls. 1.3.6 Other Participants The NDPKI may require the services of other security, community, and application authorities, such as directories, smartcard management systems and compliance auditors. 1.4 Certificate Usage Certificates issued under NDPKI CPs that are self-asserted to the CPMC are assumed, in conjunction with their associated private keys, to allow a Subscriber to: • Authenticate its identity. • Digitally sign electronic documents, transactions and communications. • Encrypt data. Cross-certificates shall be issued to enable NDPKI Subscribers to release and exchange Military Information and Data under the Combined Joint Multilateral Master Military Information Exchange Memorandum of Understanding (CJM3IEM.) 1.4.1 Appropriate NDPKI Certificate Uses: Appropriate use of NDPKI certificates shall be as defined in the NDPKI CPs. 1.4.2 Prohibited Certificate Uses Prohibited use of certificates shall be as defined in the NDPKI CPs. Uncontrolled copy when printed 1.5 Policy Administration 1.5.1 Organisation administering a NDPKI CP Each NDPKI PMA is responsible for all aspects of its NDPKI CP. A-4 UNCLASSIFIED
Page 1 and 2: UNCLASSIFIED ACP 185 Public Key Inf
Page 3 and 4: UNCLASSIFIED ACP 185 THE COMBINED C
Page 5 and 6: UNCLASSIFIED ACP 185 TABLE OF CONTE
Page 7 and 8: UNCLASSIFIED ACP 185 ANNEX C ......
Page 9 and 10: UNCLASSIFIED ACP 185 existing polic
Page 11 and 12: UNCLASSIFIED ACP 185 arisen as a re
Page 13 and 14: UNCLASSIFIED ACP 185 • Subject al
Page 15 and 16: UNCLASSIFIED ACP 185 CHAPTER 4 CROS
Page 17 and 18: UNCLASSIFIED ACP 185 INTRODUCTION C
Page 19 and 20: UNCLASSIFIED ACP 185 INTRODUCTION C
Page 21 and 22: UNCLASSIFIED ACP 185 CHAPTER 7 GOVE
Page 23: UNCLASSIFIED ANNEX A TO ACP 185 •
Page 27 and 28: UNCLASSIFIED ANNEX A TO ACP 185 IDE
Page 29 and 30: UNCLASSIFIED ANNEX A TO ACP 185 1.1
Page 31 and 32: UNCLASSIFIED ANNEX A TO ACP 185 •
Page 33 and 34: UNCLASSIFIED ANNEX A TO ACP 185 An
Page 37 and 38: UNCLASSIFIED ANNEX A TO ACP 185 CAs
Page 39 and 40: UNCLASSIFIED ANNEX A TO ACP 185 The
Page 43 and 44: UNCLASSIFIED ANNEX A TO ACP 185 pro
Page 45 and 46: UNCLASSIFIED ANNEX A TO ACP 185 CA,
Page 47 and 48: UNCLASSIFIED ANNEX A TO ACP 185 Sho
Page 49 and 50: UNCLASSIFIED ANNEX A TO ACP 185 Sof
Page 51 and 52: UNCLASSIFIED ANNEX A TO ACP 185 Cer
Page 53 and 54: UNCLASSIFIED ANNEX A TO ACP 185 Cro
Page 57 and 58: UNCLASSIFIED ANNEX A TO ACP 185 Fie
Page 67 and 68: UNCLASSIFIED ANNEX A TO ACP 185 id-
Page 75 and 76:
UNCLASSIFIED ANNEX B TO ACP 185 In
Page 77 and 78:
UNCLASSIFIED ANNEX B TO ACP 185 Mil
Page 79 and 80:
UNCLASSIFIED ANNEX B TO ACP 185 the
Page 81 and 82:
UNCLASSIFIED ANNEX B TO ACP 185 4.4
Page 83 and 84:
UNCLASSIFIED ANNEX B TO ACP 185 Any
Page 85 and 86:
UNCLASSIFIED ANNEX B TO ACP 185 Sig
Page 87 and 88:
UNCLASSIFIED ANNEX B TO ACP 185 SCH
Page 89 and 90:
UNCLASSIFIED ANNEX C TO ACP 185 CRO
Page 91 and 92:
UNCLASSIFIED ANNEX C TO ACP 185 WIT
Page 93 and 94:
UNCLASSIFIED ANNEX C TO ACP 185 g)
Page 95 and 96:
UNCLASSIFIED ANNEX C TO ACP 185 •
Page 97 and 98:
CA Certificate UNCLASSIFIED Certifi
Page 99 and 100:
NDPKI UNCLASSIFIED National Defence
Page 101 and 102:
System equipment configuration Syst
Page 103:
KES Key Escrow Server UNCLASSIFIED
show all

ACP 185

Create successful ePaper yourself

Delete template?

Save as template?