ACP 185
ACP 185
ACP 185
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
UNCLASSIFIED<br />
ANNEX A TO<br />
<strong>ACP</strong> <strong>185</strong><br />
1.28.5 Fire prevention and protection<br />
Fire prevention and protection shall be determined in accordance with NDPKI policies.<br />
1.28.6 Media storage<br />
Media storage shall be determined in accordance with NDPKI policies for the classification of<br />
the media.<br />
1.28.7 Waste disposal<br />
Waste disposal shall be determined in accordance with NDPKI policies for the classification of<br />
the waste.<br />
1.28.8 Off-Site backup<br />
The NDPKI PMA shall define procedures for backups sufficient to recover from system failure.<br />
1.29 Procedural Controls<br />
1.29.1 Trusted Roles<br />
The primary trusted roles defined by this policy are the CA, and the RA. The NDPKI CP<br />
specifies the other trusted roles to be utilised within the PKI. The names of all persons able to<br />
control the operation of PKI equipment or provide access to CA private key authentication<br />
components shall be recorded and made available for audit purposes.<br />
1.29.2 Number of Persons Required per Task<br />
See Section 6.2.2.<br />
1.29.3 Identification and Authentication for Each Role<br />
A person occupying a trusted role shall have their identity and authorisation verified, before<br />
being permitted to perform any action for that role or identity. A person occupying a trusted role<br />
shall authenticate to a remote infrastructure component of the NDPKI using a valid NDPKI<br />
X.509 certificate. For classified networks, the token used by the RA is protected from the class<br />
of threats associated with general use within the environment (e.g., a separate token for RA<br />
functions.)<br />
1.29.4 Roles Requiring Separation of Duties<br />
Any person acting in another trusted role shall not also undertake an audit role on the system for<br />
which the trusted role is associated.<br />
Uncontrolled copy when printed<br />
Under no circumstances shall the incumbent of a CMA role perform its own compliance or<br />
security auditor function. The person performing the compliance auditor function shall not<br />
perform any other role on the CMA. The person performing the security audit function shall not<br />
perform any other role on the CMA.<br />
A-23<br />
UNCLASSIFIED