ACP 185

More documents

Recommendations

Info

UNCLASSIFIED ANNEX A TO ACP 185 1.28.5 Fire prevention and protection Fire prevention and protection shall be determined in accordance with NDPKI policies. 1.28.6 Media storage Media storage shall be determined in accordance with NDPKI policies for the classification of the media. 1.28.7 Waste disposal Waste disposal shall be determined in accordance with NDPKI policies for the classification of the waste. 1.28.8 Off-Site backup The NDPKI PMA shall define procedures for backups sufficient to recover from system failure. 1.29 Procedural Controls 1.29.1 Trusted Roles The primary trusted roles defined by this policy are the CA, and the RA. The NDPKI CP specifies the other trusted roles to be utilised within the PKI. The names of all persons able to control the operation of PKI equipment or provide access to CA private key authentication components shall be recorded and made available for audit purposes. 1.29.2 Number of Persons Required per Task See Section 6.2.2. 1.29.3 Identification and Authentication for Each Role A person occupying a trusted role shall have their identity and authorisation verified, before being permitted to perform any action for that role or identity. A person occupying a trusted role shall authenticate to a remote infrastructure component of the NDPKI using a valid NDPKI X.509 certificate. For classified networks, the token used by the RA is protected from the class of threats associated with general use within the environment (e.g., a separate token for RA functions.) 1.29.4 Roles Requiring Separation of Duties Any person acting in another trusted role shall not also undertake an audit role on the system for which the trusted role is associated. Uncontrolled copy when printed Under no circumstances shall the incumbent of a CMA role perform its own compliance or security auditor function. The person performing the compliance auditor function shall not perform any other role on the CMA. The person performing the security audit function shall not perform any other role on the CMA. A-23 UNCLASSIFIED
UNCLASSIFIED ANNEX A TO ACP 185 CA, RA and System Administration duties shall be separate roles. 1.30 Personnel Controls 1.30.1 Qualifications, Experience, & Clearance Requirements Personnel engaged in the NDPKI shall be suitably qualified and experienced. All personnel engaged in the operation of the NDPKI shall hold an appropriate national clearance at or above the level of information protected by the PKI as specified in the National Defence security regulations. 1.30.2 Background Check Procedures All personnel engaged in the operation of the NDPKI shall undergo background checks in accordance with the National Defence security regulations. 1.30.3 Training Requirements The NDPKI PMA shall be able to demonstrate that a suitable training regime exists and is executed for personnel engaged in the management and operation of the NDPKI. 1.30.4 Retraining Frequency & Requirements The NDPKI PMA shall ensure that appropriate re-training of personnel engaged in the management and operation of the NDPKI is executed. 1.30.5 Job Rotation Frequency & Sequence Job rotation frequency and sequence shall be in accordance with the NDPKI policies. 1.30.6 Sanctions for Unauthorized Actions The NDPKI PMA shall demonstrate that procedures and processes are in place to ensure that appropriate action is taken following an unauthorized action that brings into question the security of the system. 1.30.7 Independent Contractor Requirements Each NDPKI CP shall have policies that apply equally to all personnel who manage or operate the PKI. Uncontrolled copy when printed 1.30.8 Documentation Supplied To Personnel Documentation sufficient to define duties and procedures for each role shall be provided by the NDPKI to the personnel filling each such role. A-24 UNCLASSIFIED
Page 1 and 2: UNCLASSIFIED ACP 185 Public Key Inf
Page 3 and 4: UNCLASSIFIED ACP 185 THE COMBINED C
Page 5 and 6: UNCLASSIFIED ACP 185 TABLE OF CONTE
Page 7 and 8: UNCLASSIFIED ACP 185 ANNEX C ......
Page 9 and 10: UNCLASSIFIED ACP 185 existing polic
Page 11 and 12: UNCLASSIFIED ACP 185 arisen as a re
Page 13 and 14: UNCLASSIFIED ACP 185 • Subject al
Page 15 and 16: UNCLASSIFIED ACP 185 CHAPTER 4 CROS
Page 17 and 18: UNCLASSIFIED ACP 185 INTRODUCTION C
Page 19 and 20: UNCLASSIFIED ACP 185 INTRODUCTION C
Page 21 and 22: UNCLASSIFIED ACP 185 CHAPTER 7 GOVE
Page 23 and 24: UNCLASSIFIED ANNEX A TO ACP 185 •
Page 25 and 26: UNCLASSIFIED ANNEX A TO ACP 185 use
Page 27 and 28: UNCLASSIFIED ANNEX A TO ACP 185 IDE
Page 29 and 30: UNCLASSIFIED ANNEX A TO ACP 185 1.1
Page 31 and 32: UNCLASSIFIED ANNEX A TO ACP 185 •
Page 33 and 34: UNCLASSIFIED ANNEX A TO ACP 185 An
Page 37 and 38: UNCLASSIFIED ANNEX A TO ACP 185 CAs
Page 39 and 40: UNCLASSIFIED ANNEX A TO ACP 185 The
Page 43: UNCLASSIFIED ANNEX A TO ACP 185 pro
Page 47 and 48: UNCLASSIFIED ANNEX A TO ACP 185 Sho
Page 49 and 50: UNCLASSIFIED ANNEX A TO ACP 185 Sof
Page 51 and 52: UNCLASSIFIED ANNEX A TO ACP 185 Cer
Page 53 and 54: UNCLASSIFIED ANNEX A TO ACP 185 Cro
Page 57 and 58: UNCLASSIFIED ANNEX A TO ACP 185 Fie
Page 67 and 68: UNCLASSIFIED ANNEX A TO ACP 185 id-
Page 75 and 76: UNCLASSIFIED ANNEX B TO ACP 185 In
Page 77 and 78: UNCLASSIFIED ANNEX B TO ACP 185 Mil
Page 79 and 80: UNCLASSIFIED ANNEX B TO ACP 185 the
Page 81 and 82: UNCLASSIFIED ANNEX B TO ACP 185 4.4
Page 83 and 84: UNCLASSIFIED ANNEX B TO ACP 185 Any
Page 85 and 86: UNCLASSIFIED ANNEX B TO ACP 185 Sig
Page 87 and 88: UNCLASSIFIED ANNEX B TO ACP 185 SCH
Page 89 and 90: UNCLASSIFIED ANNEX C TO ACP 185 CRO
Page 91 and 92: UNCLASSIFIED ANNEX C TO ACP 185 WIT
Page 93 and 94: UNCLASSIFIED ANNEX C TO ACP 185 g)
Page 95 and 96:
UNCLASSIFIED ANNEX C TO ACP 185 •
Page 97 and 98:
CA Certificate UNCLASSIFIED Certifi
Page 99 and 100:
NDPKI UNCLASSIFIED National Defence
Page 101 and 102:
System equipment configuration Syst
Page 103:
KES Key Escrow Server UNCLASSIFIED
show all

ACP 185

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?