Raytheon Company Public Key Infrastructure (PKI) Certificate Policy

More documents

Recommendations

Info

authority Signing it. [ABADSG]. As used in this CP, the term “Certificate” refers to certificates that expressly reference the OID of this CP in the “Certificate Policies” field of an X.509 v.3 certificate. Certificate A digital representation of information which at least (1) identifies the certification authority Signing it, (2) names or identifies its Subscriber, (3) contains the Subscriber’s public key, (4) identifies its operational period, and (5) is digitally signed by the certification authority Signing it. [ABADSG] Certificate Management A Certification Authority or a Registration Authority. Authority (CMA) Certificate Policy (CP) A Certificate Policy is a specialized form of administrative policy tuned to electronic transactions performed during certificate management. A Certificate Policy addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery and administration of digital certificates. Indirectly, a certificate policy can also govern the transactions conducted using a communications system protected by a certificate-based security system. By controlling critical certificate extensions, such policies and associated enforcement technology can support provision of the security services required by particular applications. Certificate Revocation List (CRL) A list maintained by a Certification Authority of the certificates which it has issued that are revoked prior to their stated expiration date. Certificate Status Authority A trusted entity that provides on-line verification to a Relying Party of a subject certificate's trustworthiness, and may also provide additional attribute information for the subject certificate. Certificate-Related Information Information, such as a subscriber's postal address, that is not included in a certificate. May be used by a CA managing certificates. Certification Authority (CA) An authority trusted by one or more users to issue and manage X.509 Public Key Certificates and CRLs. Certification Authority Software Certification Practice Statement (CPS) Key Management and cryptographic software used to manage certificates issued to subscribers. A statement of the practices that a CA employs in Signing, suspending, revoking and renewing certificates and providing access to them, in accordance with specific requirements (i.e., requirements specified in this CP, or requirements specified in a contract for services). Certificate Sponsor Raytheon Company is the certificate sponsor for all certificates issued by the Raytheon PKI. CertiPath Bridge Certification Authority (CBCA) The CertiPath Bridge Certification Authority consists of a collection of Public Key Infrastructure devices (Certificate Authorities, PKI Repositories, Certificate Policies and Certificate Practice Statements) that are used to provide peer to peer interoperability among Entity Principal Certification Authorities. 116 7/25/2011
Client (application) A system entity, usually a computer process acting on behalf of a human user, that makes use of a service provided by a server. Common Criteria A set of internationally accepted semantic tools and constructs for describing the security needs of customers and the security attributes of products. Component A system element offering a predefined service and able to communicate with other components. A constituent element, as of a system. Compromise Disclosure of information to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred. Computer Security Objects Registry (CSOR) Computer Security Objects Registry operated by the National Institute of Standards and Technology. Confidentiality Assurance that information is not disclosed to unauthorized entities or processes. Cross-Certificate A certificate used to establish a trust relationship between two Certification Authorities. Cryptographic Module The set of hardware, software, firmware, or some combination thereof that implements cryptographic logic or processes, including cryptographic algorithms, and is contained within the cryptographic boundary of the module. [FIPS1402] Cryptoperiod Time span during which each key setting remains in effect. Data Integrity Assurance that the data are unchanged from creation to reception. Devices Non-human entities that may be issued a certificate. Examples are server, network router, firewall, etc. Digital Signature The result of a transformation of a message by means of a cryptographic system using keys such that a Relying Party can determine: (1) whether the transformation was created using the private key that corresponds to the public key in the signer’s digital certificate; and (2) whether the message has been altered since the transformation was made. Dual Use Certificate A certificate that is intended for use with both digital signature and data encryption services. Duration A field within a certificate which is composed of two subfields; “date of issue” and “date of next issue”. E-commerce The use of network technology (especially the internet) to buy or sell goods and services. Employee Any person employed by an Entity as defined above. Encryption Certificate A certificate containing a public key that is used to encrypt electronic messages, files, documents, or data transmissions, or to establish or exchange a session key for these same purposes. 117 7/25/2011
Page 1 and 2:
Raytheon Company Public Key Infrast
Page 3 and 4:
Table of Contents 1 INTRODUCTION ..
Page 5 and 6:
4.6.7 Notification of Certificate I
Page 7 and 8:
5.4.8 Vulnerability Assessments ...
Page 9 and 10:
9 OTHER BUSINESS AND LEGAL MATTERS
Page 11 and 12:
1 INTRODUCTION This Certificate Pol
Page 13 and 14:
1.1.3 Scope The following diagram r
Page 15 and 16:
1. The CAs asserting id-raytheon-SH
Page 17 and 18:
approval of the PMA. The ROA activi
Page 19 and 20:
� Raytheon employees and eligible
Page 21 and 22:
1.5 Policy Administration 1.5.1 Org
Page 23 and 24:
3.1 Naming 3 IDENTIFICATION & AUTHE
Page 25 and 26:
establishing how the applicant is k
Page 27 and 28:
4. The Identity Verifier shall reco
Page 29 and 30:
3.3.1 Identification and Authentica
Page 31 and 32:
For subscriber certificates, the pr
Page 33 and 34:
4.3.1 CA Actions during Certificate
Page 35 and 36:
4.7.4 Notification of New Certifica
Page 37 and 38:
Any CA may unilaterally revoke anot
Page 39 and 40:
4.9.8 Maximum Latency for CRLs The
Page 41 and 42:
4.12.2 Session Key Encapsulation an
Page 43 and 44:
depart shall initial a sign-out she
Page 45 and 46:
� Performing or overseeing intern
Page 47 and 48:
� Be trustworthy; � Have no oth
Page 49 and 50:
administrative documents (e.g., Adm
Page 51 and 52:
REVOCATION PROFILE MANAGEMENT Audit
Page 53 and 54:
It is acceptable for the system to
Page 55 and 56:
5.6 Key Changeover A CA uses a sign
Page 57 and 58:
If a RA signature keys are compromi
Page 59 and 60:
show that appropriate role separati
Page 61 and 62:
Hashing: Cryptographic Function Has
Page 63 and 64:
6.2 Private Key Protection and Cryp
Page 65 and 66: 6.3 Other Aspects of Key Management
Page 67 and 68: � All hardware must be shipped or
Page 69 and 70: 7 CERTIFICATE, CRL AND OCSP PROFILE
Page 71 and 72: When multiple values exist for an a
Page 73 and 74: 8 COMPLIANCE AUDIT AND OTHER ASSESS
Page 75 and 76: 9.1 Fees 9 OTHER BUSINESS AND LEGAL
Page 77 and 78: � There are no material misrepres
Page 79 and 80: � Ensure that certificate and rev
Page 81 and 82: as a termination of this CP unless
Page 83 and 84: enforce the agreement to arbitrate,
Page 85 and 86: 10 CERTIFICATE, CRL, AND OCSP FORMA
Page 87 and 88: Field Value Policy Mapping For SHA-
Page 89 and 90: 10.3 Raytheon Root CA Certificate (
Page 91 and 92: 91 7/25/2011
Page 93 and 94: 10.6 Medium Assurance Signing CA Ce
Page 95 and 96: Field Value Entrust Version Info c=
Page 97 and 98: 10.9 Medium Assurance Code Signing
Page 99 and 100: Field Value Entrust Version Info En
Page 101 and 102: 10.12 Medium Assurance Domain Contr
Page 103 and 104: 10.13 Medium Assurance Role Signatu
Page 105 and 106: 10.15 OCSP Responder Certificate Th
Page 107 and 108: 10.17 Medium Assurance CA CRL Forma
Page 109 and 110: 11 PKI REPOSITORY INTEROPERABILITY
Page 111 and 112: BIBLIOGRAPHY The following document
Page 113 and 114: HTTP Hypertext Transfer Protocol IA
Page 115: 13 GLOSSARY Access Ability to make
Page 119 and 120: Non-Repudiation Assurance that the
Page 121 and 122: other CA. (See superior CA). Subscr
show all

Raytheon Company Public Key Infrastructure (PKI) Certificate Policy

Create successful ePaper yourself

Delete template?

Save as template?