Raytheon Company Public Key Infrastructure (PKI) Certificate Policy

More documents

Recommendations

Info

Raytheon Operational Authority (Raytheon OA) revoke public key certificates. The Raytheon Operational Authority is the organization selected by the Raytheon PMA (RPMA) to be responsible for operating the Raytheon PKI. Raytheon PMA (RPMA) The Raytheon PMA (RPMA) is a body responsible for setting, implementing, and administering policy decisions regarding PKI interoperability that uses the Raytheon. Raytheon Root Certification Authority (RRCA) The Raytheon Root Certification Authority consists of a collection of Public Key Infrastructure devices (Certificate Authorities, PKI Repositories, Certificate Policies and Certificate Practice Statements) that are used to issue certificates to subscribers. Registration Authority (RA) An entity that issues certificates to users and devices. Re-key (a certificate) To change the value of a cryptographic key that is being used in a cryptographic system application; this normally entails Signing a new certificate on the new public key. Relying Party A person or Entity who has received information that includes a certificate and a digital signature verifiable with reference to a public key listed in the certificate, and is in a position to rely on them. Renew (a certificate) The act or process of extending the validity of the data binding asserted by a public key certificate by Signing a new certificate. Repository A database containing information and data relating to certificates as specified in this CP; may also be referred to as a directory. In this CP, Repository refers to PKI Repository. Responsible Individual A trustworthy person designated by a sponsoring organization to authenticate individual applicants seeking certificates on the basis of their affiliation with the sponsor. Revoke a Certificate To prematurely end the operational period of a certificate effective at a specific date and time. Risk An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. Risk Tolerance The level of risk an entity is willing to assume in order to achieve a potential desired result. Root CA In a hierarchical PKI, the CA whose public key serves as the most trusted datum (i.e., the beginning of trust paths) for a security domain. Server A system entity that provides a service in response to requests from clients. Signature Certificate A public key certificate that contains a public key intended for verifying digital signatures rather than encrypting data or performing any other cryptographic functions. Subordinate CA In a hierarchical PKI, a CA whose certificate signature key is certified by another CA, and whose activities are constrained by that 120 7/25/2011
other CA. (See superior CA). Subscriber A Subscriber is an entity that (1) is the subject named or identified in a certificate issued to that entity, (2) holds a private key that corresponds to the public key listed in the certificate, and (3) does not itself issue certificates to another party. This includes, but is not limited to, an individual or network device Superior CA In a hierarchical PKI, a CA who has certified the certificate signature key of another CA, and who constrains the activities of that CA. (See subordinate CA). System Equipment Configuration A comprehensive accounting of all system hardware and software types and settings. Technical non-repudiation The contribution public key mechanisms to the provision of technical evidence supporting a non-repudiation security service. Threat Any circumstance or event with the potential to cause harm to an information system in the form of destruction, disclosure, adverse modification of data, and/or denial of service. Trust List Collection of trusted certificates used by Relying Parties to authenticate other certificates. Trusted Agent Entity authorized to act as a representative of an Entity in confirming Subscriber identification during the registration process. Trusted Agents do not have automated interfaces with Certification Authorities. Trusted Certificate A certificate that is trusted by the Relying Party on the basis of secure and authenticated delivery. The public keys included in trusted certificates are used to start certification paths. Also known as a "trust anchor". Trusted Timestamp A digitally signed assertion by a trusted authority that a specific digital object existed at a particular time. Trustworthy System Computer hardware, software and procedures that: (1) are reasonably secure from intrusion and misuse; (2) provide a reasonable level of availability, reliability, and correct operation; (3) are reasonably suited to performing their intended functions; and (4) adhere to generally accepted security procedures. Two-Person Control Continuous surveillance and control of positive control material at all times by a minimum of two authorized individuals, each capable of detecting incorrect and/or unauthorized procedures with respect to the task being performed, and each familiar with established security and safety requirements. Update (a certificate) The act or process by which data items bound in an existing public key certificate, especially authorizations granted to the subject, are changed by Signing a new certificate. Update (in reference to significant change) Alterations to Licensed Software, including code and/or error corrections and minor code enhancements or modifications, that may be developed and generally released from time to time by the Software Vendor and made available to the customer (licensee). 121 7/25/2011
Page 1 and 2:
Raytheon Company Public Key Infrast
Page 3 and 4:
Table of Contents 1 INTRODUCTION ..
Page 5 and 6:
4.6.7 Notification of Certificate I
Page 7 and 8:
5.4.8 Vulnerability Assessments ...
Page 9 and 10:
9 OTHER BUSINESS AND LEGAL MATTERS
Page 11 and 12:
1 INTRODUCTION This Certificate Pol
Page 13 and 14:
1.1.3 Scope The following diagram r
Page 15 and 16:
1. The CAs asserting id-raytheon-SH
Page 17 and 18:
approval of the PMA. The ROA activi
Page 19 and 20:
� Raytheon employees and eligible
Page 21 and 22:
1.5 Policy Administration 1.5.1 Org
Page 23 and 24:
3.1 Naming 3 IDENTIFICATION & AUTHE
Page 25 and 26:
establishing how the applicant is k
Page 27 and 28:
4. The Identity Verifier shall reco
Page 29 and 30:
3.3.1 Identification and Authentica
Page 31 and 32:
For subscriber certificates, the pr
Page 33 and 34:
4.3.1 CA Actions during Certificate
Page 35 and 36:
4.7.4 Notification of New Certifica
Page 37 and 38:
Any CA may unilaterally revoke anot
Page 39 and 40:
4.9.8 Maximum Latency for CRLs The
Page 41 and 42:
4.12.2 Session Key Encapsulation an
Page 43 and 44:
depart shall initial a sign-out she
Page 45 and 46:
� Performing or overseeing intern
Page 47 and 48:
� Be trustworthy; � Have no oth
Page 49 and 50:
administrative documents (e.g., Adm
Page 51 and 52:
REVOCATION PROFILE MANAGEMENT Audit
Page 53 and 54:
It is acceptable for the system to
Page 55 and 56:
5.6 Key Changeover A CA uses a sign
Page 57 and 58:
If a RA signature keys are compromi
Page 59 and 60:
show that appropriate role separati
Page 61 and 62:
Hashing: Cryptographic Function Has
Page 63 and 64:
6.2 Private Key Protection and Cryp
Page 65 and 66:
6.3 Other Aspects of Key Management
Page 67 and 68:
� All hardware must be shipped or
Page 69 and 70: 7 CERTIFICATE, CRL AND OCSP PROFILE
Page 71 and 72: When multiple values exist for an a
Page 73 and 74: 8 COMPLIANCE AUDIT AND OTHER ASSESS
Page 75 and 76: 9.1 Fees 9 OTHER BUSINESS AND LEGAL
Page 77 and 78: � There are no material misrepres
Page 79 and 80: � Ensure that certificate and rev
Page 81 and 82: as a termination of this CP unless
Page 83 and 84: enforce the agreement to arbitrate,
Page 85 and 86: 10 CERTIFICATE, CRL, AND OCSP FORMA
Page 87 and 88: Field Value Policy Mapping For SHA-
Page 89 and 90: 10.3 Raytheon Root CA Certificate (
Page 91 and 92: 91 7/25/2011
Page 93 and 94: 10.6 Medium Assurance Signing CA Ce
Page 95 and 96: Field Value Entrust Version Info c=
Page 97 and 98: 10.9 Medium Assurance Code Signing
Page 99 and 100: Field Value Entrust Version Info En
Page 101 and 102: 10.12 Medium Assurance Domain Contr
Page 103 and 104: 10.13 Medium Assurance Role Signatu
Page 105 and 106: 10.15 OCSP Responder Certificate Th
Page 107 and 108: 10.17 Medium Assurance CA CRL Forma
Page 109 and 110: 11 PKI REPOSITORY INTEROPERABILITY
Page 111 and 112: BIBLIOGRAPHY The following document
Page 113 and 114: HTTP Hypertext Transfer Protocol IA
Page 115 and 116: 13 GLOSSARY Access Ability to make
Page 117 and 118: Client (application) A system entit
Page 119: Non-Repudiation Assurance that the
show all

Raytheon Company Public Key Infrastructure (PKI) Certificate Policy

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?