Raytheon Company Public Key Infrastructure (PKI) Certificate Policy

More documents

Recommendations

Info

� Verifying identity, pursuant to Section 3.2; and � Security communicating subscriber information to the RA. 5.2.2 Number of Persons Required per Task Two or more persons shall be required to perform the following tasks: � CA key generation; � CA signing key activation; � CA private key backup. Where multiparty control is required, at least one of the participants shall be an Administrator. All participants shall serve in a trusted role as defined in Section 5.2.1. Multiparty control shall not be achieved using personnel that serve in the Audit Administrator Role. All roles are recommended to have multiple persons in order to support continuity of operations. 5.2.3 Identification and Authentication for Each Role An individual shall identify and authenticate him/herself before being permitted to perform any actions set forth above for that role or identity. 5.2.4 Roles Requiring Separation of Duties Role separation, when required as set forth below, may be enforced either by the CA equipment, or procedurally, or by both means. Individual CA personnel shall be specifically designated to the four roles defined in Section 5.2.1 above. Individuals may assume more than one role, except: � Individuals who assume an Officer role may not assume an Administrator or Audit Administrator role; � Individuals who assume an Audit Administrator shall not assume any other role on the CA; and � Under no circumstances shall any of the four roles perform its own compliance auditor function. No individual shall be assigned more than one identity. 5.3 Personnel Controls 5.3.1 Qualifications, Experience, and Clearance Requirements A group of individuals responsible and accountable for the operation of each CA and CSA shall be identified. The trusted roles of these individuals per Section 5.2.1 shall be identified. All persons filling trusted roles shall be selected on the basis of loyalty, trustworthiness, and integrity, and shall be subject to background investigation. Personnel appointed to trusted roles (including CA trusted roles, CSA trusted roles, Trusted Agent, and RA role) shall: � Have successfully completed an appropriate training program; � Have demonstrated the ability to perform their duties; 46 7/25/2011
� Be trustworthy; � Have no other duties that would interfere or conflict with their duties for the trusted role; � Have not been previously relieved of duties for reasons of negligence or nonperformance of duties; � Have not been denied a security clearance, nor had a security clearance revoked for cause; � Have not been convicted of a felony offense; and � Be appointed in writing by an approving authority. For PKIs operated at medium-software, medium-hardware, and/or high-hardware, each person filling a trusted role shall satisfy at least one of the following requirements: � The person shall be a citizen of the country where the CA is located; or � For PKIs operated on behalf of multinational governmental organizations, the person shall be a citizen of one of the member countries; or � For PKIs located within the European Union, the person shall be a citizen of one of the member states of the European Union; or � The person shall have a security clearance equivalent to U.S. Secret or higher issued by a NATO member nation or major non-NATO ally as defined by the International Traffic in Arms Regulation (ITAR) – 22 CFR 120.32; or � For RAs, Trusted Agents, and personnel appointed to the trusted roles for the CSAs, in addition to the above, the person may be a citizen of the country where the function is located. Practice Note: In order to make the determination if a person was denied clearance or had clearance revoked for cause, it is sufficient to rely on the local Facility Security Officer (FSO) database, Joint Personnel Adjudication System (JPAS), and assertions by the person on security clearance forms. 5.3.2 Background Check Procedures All persons filling trusted roles (including CA trusted roles, CSA trusted roles, Trusted Agent, and RA role), shall have completed a favorable background investigation. The scope of the background check shall include the following areas covering the past five years and should be refreshed every five years: � Employment; � Education (Regardless of the date of award, the highest educational degree shall be verified); � Place of residence (3 years); � Law Enforcement; and � Financial / Credit Adjudication of the background investigation shall be performed by a competent adjudication authority using a process consistent with United States Executive Order 12968 August 1995, or equivalent. The results of these checks shall not be released except as required in Sections 9.3 and 9.4. Background check procedures shall be described in the CPS. 47 7/25/2011
Page 1 and 2: Raytheon Company Public Key Infrast
Page 3 and 4: Table of Contents 1 INTRODUCTION ..
Page 5 and 6: 4.6.7 Notification of Certificate I
Page 7 and 8: 5.4.8 Vulnerability Assessments ...
Page 9 and 10: 9 OTHER BUSINESS AND LEGAL MATTERS
Page 11 and 12: 1 INTRODUCTION This Certificate Pol
Page 13 and 14: 1.1.3 Scope The following diagram r
Page 15 and 16: 1. The CAs asserting id-raytheon-SH
Page 17 and 18: approval of the PMA. The ROA activi
Page 19 and 20: � Raytheon employees and eligible
Page 21 and 22: 1.5 Policy Administration 1.5.1 Org
Page 23 and 24: 3.1 Naming 3 IDENTIFICATION & AUTHE
Page 25 and 26: establishing how the applicant is k
Page 27 and 28: 4. The Identity Verifier shall reco
Page 29 and 30: 3.3.1 Identification and Authentica
Page 31 and 32: For subscriber certificates, the pr
Page 33 and 34: 4.3.1 CA Actions during Certificate
Page 35 and 36: 4.7.4 Notification of New Certifica
Page 37 and 38: Any CA may unilaterally revoke anot
Page 39 and 40: 4.9.8 Maximum Latency for CRLs The
Page 41 and 42: 4.12.2 Session Key Encapsulation an
Page 43 and 44: depart shall initial a sign-out she
Page 45: � Performing or overseeing intern
Page 49 and 50: administrative documents (e.g., Adm
Page 51 and 52: REVOCATION PROFILE MANAGEMENT Audit
Page 53 and 54: It is acceptable for the system to
Page 55 and 56: 5.6 Key Changeover A CA uses a sign
Page 57 and 58: If a RA signature keys are compromi
Page 59 and 60: show that appropriate role separati
Page 61 and 62: Hashing: Cryptographic Function Has
Page 63 and 64: 6.2 Private Key Protection and Cryp
Page 65 and 66: 6.3 Other Aspects of Key Management
Page 67 and 68: � All hardware must be shipped or
Page 69 and 70: 7 CERTIFICATE, CRL AND OCSP PROFILE
Page 71 and 72: When multiple values exist for an a
Page 73 and 74: 8 COMPLIANCE AUDIT AND OTHER ASSESS
Page 75 and 76: 9.1 Fees 9 OTHER BUSINESS AND LEGAL
Page 77 and 78: � There are no material misrepres
Page 79 and 80: � Ensure that certificate and rev
Page 81 and 82: as a termination of this CP unless
Page 83 and 84: enforce the agreement to arbitrate,
Page 85 and 86: 10 CERTIFICATE, CRL, AND OCSP FORMA
Page 87 and 88: Field Value Policy Mapping For SHA-
Page 89 and 90: 10.3 Raytheon Root CA Certificate (
Page 91 and 92: 91 7/25/2011
Page 93 and 94: 10.6 Medium Assurance Signing CA Ce
Page 95 and 96: Field Value Entrust Version Info c=
Page 97 and 98:
10.9 Medium Assurance Code Signing
Page 99 and 100:
Field Value Entrust Version Info En
Page 101 and 102:
10.12 Medium Assurance Domain Contr
Page 103 and 104:
10.13 Medium Assurance Role Signatu
Page 105 and 106:
10.15 OCSP Responder Certificate Th
Page 107 and 108:
10.17 Medium Assurance CA CRL Forma
Page 109 and 110:
11 PKI REPOSITORY INTEROPERABILITY
Page 111 and 112:
BIBLIOGRAPHY The following document
Page 113 and 114:
HTTP Hypertext Transfer Protocol IA
Page 115 and 116:
13 GLOSSARY Access Ability to make
Page 117 and 118:
Client (application) A system entit
Page 119 and 120:
Non-Repudiation Assurance that the
Page 121 and 122:
other CA. (See superior CA). Subscr
show all

Raytheon Company Public Key Infrastructure (PKI) Certificate Policy

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?