Raytheon Company Public Key Infrastructure (PKI) Certificate Policy

More documents

Recommendations

Info

7.2 CRL Profile 7.2.1 Version Numbers CAs shall issue X.509 version two (v2) CRLs (populate version field with integer "1"). 7.2.2 CRL and CRL Entry Extensions Critical private extensions shall be interoperable in their intended community of use. Section 10 shall contain the CRL formats. 7.3 OCSP Profile OCSP requests and responses shall be in accordance with RFC 2560. Section 10 contains the OCSP request and response formats. 7.3.1 Version Number The version number for request and responses shall be v1. 7.3.2 OCSP Extensions Responses shall support the nonce extension. 72 7/25/2011
8 COMPLIANCE AUDIT AND OTHER ASSESSMENTS The Raytheon Policy Management Authority, working with the Raytheon Operational Authority shall have a compliance audit mechanism in place to ensure that the requirements of applicable MOAs, this CP and applicable CPS are being implemented and enforced. 8.1 Frequency or Circumstances of Assessments The CAs, RAs, and CSAs shall be subject to a periodic compliance audit at least once per year. The CAs have the right to require periodic and aperiodic compliance audits or inspections of subordinate CA or RA operations to validate that the subordinate entities are operating in accordance with the security practices and procedures described in their respective CPS. Further, the RPMA has the right to require aperiodic compliance audit of the RRCA (and, when needed, their subordinate CAs) and Raytheon Signing CAs that interoperate with the Raytheon CAs under this CP. The RPMA shall state the reason for any aperiodic compliance audit. 8.2 Identity and Qualifications Of Assessor The compliance auditor shall demonstrate competence in the field of compliance audits, and shall be thoroughly familiar with requirements of this CP. The compliance auditor must perform such compliance audits as a primary responsibility. The applicable CPS shall identify the compliance auditor and justify the compliance auditor's qualifications. 8.3 Assessor’s Relationship To Assessed Entity The compliance auditor shall be a private firm, which is independent from the entity being audited. 8.4 Topics Covered By Assessment The purpose of a compliance audit shall be to verify that a component operates in accordance with this CP, applicable CPS, and the applicable MOAs between the Raytheon PKI, CertiPath, and other Entities (e.g. Federal PKI). 8.5 Actions Taken as a Result of Deficiency The RPMA may determine that a CA is not complying with its obligations set forth in this CP or the respective MOA. When such a determination is made, the RPMA may suspend operation of a noncompliant CA it controls, or may direct the Raytheon Operational Authority to cease interoperating with the affected CA (e.g., by revoking the cross or subordinate certificate issued to the CA), or may direct that other corrective actions be taken which allow interoperation to continue. If the compliance auditor finds a discrepancy between how the CA is designed or is being operated or maintained, and the requirements of this CP, the MOA, or the applicable CPS, the following actions shall be performed: � The compliance auditor shall note the discrepancy; � The compliance auditor shall notify the CA of the discrepancy. The CA shall notify the RPMA promptly; � The party responsible for correcting the discrepancy shall determine what further notifications or actions are necessary pursuant to the requirements of this CP and the MOA, and then proceed to make such notifications and take such actions without delay. Depending upon the nature and severity of the discrepancy, and how quickly it can be corrected, the RPMA may decide to halt temporarily operation of a Raytheon CA, to revoke a 73 7/25/2011
Page 1 and 2:
Raytheon Company Public Key Infrast
Page 3 and 4:
Table of Contents 1 INTRODUCTION ..
Page 5 and 6:
4.6.7 Notification of Certificate I
Page 7 and 8:
5.4.8 Vulnerability Assessments ...
Page 9 and 10:
9 OTHER BUSINESS AND LEGAL MATTERS
Page 11 and 12:
1 INTRODUCTION This Certificate Pol
Page 13 and 14:
1.1.3 Scope The following diagram r
Page 15 and 16:
1. The CAs asserting id-raytheon-SH
Page 17 and 18:
approval of the PMA. The ROA activi
Page 19 and 20:
� Raytheon employees and eligible
Page 21 and 22: 1.5 Policy Administration 1.5.1 Org
Page 23 and 24: 3.1 Naming 3 IDENTIFICATION & AUTHE
Page 25 and 26: establishing how the applicant is k
Page 27 and 28: 4. The Identity Verifier shall reco
Page 29 and 30: 3.3.1 Identification and Authentica
Page 31 and 32: For subscriber certificates, the pr
Page 33 and 34: 4.3.1 CA Actions during Certificate
Page 35 and 36: 4.7.4 Notification of New Certifica
Page 37 and 38: Any CA may unilaterally revoke anot
Page 39 and 40: 4.9.8 Maximum Latency for CRLs The
Page 41 and 42: 4.12.2 Session Key Encapsulation an
Page 43 and 44: depart shall initial a sign-out she
Page 45 and 46: � Performing or overseeing intern
Page 47 and 48: � Be trustworthy; � Have no oth
Page 49 and 50: administrative documents (e.g., Adm
Page 51 and 52: REVOCATION PROFILE MANAGEMENT Audit
Page 53 and 54: It is acceptable for the system to
Page 55 and 56: 5.6 Key Changeover A CA uses a sign
Page 57 and 58: If a RA signature keys are compromi
Page 59 and 60: show that appropriate role separati
Page 61 and 62: Hashing: Cryptographic Function Has
Page 63 and 64: 6.2 Private Key Protection and Cryp
Page 65 and 66: 6.3 Other Aspects of Key Management
Page 67 and 68: � All hardware must be shipped or
Page 69 and 70: 7 CERTIFICATE, CRL AND OCSP PROFILE
Page 71: When multiple values exist for an a
Page 75 and 76: 9.1 Fees 9 OTHER BUSINESS AND LEGAL
Page 77 and 78: � There are no material misrepres
Page 79 and 80: � Ensure that certificate and rev
Page 81 and 82: as a termination of this CP unless
Page 83 and 84: enforce the agreement to arbitrate,
Page 85 and 86: 10 CERTIFICATE, CRL, AND OCSP FORMA
Page 87 and 88: Field Value Policy Mapping For SHA-
Page 89 and 90: 10.3 Raytheon Root CA Certificate (
Page 91 and 92: 91 7/25/2011
Page 93 and 94: 10.6 Medium Assurance Signing CA Ce
Page 95 and 96: Field Value Entrust Version Info c=
Page 97 and 98: 10.9 Medium Assurance Code Signing
Page 99 and 100: Field Value Entrust Version Info En
Page 101 and 102: 10.12 Medium Assurance Domain Contr
Page 103 and 104: 10.13 Medium Assurance Role Signatu
Page 105 and 106: 10.15 OCSP Responder Certificate Th
Page 107 and 108: 10.17 Medium Assurance CA CRL Forma
Page 109 and 110: 11 PKI REPOSITORY INTEROPERABILITY
Page 111 and 112: BIBLIOGRAPHY The following document
Page 113 and 114: HTTP Hypertext Transfer Protocol IA
Page 115 and 116: 13 GLOSSARY Access Ability to make
Page 117 and 118: Client (application) A system entit
Page 119 and 120: Non-Repudiation Assurance that the
Page 121 and 122: other CA. (See superior CA). Subscr
show all

Raytheon Company Public Key Infrastructure (PKI) Certificate Policy

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?