Raytheon Company Public Key Infrastructure (PKI) Certificate Policy

More documents

Recommendations

Info

� Falsehood or misrepresentation of fact by the Cross Certified CA in the applicable contractual agreements. � Failure by the Cross Certified CA to disclose a material fact in any applicable contractual agreement, if the misrepresentation or mission was made negligently or with intent to deceive any party. � The Cross Certified CA failure to protect the Cross Certified CA private key, to use a Trustworthy System, or to otherwise take the precautions necessary to prevent the compromise, loss, disclosure, modification, or unauthorized use of the Cross Certified CA private key, or; � The Cross Certified CA use of a name (including without limitation within a common name, domain name, or e-mail address) that infringes upon the Intellectual Property Rights of a third party. Any applicable contractual agreement may include additional indemnity obligations. 9.9.2 Indemnification by Relying Parties To the extent permitted by applicable law, each Relying Party shall indemnify Raytheon and its contractors, agents, assigns, employees, officers, and directors from and against any third party claims, liabilities, damages, costs and expenses (including reasonable attorney’s fees), relating to or arising out of use of or reliance by Relying Party on any certificates issued by Raytheon, including, without limitation, for: � The Relying Party’s improper, illegal, or unauthorized use of a Certificate (including use of any expired, revoked, or unvalidated Certificate); � The Relying Party’s unreasonable reliance on a Certificate, under the circumstances, or; � The Relying Party’s failure to check the status of a Certificate on which it relies to determine if he Certificate is expired or revoked. Any applicable contractual agreement between Raytheon and a Relying Party with respect to the Raytheon PKI may include additional indemnity obligations, but these obligations would not apply to relying parties that are not customers of Raytheon. 9.10 Term and Termination 9.10.1 Term The CP becomes effective upon recommendation of the RPMA, approval of the Raytheon Chief Information Security Officer (CISO), and publication in the Raytheon Repository as a PDF document. Amendments to this CP become effective upon recommendation of the RPMA, approval of the Raytheon CISO, and publication at: http://www.raytheon.com/pki/library/index.html There is no specified term for this CP. 9.10.2 Termination While this CP may be amended from time to time, it shall remain in force until replaced by a newer version or terminated by recommendation of the RPMA and approval of the Raytheon CISO. For purposes of clarity, termination of any Memoranda of Agreement shall not operate 80 7/25/2011
as a termination of this CP unless this CP is explicitly terminated by a separate resolution of the Raytheon CISO. This CP shall survive any termination of a Raytheon CA issuing certificates in accordance with policies set forth in this CP. The requirements of this CP remain in effect through the end of the archive period for the last certificate issued. 9.10.3 Effect of Termination and Survival Upon termination of this CP, CAs cross certified with or subordinate to Raytheon are nevertheless bound by its terms for all Certificates issued for the remainder of the validity periods of such Certificates. The following sections of this CP shall survive the termination or expiration of this CP: 2.1.1, 2.2, 5.4, 5.5, 6.2-6.4, 6.8, 9.2-9.4, 9.7-9.10, 9.13-9.16. The responsibilities for protecting business confidential and personal information and Raytheon’s intellectual property rights shall survive termination of this CP. Raytheon’s right, title, and interest in all of its intellectual property rights, including owernship of any public key certificates and private keys issued pursuant to this CP shall survive termination of this CP. 9.11 Individual Notices and Communications with Participants Unless otherwise specified by agreement between the parties, Raytheon shall use commercially reasonable methods to communicate with cross-certified or subordinate CAs, taking into account the criticality and subject matter of the communication. The CA Operational Authority, RA or TA may be removed from their duties by their supervisor and/or an authorized individual. Notice is effective when given; oral notification shall be confirmed in writing. If the termination is for convenience, contract expiration, re-organization, or other non-security related reason, and provisions have been made to continue compromise recovery within the timeframes specified in the Raytheon Disaster Recovery Plan (including destruction or continued protection of signing key), compliance and security audit, archive, and data recovery services, then neither the terminated CAs certificate, nor certificates signed by that CA, need to be revoked. If provisions for maintaining these services cannot be made, then the CA termination shall be handled as a CA compromise in accordance with Sections 5.7.3 and 5.7.4 above. Prior to CA termination, CAs shall provide archived data to a RPMA approved Raytheon archival facility. 9.12 Amendments 9.12.1 Procedure for Amendment The Raytheon PMA shall review the CP and CPS at least once every year. Additional reviews may be enacted at any time at the discretion of the RPMA or at the request of the Raytheon CISO. If the RPMA wishes to recommend amendments or corrections to the CP or CPS, such modifications shall be voted on by members of the RPMA following procedures documented in the Raytheon PKI PMA Charter for Operations. Following approval of any modifications, public notification of amendments shall be made. 81 7/25/2011
Page 1 and 2:
Raytheon Company Public Key Infrast
Page 3 and 4:
Table of Contents 1 INTRODUCTION ..
Page 5 and 6:
4.6.7 Notification of Certificate I
Page 7 and 8:
5.4.8 Vulnerability Assessments ...
Page 9 and 10:
9 OTHER BUSINESS AND LEGAL MATTERS
Page 11 and 12:
1 INTRODUCTION This Certificate Pol
Page 13 and 14:
1.1.3 Scope The following diagram r
Page 15 and 16:
1. The CAs asserting id-raytheon-SH
Page 17 and 18:
approval of the PMA. The ROA activi
Page 19 and 20:
� Raytheon employees and eligible
Page 21 and 22:
1.5 Policy Administration 1.5.1 Org
Page 23 and 24:
3.1 Naming 3 IDENTIFICATION & AUTHE
Page 25 and 26:
establishing how the applicant is k
Page 27 and 28:
4. The Identity Verifier shall reco
Page 29 and 30: 3.3.1 Identification and Authentica
Page 31 and 32: For subscriber certificates, the pr
Page 33 and 34: 4.3.1 CA Actions during Certificate
Page 35 and 36: 4.7.4 Notification of New Certifica
Page 37 and 38: Any CA may unilaterally revoke anot
Page 39 and 40: 4.9.8 Maximum Latency for CRLs The
Page 41 and 42: 4.12.2 Session Key Encapsulation an
Page 43 and 44: depart shall initial a sign-out she
Page 45 and 46: � Performing or overseeing intern
Page 47 and 48: � Be trustworthy; � Have no oth
Page 49 and 50: administrative documents (e.g., Adm
Page 51 and 52: REVOCATION PROFILE MANAGEMENT Audit
Page 53 and 54: It is acceptable for the system to
Page 55 and 56: 5.6 Key Changeover A CA uses a sign
Page 57 and 58: If a RA signature keys are compromi
Page 59 and 60: show that appropriate role separati
Page 61 and 62: Hashing: Cryptographic Function Has
Page 63 and 64: 6.2 Private Key Protection and Cryp
Page 65 and 66: 6.3 Other Aspects of Key Management
Page 67 and 68: � All hardware must be shipped or
Page 69 and 70: 7 CERTIFICATE, CRL AND OCSP PROFILE
Page 71 and 72: When multiple values exist for an a
Page 73 and 74: 8 COMPLIANCE AUDIT AND OTHER ASSESS
Page 75 and 76: 9.1 Fees 9 OTHER BUSINESS AND LEGAL
Page 77 and 78: � There are no material misrepres
Page 79: � Ensure that certificate and rev
Page 83 and 84: enforce the agreement to arbitrate,
Page 85 and 86: 10 CERTIFICATE, CRL, AND OCSP FORMA
Page 87 and 88: Field Value Policy Mapping For SHA-
Page 89 and 90: 10.3 Raytheon Root CA Certificate (
Page 91 and 92: 91 7/25/2011
Page 93 and 94: 10.6 Medium Assurance Signing CA Ce
Page 95 and 96: Field Value Entrust Version Info c=
Page 97 and 98: 10.9 Medium Assurance Code Signing
Page 99 and 100: Field Value Entrust Version Info En
Page 101 and 102: 10.12 Medium Assurance Domain Contr
Page 103 and 104: 10.13 Medium Assurance Role Signatu
Page 105 and 106: 10.15 OCSP Responder Certificate Th
Page 107 and 108: 10.17 Medium Assurance CA CRL Forma
Page 109 and 110: 11 PKI REPOSITORY INTEROPERABILITY
Page 111 and 112: BIBLIOGRAPHY The following document
Page 113 and 114: HTTP Hypertext Transfer Protocol IA
Page 115 and 116: 13 GLOSSARY Access Ability to make
Page 117 and 118: Client (application) A system entit
Page 119 and 120: Non-Repudiation Assurance that the
Page 121 and 122: other CA. (See superior CA). Subscr
show all

Raytheon Company Public Key Infrastructure (PKI) Certificate Policy

Create successful ePaper yourself

Delete template?

Save as template?