The Nisu Team Certification Authority
Certificate Practice Statement (CPS).

  1. Introduction
    1. Overview
    2. Identification
    3. Community and Applicability
    4. Contact Details
  2. General provisions
    1. Obligations
    2. Liability
    3. Financial responsibility
    4. Interpretation and Enforcement
    5. Fees
    6. Publication and Repository
    7. Compliance audit
    8. Confidentiality
    9. Intellectual Property Rights
  3. Identification and Authentication
    1. Initial Registration
    2. Routine Rekey
    3. Rekey after Revocation
    4. Revocation Request
  4. Operational Requirements
    1. Certificate Application
    2. Certificate Issuance
    3. Certificate Acceptance
    4. Certificate Suspension and Revocation
    5. Security Audit Procedures
    6. Records Archival
    7. Key changeover
    8. Compromise and Disaster Recovery
    9. CA Termination
  5. Physical, Procedural, and Personnel Security Controls
    1. Physical Controls
    2. Procedural Controls
    3. Personnel Controls
  6. Technical Security Controls
    1. Key Pair Generation and Installation
    2. Private Key Protection
    3. Other Aspects of Key Pair Management
    4. Activation Data
    5. Computer Security Controls
    6. Life Cycle Technical Controls
    7. Network Security Controls
    8. Cryptographic Module Engineering Controls
  7. Certificate and CRL Profiles
    1. Certificate Profile
    2. CRL Profile
  8. Specification Administration
    1. Specification change procedures
    2. Publication and notification policies
    3. CPS approval procedures

Introduction

Overview

Identification

Community and Applicability

Certification authorities
Registration authorities
End entities
Applicability

Contact Details

Specification administration organization
Contact person
Person determining CPS suitability for the policy

General provisions

Obligations

CA obligations
RA obligations
Subscriber obligations
Relying party obligations
Repository obligations

Liability

CA liability
RA liability

Financial responsibility

Indemnification by relying parties
Fiduciary relationships
Administrative processes

Interpretation and Enforcement

Governing law
Severability, survival, merger, notice
Dispute resolution procedures

Fees

Certificate issuance or renewal fees
Certificate access fees
Revocation or status information access fees
Fees for other services such as policy information
Refund policy

Publication and Repository

Publication of CA information
Frequency of publication
Access controls
Repositories

Compliance audit

Frequency of entity compliance audit
Identity/qualifications of auditor
Auditor's relationship to audited party
Topics covered by audit
Actions taken as a result of deficiency
Communication of results

Confidentiality

Types of information to be kept confidential
Types of information not considered confidential
Disclosure of certificate revocation/suspension information
Release to law enforcement officials
Release as part of civil discovery
Disclosure upon owner's request
Other information release circumstances

Intellectual Property Rights

Identification and Authentication

Initial Registration

Types of names
Need for names to be meaningful
Rules for interpreting various name forms
Uniqueness of names
Name claim dispute resolution procedure
Recognition, authentication and role of trademarks
Method to prove possession of private key
Authentication of organization identity
Authentication of individual identity

Routine Rekey

Rekey after Revocation

Revocation Request

Operational Requirements

Certificate Application

Certificate Issuance

Certificate Acceptance

Certificate Suspension and Revocation

Circumstances for revocation
Who can request revocation
Procedure for revocation request
Revocation request grace period
Circumstances for suspension
Who can request suspension
Procedure for suspension request
Limits on suspension period
CRL issuance frequency (if applicable)
CRL checking requirements
On-line revocation/status checking availability
On-line revocation checking requirements
Other forms of revocation advertisements available
Checking requirements for other forms of revocation advertisements
Special requirements re key compromise

Security Audit Procedures

Types of event recorded
Frequency of processing log
Retention period for audit log
Protection of audit log
Audit log backup procedures
Audit collection system (internal vs external)
Notification to event-causing subject
Vulnerability assessments

Records Archival

Types of event recorded
Retention period for archive
Protection of archive
Archive backup procedures
Requirements for time-stamping of records
Archive collection system (internal or external)
Procedures to obtain and verify archive information

Key changeover

Compromise and Disaster Recovery

Computing resources, software, and/or data are corrupted
Entity public key is revoked
Entity key is compromised
Secure facility after a natural or other type of disaster

CA Termination

Physical, Procedural, and Personnel Security Controls

Physical Controls

Site location and construction
Physical access
Power and air conditioning
Water exposures
Fire prevention and protection
Media storage
Waste disposal
Off-site backup

Procedural Controls

Trusted roles
Number of persons required per task
Identification and authentication for each role

Personnel Controls

Background, qualifications, experience, and clearance requirements
Background check procedures
Training requirements
Retraining frequency and requirements
Job rotation frequency and sequence
Sanctions for unauthorized actions
Contracting personnel requirements
Documentation supplied to personnel

Technical Security Controls

Key Pair Generation and Installation

Key pair generation
Private key delivery to entity
Public key delivery to certificate issuer
CA public key delivery to users
Key sizes
Public key parameters generation
Parameter quality checking
Hardware/software key generation
Key usage purposes (as per X v key usage field)

Private Key Protection

Standards for cryptographic module
Private key (n out of m) multi-person control
Private key escrow
Private key backup
Private key archival
Private key entry into cryptographic module
Method of activating private key
Method of deactivating private key
Method of destroying private key

Other Aspects of Key Pair Management

Public key archival
Usage periods for the public and private keys

Activation Data

Activation data generation and installation
Activation data protection
Other aspects of activation data

Computer Security Controls

Specific computer security technical requirements
Computer security rating

Life Cycle Technical Controls

System development controls
Security management controls
Life cycle security ratings

Network Security Controls

Cryptographic Module Engineering Controls

Certificate and CRL Profiles

Certificate Profile

Version number(s)
Certificate extensions
Algorithm object identifiers
Name forms
Name constraints
Certificate policy Object Identifier
Usage of Policy Constraints extension
Policy qualifiers syntax and semantics
Processing semantics for the critical certificate policy extension

CRL Profile

Version number(s)
CRL and CRL entry extensions

Specification Administration

Specification change procedures

Publication and notification policies

CPS approval procedures

Select Style