Slide 15 of 19
Notes:
Policy Approval Authority
Legally constituted body sits at the top of the PKI trust hierarchy and bears ultimate responsibility for the definition of policies to be adhered to by the PKI.
1. Practices employed within the Revenue PKI to support the use or Keys and Certificates issued by a Revenue Certification Authority.
2. use of technologies and processes to support the underlying operational infrastructure.
3. Excess 100 pages & may be published
Standards to which the PKI complies e.g. X509, Types of certificate issued, Certificate Management Life Cycle e.g. registration to expiry including revocation, Operational Infrastructure (Production, RA services, User services domains e.t.c)
Scope (practices e.g roles, responsibilities, bindings, documentation)
Security Philosophy (objectives and aims)
Staffing Arrangements Vetting procedures, names and responsibilities
Rights of Investigation (for suspected key compromise and/or non CPS compliant events
More detailed policy with regards to the different certificates in use within the CA and the ROS system
Revenue and customer responsibility, obligations and liabilities
Independent audit of ID & Auth, Integrity, Non-Rep., Integrity of customer computer. Signed audit will be published on ROS site
