|
Right To Information Act, 2005 – 4(1)(b)(i): The Particulars of its Organisation, functions and duties.
1. Controller of Certifying Authorities (CCA)
The Controller of Certifying Authorities (CCA) has been appointed by the Central Government under section 17 of the Act for purposes of the IT Act. The Office of the CCA came into existence on November 1, 2000. It aims at promoting the growth of E-Commerce and E-Governance through the wide use of digital signatures
The Controller of Certifying Authorities (CCA) has established the Root Certifying Authority (RCAI) of India under section 18(b) of the IT Act to digitally sign the public keys of Certifying Authorities (CA) in the country. The RCAI is operated as per the standards laid down under the Act.
The requirements fulfilled by the RCAI include the following:
- All public keys corresponding to the signing private keys of a CA are digitally signed by the CCA.
- That these keys are signed by the CCA can be verified by a relying party through the CCA’s website or CA’s own website.
Authorized CCA personnel initiate and perform Root CA functions in accordance with the Certification Practice Statement of Root Certifying Authority of India. The term Root CA is used to refer to the total CA entity, including the software and its operations.
The RCAI root certificate is the highest level of certification in India. It is used to sign the public keys of the Licensed CAs in India. The RCAI root certificate is a self-signed certificate.
National Repository of Digital Certificates (NRDC) contains all Digital Signature Certificates issued under the IT Act, 2000.
The NRDC is responsible for:
- Digital signature certificates and CRLs issued by the RCAI
- Digital signature certificates and CRLs of subscribers issued by all Licensed CAs
In accordance with Section 20 of the IT Act, all certificates and CRL issued by all the licensed CAs are contained in the NRDC. This also contains the certificates and CRLs issued by the CCA through its RCAI. Relying parties can verify the CA’s public keys from the NRDC
The CPS of RCAI covers the practices followed by the CCA for the procedures related to the Licence/certificate application, issuance, use, validation, suspension, revocation and their expiry, as well as the operational maintenance of the RCAI and NRDC. This CPS is referred to as the “Root Certifying Authority of India CPS
The CCA issues Licenses to Certifying Authorities under section 24 of the IT Act, after duly processing their applications as provided for under the Act. This process includes examining the application and accompanying documents as provided for in sections 21 to 24 of the IT Act, and all the Rules and Regulations there under; approving the CPS; auditing the physical and technical infrastructure of the applicants through a panel of auditors maintained by the CCA. The CCA can suspend or revoke Licenses in accordance with the provisions of sections 25 and 26 of the IT Act. The CCA also approves changes in the CPS, if any, of the CAs. CCA also receives the periodic audit reports from all the Licensed CAs, and proposes action as provided for under section 18 of the IT Act and Rule 31 of the Rules under the Act. The CCA operates the RCAI under section 18(b) and NRDC under section 20 of the IT Act.
Functions and Duties of Controller of Certifying Authorities
The following are the functions of the Controller as per IT ACT, 2000 (Section 18)
3.1. Functions of Controller
The Controller may perform all or any of the following functions, namely:—
(E) Exercising supervision over the activities of the Certifying Authorities;
(b) Certifying public keys of the Certifying Authorities;
I Laying down the standards to be maintained by the Certifying Authorities;
(d) Specifying the qualifications and experience, which employees of the Certifying Authorities should possess;
(e) Specifying the conditions subject to which the Certifying Authorities shall conduct their business;
(f) Specifying the contents of written, printed or visual materials and advertisements that may be distributed or used in respect of a Digital Signature Certificate and the public key;
(g) Specifying the form and content of a Digital Signature Certificate and the key;
(h) Specifying the form and manner in which accounts shall be maintained by the Certifying Authorities;
(E) Specifying the terms and conditions subject to which auditors may be appointed and the remuneration to be paid to them;
(j) Facilitating the establishment of any electronic system by a Certifying Authority either solely or jointly with other Certifying Authorities and regulation of such systems;
(k) Specifying the manner in which the Certifying Authorities shall conduct their dealings with the subscribers;
(l) Resolving any conflict of interests between the Certifying Authorities and the subscribers;
(m) Laying down the duties of the Certifying Authorities;
(n) Maintaining a database containing the disclosure record of every Certifying Authority containing such particulars as may be specified by regulations, which shall be accessible to public.
Location and address
The office of CCA is functioning at Electronics Niketan, Department of Information Technology. The contact address is given below
Controller of Certifying Authorities
Electronics Niketan, 6 CGO Complex, Lodhi Road, New Delhi – 110003
EPABX No: 91-011-24364757, 91-011-24364767
FAX: 91-011-24369578, email: info@cca.gov.in
Right To Information Act, 2005 – 4(1)(b)(ii): Power and duties of its officers and employees.
Duties and responsibilities of Deputy Controller /Assistant Controller (Technology)
- Root CA Infrastructure
- Network Infrastructure Operation
- Maintaining Data of CAs
- National Repository of Digital Signature Certificates
- Security and Encryption issues
- CPS of CCA
- CPS of all CAs (all technical issues)
- CAs application Processing- technical and CPS issues
- Preparation of panel of auditors
- Auditing of CAs
- PKI technical standards
- Interface with PKI forums –Local and international
- CA Rules and Cyber Laws –technology issues.
- Cross-certification issues- Local and foreign CAs
- CRAC issues
- Technical support to investigation and Legal & Finance Division
- CA technology Forum
- To prepare replies to Parliament questions.
- Any additional item of work, as desired by CCA
Duties and Responsibilities of Director (Admin and Finance)
- All matters relating to Admin & Finance
- All matters relating to Annual Budget
- All matters relating to Annual Plan
- All matters relating to Performance Budget
- To prepare replies to Parliament questions
Any additional item of work, as directed by CCA
Duties of Technical Offices
- Certificate Signing and periodical CRL publishing
- National Repository administration and management
- LAN administration and management
- Administration of Routers, Firewall, Network IDS, DNS Primary and secondary etc.
- Management of Web Server, Mail server, Server Protect, Office Scan
- Website content management
- Internet Gateway status monitoring
- Infrastructure management
- Site co-ordination activities
- Security and Access Control management and monitoring
- Management of Power backup, Temperature and Fire Control Systems
- Backup and Recovery management
Right To Information Act, 2005 – 4(1)(b)(iii): The procedure followed in the decision-making process, including channels of supervision and accountability.
Technical Officers report to Assistant Controller, Assistant Controller reports to Deputy Controller and Deputy Controller reports to Controller Of Certifying Authorities.
Right To Information Act, 2005 – 4(1)(b)(iv): The norms set by it for the discharge of its functions.
|
Norm Title
|
IT Act, 2000
|
|
Effective date of Norm
|
Friday, June 9, 2000
|
|
Norm Definition
|
Definition
|
|
Detailed Guidelines for the Norm
|
Guidelines
|
Right To Information Act, 2005 – 4(1)(b)(v) : The rules, regulations, instructions, manuals and records, held by it or under its control or used by its employees for discharging functions.
|
Rule Title
|
Information Technology
(Certifying Authorities) Rules, 2000
|
|
Effective date of Rule
|
17th October, 2000
|
|
Rule Definition
|
Definition
|
|
Detailed Guidelines for the Rule
|
Guidelines
|
|
Guidelines Title
|
Guidelines For Submission Of Application For Licence To Operate As A Certifying Authority Under The It Act, 2000
|
|
Effective date of Guidelines
|
July 9, 2001
|
|
Guidelines Definition
|
Definition
|
|
Detailed Guidelines for the Guidelines
|
Guidelines
|
Right To Information Act, 2005 – 4(1)(b)(vi): A statement of the categories of the document that are held by it or under its control
Right To Information Act, 2005 – 4(1)(b)(vii): The particulars of any arrangement exists for consultation with, or representation by, the members of the public in relation to the formulation of its policy or implementation thereof.
1.India PKI Forum
Advisory forum of CAs and those with demonstrable interest in PKI to advise the CCA on technology standards & other related issues of PKI, and inter-operability issues for a successful PKI in the country.
2.Auditor’s Panel
CCA maintains a panel of Auditors who carry out audits of CA infrastructure to ensure compliance to IT Act, Rules and Regulations
The audit criteria is published here
The list of auditors are published here
Right To Information Act, 2005 – 4(1)(b)(viii): A statement of the boards, councils, committees and other bodies consisting of two or more persons constituted as its part or for the purpose of its advice, and as to whether meeting of those boards, councils, committees and other bodies are open to the public or minutes of such meetings are accessible for public.
(Not Applicable)
Right To Information Act, 2005 – 4(1)(b)(ix): A directory of its officers and employees.
|
Sl no
|
Name
|
Designation
|
Telephone
|
E-mail
|
|
1
|
Dr. N. Vijayaditya
|
CCA
|
2433073
|
cca@cca.gov.in
|
|
2
|
Mrs. Debjani Nag
|
Deputy Controller (Technology)
|
24369556
|
debjani@cca.gov.in
|
|
3
|
Smt Harshprabha
|
Assistant Controller (Technology)
|
24301327
|
harsh@cca.gov.in
|
|
4
|
Mr. K.B.Katyal
|
Director (Administration)
|
24367650
|
katyal@mit.gov.in
|
|
5
|
Mr. P Ramachandran
|
Technical Officer (Scientist 'D')
|
24301514
|
ram@cca.gov.in
|
|
6
|
Mr. Tareekushshan
|
Scientist ‘B’
|
24301515
|
tariq@cca.gov.in
|
|
7
|
Mr. M.P. Harinarayanan
|
Assistant
|
2430175
|
-
|
|
8
|
Mr A.G Prakash
|
PA
|
24301661
|
-
|
|
9
|
Mr. Surender Kumar Kapoor
|
Assistant
|
24301752
|
-
|
|
10
|
Mr Jagadeesh K Babu
|
PS
|
24301906
|
|
|
11
|
Mrs Ravi Mala
|
PA
|
24301827
|
|
|
12
|
Mrs Sonia Malhotra
|
PA
|
24301714
|
|
Right To Information Act, 2005 – 4(1)(b)(x):
The monthly remuneration received by each of its officers and employees, including the system of compensation as provided in its regulations.
|
Sl no
|
Name
|
Designation
|
|
1
|
Dr. N. Vijayaditya
|
CCA
|
|
2
|
Mrs. Debjani Nag
|
Deputy Controller (Technology)
|
|
3
|
Smt Harsh Prabha
|
Assistant Controller (Technology)
|
|
4
|
Mr. K.B.Katyal
|
Director (Administration)
|
|
5
|
Mr. P Ramachandran
|
Technical Officer (Scientist ‘D’)
|
|
6
|
Mr. Tareekushshan
|
Scientist ‘B’
|
|
7
|
Mr M.P. Harinarayan
|
Assistant
|
|
8
|
Mr A.G. Prakash
|
PA
|
|
9
|
Mr Surender Kumar Kapoor
|
Assistant
|
|
10
|
Mr. Jagadeesh K Babu
|
PS
|
|
11
|
Mrs. Ravi Mala
|
PA
|
|
12
|
Mrs Sonia Malhothra
|
PA
|
Right To Information Act, 2005 - 4(1)(b)(xi): The budget allocated to each of its agency, indicating the particulars of all plans proposed expenditures and reports on disbursements made.
Budget allocated for the year 2008-09
|
i)
|
65.00.01
|
Salaries
|
Rs. 100 Lakhs
|
|
ii)
|
65.00.01
|
Medical Treatment Expenses
|
Rs. 20 Lakhs
|
|
iii)
|
65.00.11
|
Domestic Travel Expenses
|
Rs. 20 Lakhs
|
|
iv)
|
65.00.12
|
Foreign Travel Expenses
|
Rs. 20 Lakhs
|
|
v)
|
65.00.13
|
Office Expenses
|
Rs. 145 Lakhs
|
|
vi)
|
65.00.50
|
Other Charges
|
Rs. 195 Lakhs
|
|
|
|
|
|
|
|
|
Total
|
Rs. 500 Lakhs
|
Right To Information Act, 2005 - 4(1)(b)(xii): The manner of execution of subsidy programs, including the amounts allocated and the details of beneficiaries of such programmes.
(Not applicable)
Right To Information Act, 2005 - 4(1)(b)(xiii): The particulars of recipients of concessions, permits or authorisations granted by it.
The CCA licenses Certifying Authorities (CAs) and exercises supervision over their activities. CCA issues licenses to CAs by signing/certifying their public keys, i.e. signing their Digital Signature Certificates more commonly known as Public Key Certificates (PKCs).
A Certifying Authority (CA) can operate in the country after being duly licensed by the CCA as per provisions of the IT Act. It provides services to its subscribers and relying parties as per its Certificate Practice Statement, which is approved by the CCA as part of the licensing procedure. The licence of a CA can be suspended or revoked by the CCA as provided under section 25 of the IT Act
The CPS of a CA covers the practices followed by the CA for the procedures related to the certificate application, issuance, use, validation, suspension, revocation and their expiry, as well as the operational maintenance of the CA and repository
List of CA certificates certified by CCA and CRL of CA’s are available here
The approved CPS of CAs are available for download here
Right To Information Act, 2005 - 4(1)(b)(xiv): Details in respect of the information, available to or held by it, reduced in an electronic form.
The CPS of RCAI covers the practices followed by the CCA for the procedures related to the Licence/certificate application, issuance, use, validation, suspension, revocation and their expiry, as well as the operational maintenance of the RCAI and NRDC. All documents issued by the CCA including the CPS can be downloaded from here
Right To Information Act, 2005 - 4(1)(b)(xv): The particulars of facilities available to citizens for obtaining information, including the working hours of a library or reading room, if maintained for public use.
Most of the information is available in electronic form published on the CCA web site. The requests for information may be sent to the office in the following address:
PIO, Controller of Certifying Authorities
Electronics Niketan, 6 CGO Complex, Lodhi Road, New Delhi – 110003
The request for information can also be sent to the mail address, info@cca.gov.in, during working hours.
Right To Information Act, 2005 - 4(1)(b)(xvi): The names, designations and other particulars of the Public Information Officers.
(Not applicable)
Right To Information Act, 2005 - 4(1)(b)(xvii): Such other information may be presented as may be prescribed and thereafter update these publications every year.
(Not Applicable)
|
