|
6.3 Other Aspects of Key Pair Management
6.3.1 Public Key Archival
All public keys of the CCA will be archived.
6.3.2 Usage Periods for the Public and Private Key
The Root key pair of the CCA and certificate will expire after 15 years from the moment of their generation.
6.4 Activation Data
6.4.1 Activation Data Generation and Installation
Not applicable
6.4.2 Activation Data Protection
Not applicable.
6.5 Computer Security Controls
6.5.1 Specific Computer Security Technical Requirements
CCA has established and documented all computer security technical controls implemented for the Root CA as specified in IT Security Guidelines of IT (CA) Rules, 2000.
6.6 Life Cycle Technical Controls
6.6.1 System Development Controls
Not Applicable.
6.2 Security management controls
Security management controls are enforced by rigid separation of operator roles.
- Security Officer
- Registration Officer
- System Administrator
6.7 Network Security Controls
The CCA's Root is maintained and operated off-line and is not networked with any external components.
The National Repository Service is maintained on-line and uses firewalls and other mechanisms for connections to untrusted networks including the Internet. These connections are further secured by using intrusion detection systems where applicable. The configuration and access control to these network security devices is strictly controlled and limited to authorized personnel only.
6.8 Cryptographic Module Engineering Controls
The cryptographic module used by the CCA is certified to FIPS 140-1 level 4.
|
