PKI Framework

Adequacy of contracts/agreements for all outsourced CA operations

 

CA Environmental Controls

CA termination, including a description of the CA's procedures for termination and for termination notification of a CA or RA, including the identity of the custodian of CA and RA archival records.

 

Event Journaling

The Certification Authority maintains controls to provide reasonable assurance that significant CA environmental, key management, and certificate management events are accurately and completely logged.

 

The Certification Authority maintains controls to provide reasonable assurance that the confidentiality and integrity of current and archived event journals are maintained.

 

The Certification Authority maintains controls to provide reasonable assurance that event journals are completely and confidentially archived in accordance with disclosed business practices.

 

The Certification Authority maintains controls to provide reasonable assurance that event journals are reviewed periodically by authorized personnel.