Dsr cp/cps version 11 Effective Date: November 18, 2022
Entity Permitted Key Usage
Download 0.58 Mb. Pdf ko'rish
|
Microsoft DSR PKI CP-CPS for TLS Ver 2.11 November 2022
- Bu sahifa navigatsiya:
- Assurance Level Required Operator Card
|
Entity
Permitted Key Usage Issuing CA Signing of Subscriber Certificates, CRL Signing, and OCSP Responder Certificates Signing Subscriber Server Authentication, Client Authentication Exceptions to the above noted key uses should be approved on a case-by-case basis The key usage extension is set in accordance with the Certificate profile requirements specified in §7.1. 6.2 Private Key Protection and Cryptographic Module Engineering Controls 6.2.1 Cryptographic Module Standards and Controls CA key pairs are generated in and protected by hardware security modules certified to FIPS 140 level 3 that meet industry standards for random number and prime number generation. 6.2.2 Private Key (n out of m) Multi-Person Control The participation of at least two trusted employees is required to perform sensitive CA private key operations (e.g., signing operations, CA key backup, CA key recovery, etc.) for the Issuing CAs. This is enforced through DSR PKI’s allocation among persons or groups with trusted roles of the activation materials required for CA key activation and through physical access controls specified in §5.1.2 over the CA systems and related activation materials. A threshold (n) number of card sets of the total number (m) of activation materials, created and distributed for each hardware cryptographic module security world, is required to initialize a CA private key. At least one operator card with passphrase shall be required for activating the private key. Production security worlds created after the approval and publication of this CP/CPS shall have an “n out of m” configuration to support distribution of materials to individual key shareholders while maintaining redundancy to achieve operational efficiencies. Assurance Level Required Operator Card Download 0.58 Mb. Do'stlaringiz bilan baham: 
|