[cabfcert_policy] Trusted Roles Discussion

Thu Mar 24 06:57:23 MST 2016

For discussion today:

European - ETSI

U.S.  - NIST

CABF Proposal?

- System Administrators: Authorized to install, configure and maintain the
TSP trustworthy systems for service management.

CA Administrator:    Installation, configuration, and maintenance of the CA
and CSS

Administrator - responsible for the installation, configuration, and
maintenance of systems

- System Operators: Responsible for operating the TSP trustworthy systems on
a day-to-day basis.
Authorized to perform system backup and recovery.

Operations Staff:   Registering new subscribers and requesting the issuance
of certificates. . 

Configuring certificate profiles or templates

Operator - responsible for backup and recovery

- Security Officers: Overall responsibility for administering the
implementation of the security practices.

Security Auditors are responsible for internal auditing of CAs and RAs.
Security Auditors shall review, maintain, and archive audit logs, and
perform or oversee internal audits (independent of formal compliance audits)
to ensure that CAs and RAs are operating in accordance with the associated
CPSs

Security Officer - responsible for administering the implementation of the
security practices.

- System Auditors or evaluators: Authorized to view archives and audit logs
of the TSP trustworthy systems.

See above

Internal auditors - -responsible for reviewing the audit logs

RA Staff -   Installation, configuration, and maintenance of the RA, etc.

Validation Specialist - responsible for validating certificate requests 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/policyreview/attachments/20160324/cb45e079/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4954 bytes
Desc: not available
Url : https://cabforum.org/pipermail/policyreview/attachments/20160324/cb45e079/attachment.bin 