[cabfcert_policy] Trusted Roles Discussion
Ben Wilson
ben.wilson at digicert.com
Thu Mar 24 07:46:22 MST 2016
After talking on the call about this, I think it is better if we don't go
down this path of defining specific roles. Instead, Peter suggested that
we outline tasks or functions to be performed and then specify that they be
performed by a person in a trusted role, and that persons in trusted roles
receive training appropriate to the performance of the task or function
assigned. That will make this section 5.2.1 shorter and easier to digest,
and therefore the ballot will be more likely to pass.
From: policyreview-bounces at cabforum.org
[mailto:policyreview-bounces at cabforum.org] On Behalf Of Ben Wilson
Sent: Thursday, March 24, 2016 7:57 AM
To: policyreview at cabforum.org
Subject: [cabfcert_policy] Trusted Roles Discussion
For discussion today:
European - ETSI
U.S. - NIST
CABF Proposal?
- System Administrators: Authorized to install, configure and maintain the
TSP trustworthy systems for service management.
CA Administrator: Installation, configuration, and maintenance of the CA
and CSS
Administrator - responsible for the installation, configuration, and
maintenance of systems
- System Operators: Responsible for operating the TSP trustworthy systems on
a day-to-day basis.
Authorized to perform system backup and recovery.
Operations Staff: Registering new subscribers and requesting the issuance
of certificates. .
Configuring certificate profiles or templates
Operator - responsible for backup and recovery
- Security Officers: Overall responsibility for administering the
implementation of the security practices.
Security Auditors are responsible for internal auditing of CAs and RAs.
Security Auditors shall review, maintain, and archive audit logs, and
perform or oversee internal audits (independent of formal compliance audits)
to ensure that CAs and RAs are operating in accordance with the associated
CPSs
Security Officer - responsible for administering the implementation of the
security practices.
- System Auditors or evaluators: Authorized to view archives and audit logs
of the TSP trustworthy systems.
See above
Internal auditors - -responsible for reviewing the audit logs
RA Staff - Installation, configuration, and maintenance of the RA, etc.
Validation Specialist - responsible for validating certificate requests
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/policyreview/attachments/20160324/116445c7/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4954 bytes
Desc: not available
Url : https://cabforum.org/pipermail/policyreview/attachments/20160324/116445c7/attachment-0001.bin
More information about the Policyreview
mailing list