[cabfpub] DRAFT Certificate System Operational Security Requirements

i-barreira at izenpe.net i-barreira at izenpe.net
Fri Feb 1 08:30:14 UTC 2013



Why, instead of defining new reqs, can´t we adopt some other developed standards like ISO 27xxx family defining the scope as a requisite. In Izenpe, our ISMS certified by the ISO 27001 has defined a scope of the CA and all the related ítems (including RAs) in which we control assets, risks, etc. Wouldn´t be this easier? Rely on another well established standard?




Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.net




ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.


De: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] En nombre de Jeremy Rowley
Enviado el: viernes, 01 de febrero de 2013 9:13
Para: public at cabforum.org
Asunto: [cabfpub] DRAFT Certificate System Operational Security Requirements


Hi everyone, 


Attached is a draft of part two of the Forum's security requirements.  These requirements ask CA's to consider how management of the CA can impact security and trust.  Requirements that will eventually become part of the audit include guidelines on asset protection, certificate system and operational controls, and software development practices.  The overall goal of part two is to prevent situations similar to the TurkTrust incident from re-occurring.  


The commentary in the document is only intended to initiate discussion on the various topics and will be removed prior to adoption. Once these are adopted, we can work on the final part of the security guidelines, requirements on a CA's physical security.


I look forward to your feedback.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130201/f65b2418/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 19121 bytes
Desc: image001.png
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130201/f65b2418/attachment-0003.png>

More information about the Public mailing list