|
|
 |
SPYRUS Policies and Procedures - Certification Practice Statement (CPS) and PKI Disclosure Statement (PDS)
The CPS mirrors the CP. The CPS describes how the policy rules set out in the CP are met by the organization that has deployed the PKI, through its management, administrative, and operational procedures. The format of the SPYRUS CPS template conforms to IETF RFC 2527, and will be adjusted to conform to the revision of RFC 2527, as soon as it is published as an RFC. Within the CPS are a number of sections that may be extracted and turned into stand-alone sets of procedures for different needs. These include some components of the System Security Architecture, Security Policy and Procedures, Configuration Management and Quality Control, and Business Continuity Planning. The in-depth experience that SPYRUS has in PKI P&P can result in significant savings for our customers, through our assistance in developing the component parts of the CPS.
Associated with the CPS is the PKI Disclosure Statement (PDS). This template is a relatively recent addition to the P&P stable. It will be expressed in the revision of IETF RFC 2527. The purpose of the PDS is to extract the key points of the CPS for publication on an organization's web site. This recognizes two factors: first, the unlikelihood of all users reading the lengthy and detailed CPS, and, second, the need to keep some of the information in the CPS confidential, while at the same time meeting the generally accepted requirement of publishing practices on the web. The PDS supplements the CP and CPS, by emphasizing and disclosing through publication information that is also found in the CP and/or CPS. The PDS therefore does not replace a CP or CPS.
|
|
