|
|
 |
PKI Policies and Procedures: Certification Practices Statement and PKI Disclosure Statement
The certification practices statement describes how the policy rules set out in the certificate policy are met by the organization deploying the PKI, through its management, administrative, and operational procedures. The SPYRUS certification practices statement template conforms to IETF RFC 2527. It contains several sections that can be extracted and turned into standalone procedures, including some components of the system security architecture, security policy and procedures, configuration management and quality control, and business continuity planning templates.
The PKI disclosure statement, expressed in IETF RFC 2527, is associated with the certification practices statement. The purpose of the PKI disclosure statement is to extract the key points of the certification practices statement for publication on an organization's web site. This recognizes two factors: first,
- The likelihood that many users will avoid reading the lengthy and detailed certification practices statement.
- The need to keep some of the information in the certification practices statement confidential, while at the same time meeting the generally accepted requirement of publishing practices on the web.
The PKI disclosure statement supplements the certificate policy and certification practices statement by allowing some but not all of the information also found in the certificate policy or certification practices statement to be published.
|
|
