|
|
 |
PKI Policies and Procedures: Audit Procedures for Secure Root Key Generation
Complete trust in the root key is crucial to any PKI. The root key is the key pair that is generated when the PKI starts up. The core of trust in a PKI is the root private key. The audit procedures outline the steps for generating and storing the root private key.
Generation of the root key pair creates the root certificate. The root certificate is used to sign subordinate authority certificates and, at the end of the chain of trust, end-entity certificates are signed through a chain leading back to the root certificate. If the underlying root key cannot be completely trusted, there is no trust in the subsequent activities of either the PKI system or in the transactions that the PKI system assures.
The root key generation audit template includes forms for auditors who witness the root key generation process. The template lets your organization tailor the template to meet your own requirements, based on the certificate policy. The services of accredited auditors are required for root key generation only.
An additional template covers physical security requirements for root key generation. Strong security safeguards must be applied for root key generation, and physical security of the site must be equally strong. Some safeguards may not be present on site, but these can be added to the site or compensated by introducing other measures.
The physical security template includes a checklist of security safeguards and considerations for PKI installation planning.
|
|
