ETSI 101 456-2

In response to ETSI 101 456 sub section 7.4.1 the Digi-CA™ carries out a risk assessment to evaluate business risks and determine the necessary security requirements and operational procedures and retains responsibility for all aspects of the provision of certification services, even if some functions are outsourced to subcontractors. Responsibilities of third parties are clearly defined by the Digi-CA™ and appropriate arrangements made to ensure that third parties are bound to implement any controls required by the Digi-CA™. The Digi-CA™ retains responsibility for the disclosure of relevant practices of all parties. The Digi-CA™ management provides direction on information security through a suitable high level steering forum that is responsible for defining the Digi-CA’s™ information security policy and ensuring publication and communication of the policy to all employees who are impacted by the policy. The information security infrastructure necessary to manage the security within the Digi-CA™ is maintained at all times. The Digi-CA™ management forum approves any changes that will impact on the level of security provided. The security controls and operating procedures for Digi-CA™ facilities, systems and information assets providing the certification services are documented, implemented and maintained and Digi-CA™ ensures that the security of information is maintained when the responsibility for Digi-CA™ functions has been outsourced to another organization or entity.

In response to ETSI 101 456 sub section 7.4.2 the Digi-CA™ maintains an inventory of all information assets and assigns a classification for the protection requirements to those assets consistent with the risk analysis.

In response to ETSI 101 456 sub section 7.4.3 the Digi-CA™ employs personnel, which possess the expert knowledge, experience and qualifications necessary for the offered services and as appropriate to the job function and Security roles and responsibilities, as specified in the Digi-CA’s™ security policy, are documented in job descriptions. Trusted roles, on which the security of the Digi-CA’s™ operation is dependent, are clearly identified. Digi-CA™ personnel (both temporary and permanent) have job descriptions defined from the view point of separation of duties and least privilege, determining position sensitivity based on the duties and access levels, background screening and employee training and awareness. Where appropriate, these differentiate between general functions and Digi-CA™ specific functions. It is recommended that the job descriptions include skills and experience requirements. Personnel exercise administrative and management procedures and processes that are in line with the Digi-CA’s™ information security management procedures. Managerial personnel are employed who possess expertise in the electronic signature technology and familiarity with security procedures for personnel with security responsibilities and experience with information security and risk assessment and all Digi-CA™ personnel in trusted roles are free from conflicting interests that might prejudice the impartiality of the Digi-CA™ operations.

Trusted roles include roles such as Security Officers: Overall responsibility for administering the implementation of the security practices. Additionally approve the generation/revocation/suspension of Certificates; System Administrators: Authorized to install, configure and maintain the Digi-CA™ trustworthy systems for registration, certificate generation, subject device provision and revocation management; System Operators: Responsible for operating the Digi-CA™ trustworthy systems on a day-to-day basis and authorized to perform system backup and recovery; System Auditors: Authorized to view and maintain archives and audit logs of the Digi-CA™ trustworthy systems. Digi-CA™ personnel are formally appointed to trusted roles by senior management responsible for security. The Digi-CA™ do not appoint to trusted roles or management any person who is known to have a conviction for a serious crime or other offence which affects his/her suitability for the position. Personnel do not have access to the trusted functions until any necessary checks are completed.

In response to ETSI 101 456 sub section 7.4.4 physical access to facilities concerned with certificate generation, subject device provision, and revocation management services are limited to properly authorized individuals, Controls are implemented to avoid loss, damage or compromise of assets and interruption to business activities; and Controls are implemented to avoid compromise or theft of information and information processing facilities. Certificate generation, subject device provision and revocation management. The facilities concerned with certificate generation, subject device provision and revocation management are operated in an environment, which physically protects the services from compromise through unauthorized access to systems or data. Physical protection is achieved through the creation of clearly defined security perimeters (i.e. physical barriers) around the certificate generation, subject device provision and revocation management services. Any parts of the premises shared with other organizations are outside this perimeter.

Physical and environmental security controls are implemented to protect the facility housing system resources, the system resources themselves, and the facilities used to support their operation. The Digi-CA’s™ physical and environmental security policy for systems concerned with certificate generation, subject device provision and revocation management services address the physical access control, natural disaster protection, fire safety factors, failure of supporting utilities (e.g. power, telecommunications), structure collapse, plumbing leaks, protection against theft, breaking and entering, and disaster recovery, etc and controls are implemented to protect against equipment, information, media and software relating to the Digi-CA™ services being taken off-site without authorization..

In response to ETSI 101 456 sub section 7.4.5 the integrity of Digi-CA™ systems and information are protected against viruses, malicious and unauthorized software and damage from security incidents and malfunctions are minimized through the use of incident reporting and response procedures. Media used within the Digi-CA™ are securely handled to protect media from damage, theft and unauthorized access. Procedures are established and implemented for all trusted and administrative roles that impact on the provision of certification services and all media are handled securely in accordance with requirements of the information classification scheme. Media containing sensitive data are securely disposed of when no longer required. Capacity demands are monitored and projections of future capacity requirements made to ensure that adequate processing power and storage are available. The Digi-CA™ acts in a timely and coordinated manner in order to respond quickly to incidents and to limit the impact of breaches of security. All incidents are reported as soon as possible after the incident and Digi-CA™ security operations are separated from normal operations.

In response to ETSI 101 456 sub section 7.4.6 Controls (e.g. firewalls) are implemented to protect the Digi-CA’s™ internal network domains from external network domains accessible by third parties and sensitive data are protected when exchanged over networks, which are not secure. The Digi-CA™ ensures effective administration of user (this includes operators, administrators and any users given direct access to the system) access to maintain system security, including user account management, auditing and timely modification or removal of access. The Digi-CA™ ensures access to information and application system functions are restricted in accordance with the access control policy and that the Digi-CA™ system provides sufficient computer security controls for the separation of trusted roles identified in Digi-CA’s™ practices, including the separation of security administrator and operation functions. Particularly, use of system utility programs are restricted and tightly controlled. Digi-CA™ personnel are successfully identified and authenticated before using critical applications related to certificate management and accountable for their activities, for example by retaining event logs. Sensitive data is protected against being revealed through re-used storage objects (e.g. deleted files) being accessible to unauthorized users.

The Digi-CA™ ensures that local network components (e.g. routers) are kept in a physically secure environment and their configurations periodically audited for compliance with the requirements specified by the Digi-CA™. Continuous monitoring and alarm facilities are provided to enable the Digi-CA™ to detect, register and react in a timely manner upon any unauthorized and/or irregular attempts to access its resources. Dissemination application enforces access control on attempts to add or delete certificates and modify other associated information and continuous monitoring and alarm facilities are provided to enable the Digi-CA™ to detect, register and react in a timely manner upon any unauthorized and/or irregular attempts to access its resources. Revocation status application enforces access control on attempts to modify revocation status information.

In response to ETSI 101 456 sub section 7.4.7 an analysis of security requirements are carried out at the design and requirements specification stage of any systems development project undertaken by the Digi-CA™ or on behalf of the Digi-CA™ to ensure that security is built into IT systems. Change control procedures exist for releases, modifications and emergency software fixes for any operational software.

In response to ETSI 101 456 sub section 7.4.8 the Digi-CA’s™ business continuity plan (or disaster recovery plan) addresses the compromise or suspected compromise of a Digi-CA’s™ private signing key as a disaster. In the case of compromise the Digi-CA™ informs all subscribers, relying parties and other CAs with which it has agreements or other form of established relations of the compromise and indicates that certificates and revocation status information issued using this Digi-CA™ key may no longer be valid.

In response to ETSI 101 456 sub section 7.4.9 the Digi-CA™ ensures that potential disruptions to subscribers and relying parties are minimized as a result of the cessation of the Digi-CA’s™ services, and ensure continued maintenance of records required to provide evidence of certification for the purposes of legal proceedings. Before the Digi-CA™ terminates its services, it informs all subscribers, relying parties and other CAs with which it has agreements or other form of established relations and terminates all authorization of subcontractors to act on behalf of the Digi-CA™ in the performance of any functions related to the process of issuing certificates. The Digi-CA™ performs necessary undertakings to transfer obligations for maintaining registration information and event log archives for their respective period of time as indicated to the subscriber and relying party. The Digi-CA™ also destroys, or withdraws from use, its Private Keys. The Digi-CA™ have an arrangement to cover the costs to fulfil these minimum requirements in case the Digi-CA™ becomes bankrupt or for other reasons is unable to cover the costs by itself. The Digi-CA™ states in its practices the provisions made for termination of service such as the notification of affected entities, the transfer of its obligations to other parties and the handling of the revocation status for unexpired certificates that have been issued.