Archived U.S. Government Approved Protection Profile - Protection Profile for Certification Authorities Version 1.0
Short Name: pp_ca_v1.0 Technology Type: Certificate Authority CC Version: 3.1 Date: 2014.05.16 Succeeded By: pp_ca_v2.0 Sunset Date: 2017.04.28 Conformance Claim: None Protection Profile
PP OVERVIEWCertification Authorities (CAs), and the infrastructure they support, form the basis for one of the primary mechanisms for providing strong assurance of identity in online transactions. The widely placed trust in CAs is at the heart of security mechanisms used to protect business and financial transactions online. Notably, protocols using Transport Layer Security (TLS) rely on certificates issued by CAs to identify and authenticate servers and clients in web transactions. Governments around the world rely on CAs to identify parties involved in transactions with them. This Protection Profile (PP) describing security requirements for a Certification Authority is intended to provide a minimal, baseline set of requirements that are targeted at mitigating well defined and described threats. These requirements support CA operations performed in accordance with the National Institute of Standards and Technologies (NIST) Interagency or Internal Report (IR) 7924 (Draft), Reference Certificate Policy, referred to as the “NIST IR.” This PP represents an evolution of “traditional” Protection Profiles and the associated evaluation of the requirements contained within the document. This U.S. Government Approved Protection Profile is not assigned to any Validated ProductsActive Related Technical Decisions
Archived Related Technical Decisions
Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT). Please forward any general questions to our Q&A tool. |