A named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements. For example, a particular CP might indicate applicability of a type of certificate to the authentication of parties engaging in business-to-business transactions for the trading of goods or services within a given price range.
Sources:
CNSSI 4009-2015
under certificate policy (CP)
from
CNSSI 1300
A specialized form of administrative policy tuned to electronic transactions performed during certificate management. A certificate policy addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery, and administration of digital certificates. Indirectly, a certificate policy can also govern the transactions conducted using a communications system protected by a certificate-based security system. By controlling critical certificate extensions, such policies and associated enforcement technology can support provision of the security services required by particular applications.
Sources:
CNSSI 4009-2015
under certificate policy (CP)
A named set of rules that indicate the applicability of a certificate to a particular community and/or class of applications with common security requirements.
Sources:
NIST SP 800-57 Part 2 Rev.1
under Certificate Policy