Publications
Further development of this draft has ceased (March 24, 2023).
Reference Certificate Policy
Documentation
Topics
Date Published: May 2014
Comments Due:
Email Questions to:
Author(s)
Harold Booth (NIST), Andrew Regenscheid (NIST)
Announcement
NIST announces the public comment release of second draft of NIST Interagency Report (NISTIR) 7924, Reference Certificate Policy. The purpose of this document is to identify a set of security controls and practices to support the secure issuance of certificates. It was written in the form of a Certificate Policy (CP), a standard format for defining the expectations and requirements of the relying party community that will trust the certificates issued by its Certificate Authorities (CAs).
NIST released the first draft of this publication in April 2013 and received extensive public comments. This revised draft incorporates changes requested by commenters, many intended to improve the security controls identified in the document, provide additional flexibility for CAs, and clarify ambiguities in the previous release.
The purpose of this document is to identify a baseline set of security controls and practices to support the secure issuance of certificates. This baseline was developed with publicly-trusted Certificate Authorities (CAs) in mind. These CAs, who issue the certificates used to secure websites using TLS and verify the authenticity of software, play a particularly important role online. This document formatted as a Reference Certificate Policy (CP). We expect different applications and relying party communities will tailor this document based on their specific needs. It was structured and developed so that the CP developer can fill in sections specific to organizational needs and quickly produce a suitable CP. This Reference CP is consistent with the Internet Engineering Task Force (IETF) Public Key Infrastructure X.509 (IETF PKIX) Certificate Policy and Certification Practices Framework.
The purpose of this document is to identify a baseline set of security controls and practices to support the secure issuance of certificates. This baseline was developed with publicly-trusted Certificate Authorities (CAs) in mind. These CAs, who issue the certificates used to secure websites using...
See full abstract
The purpose of this document is to identify a baseline set of security controls and practices to support the secure issuance of certificates. This baseline was developed with publicly-trusted Certificate Authorities (CAs) in mind. These CAs, who issue the certificates used to secure websites using TLS and verify the authenticity of software, play a particularly important role online. This document formatted as a Reference Certificate Policy (CP). We expect different applications and relying party communities will tailor this document based on their specific needs. It was structured and developed so that the CP developer can fill in sections specific to organizational needs and quickly produce a suitable CP. This Reference CP is consistent with the Internet Engineering Task Force (IETF) Public Key Infrastructure X.509 (IETF PKIX) Certificate Policy and Certification Practices Framework.
Hide full abstract
Keywords
certificate policy; public key infrastructure
; ; ; digital certificate; certificate authority
Control Families
Identification and Authentication
