| TD: Signed Declarations Of Identity By PKI Certificate Applicants

Signed Declarations Of Identity By PKI Certificate Applicants, v1.0

Addresses requirements that organizations record signed declarations of identity by PKI certificate applicants.

If an assessment step references organization-defined elements (E.g. <organization-defined personnel or roles>, <organization-defined frequency>, etc.), corresponding citations/excerpts must be provided to confirm that the organization has established and documented these values and that they apply as referenced in the conformance criteria.

Similarly, if a "Selection" among multiple options (e.g. [Selection (one or more): as needed; ]) is specified, evidence must be provided to establish that the option(s) implemented by the organization have been defined and documented.

The assessment step shall not be marked as satisfied without this evidence.

Assessment Step

1 Signed Declarations Of Identity By PKI Certificate Applicants (SignedDeclarationsOfIdentityByPKICertificateApplicants) For each PKI certificate issued, do the organization's CAs and/or RAs record a declaration of identity signed by the applicant performed in the presence of the person performing the identity authentication? Artifact A1 Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step. Parameters Declaration Type^required ENUM : Select the type of declaration individuals must sign for each PKI certificate issued. As set forth at 28 U.S.C. 1746 (declaration under penalty of perjury). As prescribed by local law for a declaration under penalty of perjury. Signature Type^required ENUM : Select the type of signature required for verifying applicants' identities. Handwritten Digital signature using a certificate that is of equal or higher level of assurance as the credential being issued

If conformance criteria reference organization-defined elements (e.g. <organization-defined personnel or roles>, <organization-defined frequency>, etc.), these values must be defined and documented by the organization.

Similarly, if the criteria specify a "Selection" among multiple options (e.g. [Selection (one or more): as needed; ]), the option(s) implemented by the organization must also be defined and documented.

Conformance Criteria (1)

C1 For each certificate issued, the Entity CAs and/or RAs shall record a declaration of identity signed by the applicant using a handwritten signature or appropriate digital signature (see Practice Note) and performed in the presence of the person performing the identity authentication, using the format set forth at 28 U.S.C. 1746 (declaration under penalty of perjury) or comparable procedure under local law. Citation FBCA-CP Section 3.2.3.1

Show Metadata, Sources & Terms

Hide Metadata, Sources & Terms

Metadata

Identifier

https://artifacts.trustmarkinitiative.org/lib/tds/signed-declarations-of-identity-by-pki-certificate-applicants/1.0/

Publication Date

2018-10-29

Issuing Organization

Trustmark Initiative (https://trustmarkinitiative.org/) View Contact

Trustmark Support

help@trustmarkinitiative.org

555-555-5555

No Mailing Address

Keywords

PIV-I, Security, Identity, Federal Bridge

Issuance Criteria

yes(ALL)

Target Stakeholder

Organizations that are interested in implementing or making use of digital information systems in a manner that complies with widely accepted public key infrastructure standards and practices such as the X.509 Certificate Policy For The Federal Bridge Certification Authority (FBCA).

Target Recipient

Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with widely accepted public key infrastructure standards and practices such as the X.509 Certificate Policy For The Federal Bridge Certification Authority (FBCA).

Target Relying Party

Organizations and individuals that require their trusted partners' computer and information systems to comply with widely accepted public key infrastructure standards and practices such as the X.509 Certificate Policy For The Federal Bridge Certification Authority (FBCA).

Target Provider

Organizations that audit or evaluate other organizations for compliance with widely accepted public key infrastructure standards and practices such as the X.509 Certificate Policy For The Federal Bridge Certification Authority (FBCA).

Provider Eligibility Criteria

Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.

Assessor Qualifications

Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.

Trustmark Revocation Criteria

For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.

Extension Description

This Trustmark Definition requires no extension data.

Legal Notice

This artifact is published by the Georgia Tech Research Institute (GTRI) as part of the Trustmark Initiative. This artifact and the information contained herein is provided on an "AS IS" basis, and GTRI disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, GTRI disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Sources (1)

FBCA-CP	X.509 Certificate Policy For The Federal Bridge Certification Authority (FBCA) Version 2.27 December 2, 2013

Also available as XML or JSON