| Trustmark Definition Name | Version |
|---|---|
|
Addresses requirements for an organization to resolve name disputes regarding organization-issued PKI certificates.
|
1.0 |
|
Addresses the requirement for organizations to ensure that their PKI certificate policy meets its legal and policy requirements.
|
1.0 |
|
Addresses the requirement for Public keys that are bound into certificates to be certified for use in signing or encrypting, but not both.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's process to register to receive a public key certificate requires authorization by a supervisor or a responsible official.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's process to register to receive a public key certificate ensure the certificate is issued to the intended party.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's procedures to register users to receive a public key certificates requires a secure process that verifies the identity of the certificate holder.
|
1.0 |
|
Addresses the requirement for organization PKI certificate authorities that support renewal to accept certificate renewal requests from certificate subjects.
|
1.0 |
|
Addresses the requirement for organization PKI certificate authorities that support renewal to accept certificate renewal requests from PKI sponsors.
|
1.0 |
|
Addresses the requirement for organization PKI certificate authorities that support renewal to accept certificate renewal requests from registration authorities (RAs).
|
1.0 |
|
Addresses requirements for certificate requests in the name of an Affiliated organization to include documentation of the organization's existence.
|
1.0 |
|
Addresses requirements for certificate requests in the name of an Affiliated organization to include the organization's address.
|
1.0 |
|
Addresses requirements for certificate requests in the name of an Affiliated organization to include the organization's name.
|
1.0 |
|
Addresses the requirement for organization PKI certificate authorities (CAs) operated in an offline manner to publish updated certificate revocation lists (CRLs) at no greater than a documented time interval.
|
1.0 |
|
Addresses the requirement for organization PKI certificate authorities (CAs) operated in an online manner to publish updated certificate revocation lists (CRLs) at no greater than a documented time interval.
|
1.0 |
|
Addresses the requirement for organization PKI certificate authorities (CAs) to revoke certificates within a documented processing time upon receipt of a proper revocation request.
|
1.0 |
|
Addresses the requirement for organization PKI certificate authorities (CAs) that issue certificates in association with Affiliated Organizations to accept revocation requests from the Affiliated Organization named in the certificate.
|
1.0 |
|
Addresses the requirement for organization PKI certificate authorities (CAs) that implement certificate revocation to accept revocation requests from subscribers.
|
1.0 |
|
Addresses the requirement that revocation requests must be authenticated.
|
1.0 |
|
Addresses exceptions for dual use of PKI certificate keys.
|
1.0 |
|
Addresses the requirements for limiting the validity period of PKI Certificate Status Server certificates that provide revocation status.
|
1.0 |
|
Addresses the requirement for organization PKI Certificate Status Servers (CSS) to sign responses using designated algorithms.
|
1.0 |
|
Addresses the requirement for the subject and issuer fields of PKI certificates to be populated with an X.500 Distinguished Name.
|
1.0 |
|
Addresses the requirement for subscriber key generation to be performed using a validated hardware cryptographic module.
|
1.0 |
|
Addresses the requirement for subscriber key generation to be performed using a validated software cryptographic module.
|
1.0 |
|
Addresses requirements for PKI certificate subscribers to protect their private keys from access by other parties.
|
1.0 |
