| Trustmark Definition Name | Version |
|---|---|
|
Addresses the requirement for the validity period of PKI certificates being renewed to meet the key usage period time limits specified within the organization's certificate policy.
|
1.0 |
|
Addresses the requirement for the validity period of PKI certificates being renewed to meet the operational period time limits specified within the organization's certificate policy.
|
1.0 |
|
Addresses the requirement for organization PKI certificate authorities to revoke certificates for the reason of key compromise upon receipt of an authenticated request from an appropriate organization.
|
1.0 |
|
Addresses the requirement for organization PKI certificate authorities to revoke certificates when the binding between the subject and the subject's public key defined within the certificate is no longer considered valid.
|
1.0 |
|
Addresses the requirement for PKI certificates to comply with the Federal Public Key Infrastructure (FPKI) X.509 Certificate and CRL Extensions Profile [FPKI-Prof].
|
1.0 |
|
Addresses the requirement for PKI certificates to comply with the PIV-I CRL extensions profile.
|
1.0 |
|
Addresses the requirement for certificates issued by the Organization CAs to identify the signature algorithm used.
|
1.0 |
|
Addresses the requirements for PKI certificates to include extensions asserting the OIDs appropriate to their level of assurance.
|
1.0 |
|
Addresses the requirement for organization PKI certificate authorities to revoke all certificates that express an organizational affiliation when affiliation information is no longer provided.
|
1.0 |
|
Addresses the requirement for organization PKI certificate authorities to revoke any certificates issued to a subscriber affliated with a given entity when the entity no longer authorizes the affiliation.
|
1.0 |
|
Addresses the requirement for organization PKI certificate authorities (CAs) to revoke certificates upon receipt of sufficient evidence of compromise of the subscriber's corresponding private key.
|
1.0 |
|
Addresses the requirement for organization PKI certificate authorities (CAs) that implement certificate revocation to revoke certificates upon receipt of sufficient evidence of loss of the subscriber's corresponding private key.
|
1.0 |
|
Addresses the requirement for certificates to be used for digital signatures (including authentication) shall set the digitalSignature and/or nonRepudiation bits.
|
1.0 |
|
Addresses the requirement for certificates to be used for key or data encryption shall set the keyEncipherment and/or dataEncipherment bits.
|
1.0 |
|
Addresses the requirement for certificates to be used for key agreement shall set the keyAgreement bit.
|
1.0 |
|
Addresses requirements for organizations' PKI Certificate Practices Statements to describe clock synchronization for time-stamping of records.
|
1.0 |
|
Addresses the requirement for an organization's PKI Certificate Authorities (CAs) to support on-line status checking via the Online Certificate Status Protocol (OCSP) [RFC 2560]
|
1.0 |
|
Addresses the requirement for individuals responsible for PKI roles to be aware of changes in the Organization CA operation.
|
1.0 |
|
Addresses the requirement for PKI compliance audit packages to identify the versions of the certificate policy and practices statements used.
|
1.0 |
|
Addresses the requirement for preparation of a PKI compliance audit package for submission to the Federal PKI Policy Authority
|
1.0 |
|
Addresses the requirement for the PKI compliance audit samples to vary on an annual basis.
|
1.0 |
|
Addresses requirement for the use of statistical sampling in PKI compliance audits.
|
1.0 |
|
Addresses the requirement for PKI compliance audis to verify compliance with the organization's PKI certificate policy and MOAs with other PKIs.
|
1.0 |
|
Addresses the requirement for the PKI compliance auditors to document compliance discrepancies.
|
1.0 |
|
Addresses the requirement for the prompt notification of responsible parties whern PKI compliance discrepancies are identified.
|
1.0 |
