FBCA CP Section 3.2.3.2, Authentication Of Human Subscribers For Role-Based Certificates, v2.27
Profile of base requirements for the Federal Bridge Certificate Authority (FBCA) Certificate Policy (CP), version 2.27, Section 3.2.3.2, Authentication Of Human Subscribers For Role-Based Certificates, for entities operating at all levels of assurance (LOA).
Identifier | https://artifacts.trustmarkinitiative.org/lib/tips/fbca-cp-section-3.2.3.2_-authentication-of-human-subscribers-for-role-based-certificates/2.27/ | ||||
Publication Date | 2021-02-04 | ||||
Issuing Organization |
Trustmark Initiative (https://trustmarkinitiative.org/)
View Contact
|
||||
Keywords | PIV-I, Security, Identity, Federal Bridge | ||||
Legal Notice | This artifact is published by the Georgia Tech Research Institute (GTRI) as part of the Trustmark Initiative. This artifact and the information contained herein is provided on an "AS IS" basis, and GTRI disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, GTRI disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein. |
Loading...
Trust Expression:
TD_RolebasedPKICertificateKeyPairUniqueness and TD_RolesForRolebasedPKICertificatesIdentifyIndividuals and TD_RolebasedPKICertificatesNotShared and TD_RolebasedPKICertificatesIssuedToIndividualSubscribers and TD_RolebasedPKICertificatesProtectedInSameMannerAsIndividualCertificates and TD_SponsorIdentityInformationRecordedBeforeIssuingRolebasedPKICertificate and TD_RolebasedPKICertificateSponsorsHoldPersonalCertificatesAtSameAssuranceLevelOrHigher and TD_ProceduresForIssuingRolebasedPKITokensComplyWithPKICertificatePolicyCP and TD_CertificateAuthorityCAValidatesRolesForPseudonymousPKICertificatesThatIdentifySubjectsByOrganizationalRoles and TD_CertificateAuthorityCAValidatesDelegatedAuthorityForPseudonymousPKICertificatesThatIdentifySubjectsByOrganizationalRoles
References (10)
TD Role-based PKI Certificate Key Pair Uniqueness, v1.0 | |
---|---|
Description | Addresses the requirement for key-pairs in role-based PKI certificates to be unique to each individual certificate. |
ID | TD_RolebasedPKICertificateKeyPairUniqueness |
Provider Reference |
TD Roles For Role-based PKI Certificates Identify Individuals, v1.0 | |
---|---|
Description | Addresses the requirement that roles for which role-based PKI certificates may be issued are limited to those that uniquely identify a specific individual within an organization. |
ID | TD_RolesForRolebasedPKICertificatesIdentifyIndividuals |
Provider Reference |
TD Role-based PKI Certificates Not Shared, v1.0 | |
---|---|
Description | Addresses the requirement for an organization to prohibit the sharing of role-based PKI certificates. |
ID | TD_RolebasedPKICertificatesNotShared |
Provider Reference |
TD Role-based PKI Certificates Issued To Individual Subscribers, v1.0 | |
---|---|
Description | Addresses the requirement for role-based PKI certificates to be issued only to individual subscribers. |
ID | TD_RolebasedPKICertificatesIssuedToIndividualSubscribers |
Provider Reference |
TD Role-based PKI Certificates Protected In Same Manner As Individual Certificates, v1.0 | |
---|---|
Description | Addresses the requirement for role-based PKI certificates to be protected in the same manner as individual certificates. |
ID | TD_RolebasedPKICertificatesProtectedInSameMannerAsIndividualCertificates |
Provider Reference |
TD Sponsor Identity Information Recorded Before Issuing Role-based PKI Certificate, v1.0 | |
---|---|
Description | Addresses the requirement for organization PKI certificate authorities (CAs) to record identity information for a sponsor associated with the role before issuing a role-based certificate. |
ID | TD_SponsorIdentityInformationRecordedBeforeIssuingRolebasedPKICertificate |
Provider Reference |
TD Role-based PKI Certificate Sponsors Hold Personal Certificates At Same Assurance Level Or Higher, v1.0 | |
---|---|
Description | Addresses the requirement for sponsors of role-based PKI certificates to hold an individual certificate issued by the same CA at the same or higher assurance level as the role-based certificates they sponsor. |
ID | TD_RolebasedPKICertificateSponsorsHoldPersonalCertificatesAtSameAssuranceLevelOrHigher |
Provider Reference |
TD Procedures For Issuing Role-based PKI Tokens Comply With PKI Certificate Policy (CP), v1.0 | |
---|---|
Description | Addresses the requirement for procedures for issuing role-based PKI tokens to comply with all other stipulations of the applicable certificate policy (e.g., key generation, private key protection, and Subscriber obligations). |
ID | TD_ProceduresForIssuingRolebasedPKITokensComplyWithPKICertificatePolicyCP |
Provider Reference |
TD Certificate Authority (CA) Validates Roles For Pseudonymous PKI Certificates That Identify Subjects By Organizational Roles, v1.0 | |
---|---|
Description | Addresses the requirement for CAs to validate that individuals hold the roles identified in pseudonymous PKI certificates that identify subjects by their organizational roles. |
ID | TD_CertificateAuthorityCAValidatesRolesForPseudonymousPKICertificatesThatIdentifySubjectsByOrganizationalRoles |
Provider Reference |
TD Certificate Authority (CA) Validates Delegated Authority For Pseudonymous PKI Certificates That Identify Subjects By Organizational Roles, v1.0 | |
---|---|
Description | Addresses the requirement for CAs to validate that individuals hold the roles identified in pseudonymous PKI certificates that identify subjects by their organizational roles. |
ID | TD_CertificateAuthorityCAValidatesDelegatedAuthorityForPseudonymousPKICertificatesThatIdentifySubjectsByOrganizationalRoles |
Provider Reference |
Sources (1)
FBCA-CP | X.509 Certificate Policy For the Federal Bridge Certification Authority (FBCA), Version 2.27. December 2, 2013. |