Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
DigiCertCertificationPracticesStatementfor
PrivatePKIServices
DigiCert,Inc.Version1.1
June13,2018
2801N.ThanksgivingWaySuite500
Lehi,UT84043USA
Tel:1‐801‐877‐2100Fax:1‐801‐705‐0481
www.digicert.com
ii
TABLEOFCONTENTS
1. INTRODUCTION......................................................................................................................................................................................................1
1.1. OVERVIEW....................................................................................................................................................................................................1 1.2. DOCUMENTNAMEANDIDENTIFICATION....................................................................................................................................1 1.3. PKIPARTICIPANTS...................................................................................................................................................................................1
1.3.1. CertificationAuthorities...................................................................................................................................................................1 1.3.2. RegistrationAuthoritiesandOtherDelegatedThirdParties...........................................................................................1 1.3.3. Subscribers.............................................................................................................................................................................................1 1.3.4. RelyingParties......................................................................................................................................................................................1 1.3.5. OtherParticipants...............................................................................................................................................................................1
1.4. CERTIFICATEUSAGE...............................................................................................................................................................................1 1.4.1. AppropriateCertificateUses..........................................................................................................................................................2 1.4.2. ProhibitedCertificateUses..............................................................................................................................................................2
1.5. POLICYADMINISTRATION....................................................................................................................................................................2 1.5.1. OrganizationAdministeringtheDocument.............................................................................................................................2 1.5.2. ContactPerson......................................................................................................................................................................................2 1.5.3. PersonDeterminingCPSSuitabilityforthePolicy................................................................................................................2 1.5.4. CPSApprovalProcedures................................................................................................................................................................2
1.6. DEFINITIONSANDACRONYMS...........................................................................................................................................................2 1.6.1. Definitions..............................................................................................................................................................................................2 1.6.2. Acronyms................................................................................................................................................................................................3 1.6.3. References..............................................................................................................................................................................................3
2. PUBLICATIONANDREPOSITORYRESPONSIBILITIES...........................................................................................................................4 2.1. REPOSITORIES............................................................................................................................................................................................4 2.2. PUBLICATIONOFCERTIFICATIONINFORMATION...................................................................................................................4 2.3. TIMEORFREQUENCYOFPUBLICATION........................................................................................................................................4 2.4. ACCESSCONTROLSONREPOSITORIES...........................................................................................................................................4
3. IDENTIFICATIONANDAUTHENTICATION.................................................................................................................................................4 3.1. NAMING.........................................................................................................................................................................................................4
3.1.1. TypesofNames....................................................................................................................................................................................4 3.1.2. NeedforNamestobeMeaningful................................................................................................................................................4 3.1.3. AnonymityorPseudonymityofSubscribers...........................................................................................................................4 3.1.4. RulesforInterpretingVariousNameForms...........................................................................................................................4 3.1.5. UniquenessofNames.........................................................................................................................................................................4 3.1.6. Recognition,Authentication,andRoleofTrademarks........................................................................................................5
3.2. INITIALIDENTITYVALIDATION.........................................................................................................................................................5 3.2.1. MethodtoProvePossessionofPrivateKey.............................................................................................................................5 3.2.2. AuthenticationofOrganizationIdentity....................................................................................................................................5 3.2.3. AuthenticationofIndividualIdentity.........................................................................................................................................5 3.2.4. Non‐verifiedSubscriberInformation.........................................................................................................................................5
3.3. IDENTIFICATIONANDAUTHENTICATIONFORRE‐KEYREQUESTS..................................................................................5 3.3.1. IdentificationandAuthenticationforRoutineRe‐key.........................................................................................................5
3.4. IDENTIFICATIONANDAUTHENTICATIONFORREVOCATIONREQUEST........................................................................6 4. CERTIFICATELIFE‐CYCLEOPERATIONALREQUIREMENTS..............................................................................................................6
4.1. CERTIFICATEAPPLICATION................................................................................................................................................................6 4.1.1. WhoCanSubmitaCertificateApplication................................................................................................................................6 4.1.2. EnrollmentProcessandResponsibilities..................................................................................................................................6
4.2. CERTIFICATEAPPLICATIONPROCESSING....................................................................................................................................6 4.2.1. PerformingIdentificationandAuthenticationFunctions..................................................................................................6 4.2.2. ApprovalorRejectionofCertificateApplications.................................................................................................................6 4.2.3. TimetoProcessCertificateApplications...................................................................................................................................6
4.3. CERTIFICATEISSUANCE........................................................................................................................................................................6 4.3.1. CAActionsduringCertificateIssuance......................................................................................................................................6 4.3.2. NotificationtoSubscriberbytheCAofIssuanceofCertificate........................................................................................7
4.4. CERTIFICATEACCEPTANCE.................................................................................................................................................................7
iii
4.4.1. ConductConstitutingCertificateAcceptance..........................................................................................................................7 4.4.2. PublicationoftheCertificatebytheCA.....................................................................................................................................7 4.4.3. NotificationofCertificateIssuancebytheCAtoOtherEntities......................................................................................7
4.5. KEYPAIRANDCERTIFICATEUSAGE................................................................................................................................................7 4.5.1. SubscriberPrivateKeyandCertificateUsage.........................................................................................................................7 4.5.2. RelyingPartyPublicKeyandCertificateUsage......................................................................................................................7
4.6. CERTIFICATERENEWAL........................................................................................................................................................................7 4.6.1. CircumstanceforCertificateRenewal........................................................................................................................................7 4.6.2. WhoMayRequestRenewal.............................................................................................................................................................7 4.6.3. ProcessingCertificateRenewalRequests.................................................................................................................................8 4.6.4. NotificationofNewCertificateIssuancetoSubscriber.......................................................................................................8 4.6.5. ConductConstitutingAcceptanceofaRenewalCertificate...............................................................................................8 4.6.6. PublicationoftheRenewalCertificatebytheCA...................................................................................................................8 4.6.7. NotificationofCertificateIssuancebytheCAtoOtherEntities......................................................................................8
4.7. CERTIFICATERE‐KEY..............................................................................................................................................................................8 4.7.1. CircumstanceforCertificateRekey.............................................................................................................................................8 4.7.2. WhoMayRequestCertificateRekey...........................................................................................................................................8 4.7.3. ProcessingCertificateRekeyRequests......................................................................................................................................8 4.7.4. NotificationofCertificateRekeytoSubscriber.......................................................................................................................8 4.7.5. ConductConstitutingAcceptanceofaRekeyedCertificate...............................................................................................8 4.7.6. PublicationoftheIssuedCertificatebytheCA.......................................................................................................................8 4.7.7. NotificationofCertificateIssuancebytheCAtoOtherEntities......................................................................................8
4.8. CERTIFICATEMODIFICATION.............................................................................................................................................................9 4.8.1. CircumstancesforCertificateModification..............................................................................................................................9 4.8.2. WhoMayRequestCertificateModification..............................................................................................................................9 4.8.3. ProcessingCertificateModificationRequests.........................................................................................................................9 4.8.4. NotificationofCertificateModificationtoSubscriber.........................................................................................................9 4.8.5. ConductConstitutingAcceptanceofaModifiedCertificate..............................................................................................9 4.8.6. PublicationoftheModifiedCertificatebytheCA..................................................................................................................9 4.8.7. NotificationofCertificateModificationbytheCAtoOtherEntities..............................................................................9
4.9. CERTIFICATEREVOCATIONANDSUSPENSION..........................................................................................................................9 4.9.1. CircumstancesforRevocation.......................................................................................................................................................9 4.9.2. WhoCanRequestRevocation.....................................................................................................................................................10 4.9.3. ProcedureforRevocationRequest...........................................................................................................................................10 4.9.4. RevocationRequestGracePeriod.............................................................................................................................................10 4.9.5. TimewithinwhichCAMustProcesstheRevocationRequest......................................................................................11 4.9.6. RevocationCheckingRequirementforRelyingParties...................................................................................................11 4.9.7. CRLIssuanceFrequency................................................................................................................................................................11 4.9.8. MaximumLatencyforCRLs.........................................................................................................................................................11 4.9.9. On‐lineRevocation/StatusCheckingAvailability...............................................................................................................11 4.9.10. On‐lineRevocationCheckingRequirements........................................................................................................................11 4.9.11. OtherFormsofRevocationAdvertisementsAvailable....................................................................................................11 4.9.12. SpecialRequirementsRelatedtoKeyCompromise...........................................................................................................11 4.9.13. CircumstancesforSuspension....................................................................................................................................................11 4.9.14. WhoCanRequestSuspension.....................................................................................................................................................11 4.9.15. ProcedureforSuspensionRequest...........................................................................................................................................11 4.9.16. LimitsonSuspensionPeriod.......................................................................................................................................................11
4.10. CERTIFICATESTATUSSERVICES....................................................................................................................................................11 4.10.1. OperationalCharacteristics.........................................................................................................................................................11 4.10.2. ServiceAvailability..........................................................................................................................................................................11 4.10.3. OptionalFeatures.............................................................................................................................................................................11
4.11. ENDOFSUBSCRIPTION.......................................................................................................................................................................12 4.12. KEYESCROWANDRECOVERY.........................................................................................................................................................12
4.12.1. KeyEscrowandRecoveryPolicyPractices...........................................................................................................................12 4.12.2. SessionKeyEncapsulationandRecoveryPolicyandPractices....................................................................................12
5. FACILITY,MANAGEMENT,ANDOPERATIONALCONTROLS...........................................................................................................12 5.1. PHYSICALCONTROLS...........................................................................................................................................................................12
5.1.1. SiteLocationandConstruction...................................................................................................................................................12 5.1.2. PhysicalAccess..................................................................................................................................................................................12 5.1.3. PowerandAirConditioning........................................................................................................................................................13 5.1.4. WaterExposures..............................................................................................................................................................................13
iv
5.1.5. FirePreventionandProtection..................................................................................................................................................13 5.1.6. MediaStorage....................................................................................................................................................................................13 5.1.7. WasteDisposal..................................................................................................................................................................................13 5.1.8. Off‐siteBackup..................................................................................................................................................................................13
5.2. PROCEDURALCONTROLS...................................................................................................................................................................13 5.2.1. TrustedRoles.....................................................................................................................................................................................13 5.2.2. NumberofPersonsRequiredperTask...................................................................................................................................14 5.2.3. IdentificationandAuthenticationforeachRole.................................................................................................................14 5.2.4. RolesRequiringSeparationofDuties......................................................................................................................................14
5.3. PERSONNELCONTROLS......................................................................................................................................................................14 5.3.1. Qualifications,Experience,andClearanceRequirements...............................................................................................14 5.3.2. BackgroundCheckProcedures...................................................................................................................................................14 5.3.3. TrainingRequirements..................................................................................................................................................................15 5.3.4. RetrainingFrequencyandRequirements..............................................................................................................................15 5.3.5. JobRotationFrequencyandSequence....................................................................................................................................15 5.3.6. SanctionsforUnauthorizedActions.........................................................................................................................................15 5.3.7. IndependentContractorRequirements..................................................................................................................................15 5.3.8. DocumentationSuppliedtoPersonnel....................................................................................................................................15
5.4. AUDITLOGGINGPROCEDURES........................................................................................................................................................16 5.4.1. TypesofEventsRecorded............................................................................................................................................................16 5.4.2. FrequencyofProcessingLog.......................................................................................................................................................17 5.4.3. RetentionPeriodforAuditLog...................................................................................................................................................18 5.4.4. ProtectionofAuditLog..................................................................................................................................................................18 5.4.5. AuditLogBackupProcedures.....................................................................................................................................................18 5.4.6. AuditCollectionSystem(internalvs.external)...................................................................................................................18 5.4.7. NotificationtoEvent‐causingSubject......................................................................................................................................18 5.4.8. VulnerabilityAssessments...........................................................................................................................................................18
5.5. RECORDSARCHIVAL.............................................................................................................................................................................18 5.5.1. TypesofRecordsArchived...........................................................................................................................................................18 5.5.2. RetentionPeriodforArchive.......................................................................................................................................................19 5.5.3. ProtectionofArchive......................................................................................................................................................................19 5.5.4. ArchiveBackupProcedures.........................................................................................................................................................20 5.5.5. RequirementsforTime‐stampingofRecords......................................................................................................................20 5.5.6. ArchiveCollectionSystem(internalorexternal)...............................................................................................................20 5.5.7. ProcedurestoObtainandVerifyArchiveInformation.....................................................................................................20
5.6. KEYCHANGEOVER.................................................................................................................................................................................20 5.7. COMPROMISEANDDISASTERRECOVERY..................................................................................................................................20
5.7.1. IncidentandCompromiseHandlingProcedures................................................................................................................20 5.7.2. ComputingResources,Software,and/orDataAreCorrupted......................................................................................20 5.7.3. EntityPrivateKeyCompromiseProcedures........................................................................................................................20 5.7.4. BusinessContinuityCapabilitiesafteraDisaster...............................................................................................................20
5.8. CAORRATERMINATION....................................................................................................................................................................21 6. TECHNICALSECURITYCONTROLS..............................................................................................................................................................21
6.1. KEYPAIRGENERATIONANDINSTALLATION...........................................................................................................................21 6.1.1. KeyPairGeneration........................................................................................................................................................................21 6.1.2. PrivateKeyDeliverytoSubscriber...........................................................................................................................................21 6.1.3. PublicKeyDeliverytoCertificateIssuer................................................................................................................................21 6.1.4. CAPublicKeyDeliverytoRelyingParties.............................................................................................................................21 6.1.5. KeySizes...............................................................................................................................................................................................22 6.1.6. PublicKeyParametersGenerationandQualityChecking..............................................................................................22 6.1.7. KeyUsagePurposes(asperX.509v3keyusagefield)....................................................................................................22
6.2. PRIVATEKEYPROTECTIONANDCRYPTOGRAPHICMODULEENGINEERINGCONTROLS...................................22 6.2.1. CryptographicModuleStandardsandControls..................................................................................................................22 6.2.2. PrivateKey(noutofm)Multi‐personControl....................................................................................................................22 6.2.3. PrivateKeyEscrow..........................................................................................................................................................................22 6.2.4. PrivateKeyBackup..........................................................................................................................................................................22 6.2.5. PrivateKeyArchival........................................................................................................................................................................22 6.2.6. PrivateKeyTransferintoorfromaCryptographicModule..........................................................................................22 6.2.7. PrivateKeyStorageonCryptographicModule....................................................................................................................22 6.2.8. MethodofActivatingPrivateKeys............................................................................................................................................22 6.2.9. MethodofDeactivatingPrivateKeys.......................................................................................................................................23
v
6.2.10. MethodofDestroyingPrivateKeys..........................................................................................................................................23 6.2.11. CryptographicModuleRating.....................................................................................................................................................23
6.3. OTHERASPECTSOFKEYPAIRMANAGEMENT........................................................................................................................23 6.3.1. PublicKeyArchival..........................................................................................................................................................................23 6.3.2. CertificateOperationalPeriodsandKeyPairUsagePeriods.........................................................................................23
6.4. ACTIVATIONDATA................................................................................................................................................................................23 6.4.1. ActivationDataGenerationandInstallation.........................................................................................................................23 6.4.2. ActivationDataProtection...........................................................................................................................................................23 6.4.3. OtherAspectsofActivationData...............................................................................................................................................23
6.5. COMPUTERSECURITYCONTROLS.................................................................................................................................................23 6.5.1. SpecificComputerSecurityTechnicalRequirements.......................................................................................................23 6.5.2. ComputerSecurityRating.............................................................................................................................................................23
6.6. LIFECYCLETECHNICALCONTROLS..............................................................................................................................................24 6.6.1. SystemDevelopmentControls....................................................................................................................................................24 6.6.2. SecurityManagementControls..................................................................................................................................................24 6.6.3. LifeCycleSecurityControls.........................................................................................................................................................24
6.7. NETWORKSECURITYCONTROLS...................................................................................................................................................24 6.8. TIME‐STAMPING.....................................................................................................................................................................................24
7. CERTIFICATE,CRL,ANDOCSPPROFILES.................................................................................................................................................24 7.1. CERTIFICATEPROFILE........................................................................................................................................................................25
7.1.1. VersionNumber(s)..........................................................................................................................................................................25 7.1.2. CertificateExtensions.....................................................................................................................................................................25 7.1.3. AlgorithmObjectIdentifiers........................................................................................................................................................25 7.1.4. NameForms.......................................................................................................................................................................................25 7.1.5. NameConstraints.............................................................................................................................................................................25 7.1.6. CertificatePolicyObjectIdentifier............................................................................................................................................25 7.1.7. UsageofPolicyConstraintsExtension....................................................................................................................................25 7.1.8. PolicyQualifiersSyntaxandSemantics..................................................................................................................................25 7.1.9. ProcessingSemanticsfortheCriticalCertificatePoliciesExtension..........................................................................25
7.2. CRLPROFILE............................................................................................................................................................................................25 7.2.1. Versionnumber(s)...........................................................................................................................................................................25 7.2.2. CRLandCRLEntryExtensions...................................................................................................................................................25
7.3. OCSPPROFILE..........................................................................................................................................................................................26 7.3.1. VersionNumber(s)..........................................................................................................................................................................26 7.3.2. OCSPExtensions...............................................................................................................................................................................26
8. COMPLIANCEAUDITANDOTHERASSESSMENTS...............................................................................................................................26 8.1. FREQUENCYORCIRCUMSTANCESOFASSESSMENT.............................................................................................................26 8.2. IDENTITY/QUALIFICATIONSOFASSESSOR...............................................................................................................................26 8.3. ASSESSOR'SRELATIONSHIPTOASSESSEDENTITY...............................................................................................................26 8.4. TOPICSCOVEREDBYASSESSMENT...............................................................................................................................................26 8.5. ACTIONSTAKENASARESULTOFDEFICIENCY.......................................................................................................................26 8.6. COMMUNICATIONOFRESULTS.......................................................................................................................................................26 8.7. SELF‐AUDITS............................................................................................................................................................................................26
9. OTHERBUSINESSANDLEGALMATTERS.................................................................................................................................................26 9.1. FEES..............................................................................................................................................................................................................26
9.1.1. CertificateIssuanceorRenewalFees......................................................................................................................................26 9.1.2. CertificateAccessFees...................................................................................................................................................................27 9.1.3. RevocationorStatusInformationAccessFees....................................................................................................................27 9.1.4. FeesforOtherServices..................................................................................................................................................................27 9.1.5. RefundPolicy.....................................................................................................................................................................................27
9.2. FINANCIALRESPONSIBILITY............................................................................................................................................................27 9.2.1. InsuranceCoverage.........................................................................................................................................................................27 9.2.2. OtherAssets........................................................................................................................................................................................27 9.2.3. InsuranceorWarrantyCoverageforEnd‐Entities.............................................................................................................27
9.3. CONFIDENTIALITYOFBUSINESSINFORMATION...................................................................................................................27 9.3.1. ScopeofConfidentialInformation............................................................................................................................................27 9.3.2. InformationNotWithintheScopeofConfidentialInformation...................................................................................27 9.3.3. ResponsibilitytoProtectConfidentialInformation...........................................................................................................28
9.4. PRIVACYOFPERSONALINFORMATION......................................................................................................................................28 9.4.1. PrivacyPlan........................................................................................................................................................................................28 9.4.2. InformationTreatedasPrivate..................................................................................................................................................28
vi
9.4.3. InformationNotDeemedPrivate..............................................................................................................................................28 9.4.4. ResponsibilitytoProtectPrivateInformation.....................................................................................................................28 9.4.5. NoticeandConsenttoUsePrivateInformation..................................................................................................................28 9.4.6. DisclosurePursuanttoJudicialorAdministrativeProcess............................................................................................28 9.4.7. OtherInformationDisclosureCircumstances......................................................................................................................28
9.5. INTELLECTUALPROPERTYRIGHTS..............................................................................................................................................28 9.6. REPRESENTATIONSANDWARRANTIES.....................................................................................................................................28
9.6.1. CARepresentationsandWarranties........................................................................................................................................28 9.6.2. RARepresentationsandWarranties........................................................................................................................................29 9.6.3. SubscriberRepresentationsandWarranties.......................................................................................................................29 9.6.4. RelyingPartyRepresentationsandWarranties..................................................................................................................30 9.6.5. RepresentationsandWarrantiesofOtherParticipants...................................................................................................30
9.7. DISCLAIMERSOFWARRANTIES......................................................................................................................................................30 9.8. LIMITATIONSOFLIABILITY..............................................................................................................................................................31 9.9. INDEMNITIES...........................................................................................................................................................................................31
9.9.1. IndemnificationbyDigiCert.........................................................................................................................................................31 9.9.2. IndemnificationbySubscribers.................................................................................................................................................31 9.9.3. IndemnificationbyRelyingParties...........................................................................................................................................32
9.10. TERMANDTERMINATION.................................................................................................................................................................32 9.10.1. Term.......................................................................................................................................................................................................32 9.10.2. Termination........................................................................................................................................................................................32 9.10.3. EffectofTerminationandSurvival...........................................................................................................................................32
9.11. INDIVIDUALNOTICESANDCOMMUNICATIONSWITHPARTICIPANTS........................................................................32 9.12. AMENDMENTS.........................................................................................................................................................................................32
9.12.1. ProcedureforAmendment...........................................................................................................................................................32 9.12.2. NotificationMechanismandPeriod.........................................................................................................................................32 9.12.3. CircumstancesunderwhichOIDMustBeChanged...........................................................................................................32
9.13. DISPUTERESOLUTIONPROVISIONS.............................................................................................................................................32 9.14. GOVERNINGLAW...................................................................................................................................................................................32 9.15. COMPLIANCEWITHAPPLICABLELAW........................................................................................................................................33 9.16. MISCELLANEOUSPROVISIONS.........................................................................................................................................................33
9.16.1. EntireAgreement.............................................................................................................................................................................33 9.16.2. Assignment..........................................................................................................................................................................................33 9.16.3. Severability.........................................................................................................................................................................................33 9.16.4. Enforcement(attorneys'feesandwaiverofrights)..........................................................................................................33 9.16.5. ForceMajeure....................................................................................................................................................................................33
9.17. OTHERPROVISIONS..............................................................................................................................................................................33
1
1. INTRODUCTION
1.1. OVERVIEWThisdocumentistheDigiCert,Inc.(“DigiCert”)CertificationPracticesStatement(CPS)forPrivatePKIServicesthatoutlinestheprinciplesandpracticesrelatedtoDigiCert’scertificationofnon‐cross‐certifiedandnon‐publiclytrustedX.509digitalcertificates.
ThisCPSisonlyoneofseveraldocumentsthatcontrolDigiCert’scertificationservices.Otherimportantdocumentsincludebothprivateandpublicdocuments,suchasDigiCert’sagreementswithitscustomers,relyingpartyagreements,andDigiCert’sprivacypolicy.DigiCertmayprovideadditionalcertificatepoliciesorcertificationpracticestatements.Thesesupplementalpoliciesandstatementsareavailabletoapplicableusersorrelyingparties.
1.2. DOCUMENTNAMEANDIDENTIFICATIONThisdocumentistheDigiCertCertificationPracticesStatementforPrivatePKIServicesandhasbeenapprovedforpublicationbytheDigiCertPolicyAuthority(DCPA)asofthedateindicatedonthecoverpage.
1.3. PKIPARTICIPANTS1.3.1. CertificationAuthorities
DigiCertisacertificationauthority(CA)thatissuesdigitalcertificates.AsaCA,DigiCertperformsfunctionsassociatedwithbothprivatePKIServicesandpublickeyoperations,includingreceivingcertificaterequests,issuing,revokingandrenewingadigitalcertificate,andmaintaining,issuing,andpublishingCRLsandOCSPresponses.GeneralinformationaboutDigiCert’sproductsandservicesareavailableathttps://www.digicert.com.
1.3.2. RegistrationAuthoritiesandOtherDelegatedThirdPartiesDigiCertmaydelegatetheperformanceofcertainfunctionstoRegistrationAuthorities(RA)andotherthirdpartiestorequestcertificatesand/orperformidentificationandauthenticationforend‐usercertificates.ThespecificroleofanRAordelegatedthirdpartyvariesgreatlybetweenentities,rangingfromsimpletranslationservicestoactualassistanceingatheringandverifyingApplicantinformation.SomeRAsoperateidentitymanagementsystems(IdMs)andmaymanagethecertificatelifecycleforend‐users.SpecificrolesofeachRAunderaprivatePKIdependhighlyonthecontractwiththeprivatePKIparty.
1.3.3. SubscribersSubscribersuseDigiCert’sservicesandPKItosupporttransactionsandcommunications.Subscribersarenotalwaysthepartyidentifiedinacertificate,suchaswhencertificatesareissuedtoanorganization’semployees.TheSubjectofacertificateisthepartynamedinthecertificate.ASubscriber,asusedherein,referstoboththeSubjectofthecertificateandtheentitythatcontractedwithDigiCertforthecertificate’sissuance.
1.3.4. RelyingPartiesRelyingpartiesareentitiesthatactinrelianceonacertificateand/ordigitalsignatureissuedbyDigiCert.RelyingpartiesaredefinedbythecommunitysupportedbytheprivatePKIinfrastructureandbycontractwithDigiCert.
1.3.5. OtherParticipantsNostipulation.
1.4. CERTIFICATEUSAGEAdigitalcertificate(orcertificate)isformatteddatathatcryptographicallybindsanidentifiedsubscriberwithaPublicKey.Adigitalcertificateallowsanentitytakingpartinanelectronictransactiontoproveitsidentitytootherparticipantsinsuchtransaction.
2
1.4.1. AppropriateCertificateUsesCertificatesissuedpursuanttothisCPSmaybeusedforalllegalauthentication,encryption,accesscontrol,anddigitalsignaturepurposes,asdesignatedbythekeyusageandextendedkeyusagefieldsfoundwithinthecertificate.However,thesensitivityoftheinformationprocessedorprotectedbyacertificatevariesgreatly,andeachrelyingpartymustevaluatetheapplicationenvironmentandassociatedrisksbeforedecidingonwhethertouseacertificateissuedunderthisCPS.TheexactuseofeachCertificateislefttothediscretionofthecommunityforwhichthePKIisoperated.
1.4.2. ProhibitedCertificateUsesCertificatesdonotguaranteethattheSubjectistrustworthy,honest,reputableinitsbusinessdealings,compliantwithanylaws,orsafetodobusinesswith.Acertificateonlyestablishesthattheinformationinthecertificatewasverifiedasreasonablycorrectwhenthecertificateissued.
1.5. POLICYADMINISTRATION
1.5.1. OrganizationAdministeringtheDocumentThisCPSandthedocumentsreferencedhereinaremaintainedbytheDCPA,whichcanbecontactedat:
DigiCertPolicyAuthoritySuite5002801N.ThanksgivingWayLehi,UT84043USATel:1‐801‐701‐9600Fax:1‐801‐705‐0481
1.5.2. ContactPersonAttn:LegalCounselDigiCertPolicyAuthoritySuite5002801N.ThanksgivingWayLehi,UT84043USA
1.5.3. PersonDeterminingCPSSuitabilityforthePolicyTheDCPAdeterminesthesuitabilityandapplicabilityofthisCPSbasedonthecontractwiththecustomerforwhichthePKIisoperatedandanyrelevantaudits.TheDCPAisresponsibleforthePKI’scompliancewiththisCPS.
1.5.4. CPSApprovalProceduresTheDCPAapprovestheCPSandanyamendments.AmendmentsaremadeaftertheDCPAhasreviewedtheamendments’consistencywithrelevantcontracts.TheDCPAdetermineswhetheranamendmenttothisCPSisconsistentwithacontract,requiresnotice,orrequiresanOIDchange.
1.6. DEFINITIONSANDACRONYMS1.6.1. Definitions
“Applicant”meansanentityapplyingforacertificate.
“KeyPair”meansaPrivateKeyandassociatedPublicKey.
“OCSPResponder”meansanonlinesoftwareapplicationoperatedundertheauthorityofDigiCertandconnectedtoitsrepositoryforprocessingcertificatestatusrequests.
“PrivateKey”meansthekeyofakeypairthatiskeptsecretbytheholderofthekeypair,andthatisusedtocreatedigitalsignaturesand/ortodecryptelectronicrecordsorfilesthatwereencryptedwiththecorrespondingPublicKey.
3
“PublicKey”meansthekeyofakeypairthatmaybepubliclydisclosedbytheholderofthecorrespondingPrivateKeyandthatisusedbyaRelyingPartytoverifydigitalsignaturescreatedwiththeholder'scorrespondingPrivateKeyand/ortoencryptmessagessothattheycanbedecryptedonlywiththeholder'scorrespondingPrivateKey.
“RelyingParty”meansanentitythatreliesuponeithertheinformationcontainedwithinacertificateoratime‐stamptoken.
“Subscriber”meanseithertheentityidentifiedasthesubjectinthecertificateortheentitythatisreceivingDigiCert’stime‐stampingservices.
1.6.2. AcronymsCA CertificateAuthorityorCertificationAuthority
CPS CertificationPracticeStatement
CRL CertificateRevocationList
CSR CertificateSigningRequest
DCPA DigiCertPolicyAuthority
FIPS (USGovernment)FederalInformationProcessingStandard
HSM HardwareSecurityModule
IdM IdentityManagementSystem
ITU InternationalTelecommunicationUnion
ITU‐T ITUTelecommunicationStandardizationSector
OCSP OnlineCertificateStatusProtocol
OID ObjectIdentifier
PKI PublicKeyInfrastructure
PKCS PublicKeyCryptographyStandard
RA RegistrationAuthority
SHA SecureHashingAlgorithm
SSL SecureSocketsLayer
TLS TransportLayerSecurity
URL UniformResourceLocator
X.509 TheITU‐TstandardforCertificatesandtheircorrespondingauthenticationframework
1.6.3. ReferencesNostipulation.
4
2. PUBLICATIONANDREPOSITORYRESPONSIBILITIES
2.1. REPOSITORIESCRLsandOCSPresponsesareavailablethroughonlineresources24hoursaday,7daysaweekwithsystemsdescribedinSection5tominimizedowntime.
2.2. PUBLICATIONOFCERTIFICATIONINFORMATIONTheDigiCertcertificateservicesandtherepositoryareaccessiblethroughseveralmeansofcommunication:
1.OnthewebviaURIsincludedinthecertificatesthemselves
3.Bymailaddressedto:DigiCert,Inc.,Suite500,2801N.ThanksgivingWay,Lehi,Utah84043
4.BytelephoneTel:1‐801‐877‐2100
5.Byfax:1‐801‐705‐0481
2.3. TIMEORFREQUENCYOFPUBLICATIONCRLsforend‐usercertificatesareissuedatleastonceperday.CRLsforCAcertificatesareissuedinaccordancewiththeapplicablecustomeragreement.Typically,thisisevery6monthsandalsowithin18hoursifaCAcertificateisrevoked.Underspecialcircumstances,DigiCertmaypublishnewCRLspriortothescheduledissuanceofthenextCRL.NewormodifiedversionsofthisCPS,SubscriberAgreements,orRelyingPartyWarrantiesaretypicallypublishedwithinsevendaysaftertheirapproval.
2.4. ACCESSCONTROLSONREPOSITORIESRead‐onlyaccesstotherepositoryisunrestricted.Logicalandphysicalcontrolspreventunauthorizedwriteaccesstorepositories.
3. IDENTIFICATIONANDAUTHENTICATION
3.1. NAMING3.1.1. TypesofNames
CertificatesareissuedwithasubjectDistinguishedName(DN)thatcomplieswithITUX.500standards.SomeCertificatesmayhaveanullsubjectDNifitincludesatleastonealternativenameformthatismarkedcritical.
3.1.2. NeedforNamestobeMeaningfulDigiCertusesdistinguishednamestoidentifythesubject(i.e.person,organization,device,orobject)orissuerofthecertificate.
3.1.3. AnonymityorPseudonymityofSubscribersDigiCertmayissueanonymousandpseudonymousend‐entitycertificatesprovidedthattheyarenotprohibitedbypolicyandanyapplicablenamespaceuniquenessrequirementsaremet.
3.1.4. RulesforInterpretingVariousNameFormsDistinguishedNamesincertificatesareinterpretedusingX.500standardsandASN.1syntax.SeeRFC2253andRFC2616forfurtherinformationonhowX.500distinguishednamesincertificatesareinterpretedasUniformResourceIdentifiersandHTTPreferences.
3.1.5. UniquenessofNamesTheuniquenessofeachsubjectnameinacertificatedependsonthecontractwiththecustomer.Typically,uniquenessismaintainedthroughthedomainnameinthecertificate,emailaddressinthecertificate,ora
5
combinationofthecertificate’ssubjectinformation.
3.1.6. Recognition,Authentication,andRoleofTrademarksSubscribersmaynotrequestcertificateswithcontentthatinfringesontheintellectualpropertyrightsofanotherentity.Unlessotherwisespecificallystatedinanagreementwithacustomer,DigiCertdoesnotverifyanApplicant’srighttouseatrademarkanddoesnotresolvetrademarkdisputes.DigiCertmayrejectanyapplicationorrequirerevocationofanycertificatethatispartofatrademarkdispute.
3.2. INITIALIDENTITYVALIDATIONDigiCertmayuseanylegalmeansofcommunicationorinvestigationtoascertaintheidentityofanorganizationalorindividualApplicant.DigiCertmayrefusetoissueaCertificateinitssolediscretion.
3.2.1. MethodtoProvePossessionofPrivateKeyDigiCertestablishesthattheApplicantholdsorcontrolsthePrivateKeycorrespondingtothePublicKeybyperformingsignatureverificationordecryptionondatapurportedtohavebeendigitallysignedorencryptedwiththePrivateKeybyusingthePublicKeyassociatedwiththecertificaterequest.
3.2.2. AuthenticationofOrganizationIdentityAssetforthintheapplicablecustomeragreement.Verificationdependsonthecommunityorderingthecertificate.
3.2.3. AuthenticationofIndividualIdentityVerificationofindividualidentitiesdependsontherequirementsofthecommunityorderingthecertificates.Verificationmayincludeconfirmationofanemailaddress,throughrecordchecksoftheindividual’sidentity,orothersimilarmeans.
3.2.3.1. AuthenticationforRole‐basedClientCertificatesDigiCertmayissuecertificatesthatidentifyaspecificrolethattheSubscriberholdsinsteadofaspecificindividual(e.g.,ChiefInformationOfficerisauniqueindividualwhereasProgramAnalystisnot).Theserole‐basedcertificatesareusedwhennon‐repudiationisdesired.Asponsoroftherole‐basedCertificatesisverifiedinaccordancewithSection3.2.3above.
3.2.3.2. AuthenticationforGroupClientCertificatesDigiCertissuesgroupcertificates(acertificatethatcorrespondstoaPrivateKeythatissharedbymultipleSubscribers)ifseveralentitiesareactinginonecapacityandifnon‐repudiationisnotrequired.AsponsorforthegroupCertificateisverifiedunderSection3.2.3beforetheCertificateisissued.ThesponsormustmaintainandcontinuouslyupdatealistofSubscriberswithaccesstotheprivatekeyandaccountforthetimeperiodduringwhicheachSubscriberhadcontrolofthekey.
3.2.3.3. AuthenticationofDevicesNostipulation.
3.2.4. Non‐verifiedSubscriberInformationPrivateclientcertificatesmaycontainnon‐verifiedsubscriberinformation.
3.3. IDENTIFICATIONANDAUTHENTICATIONFORRE‐KEYREQUESTS
3.3.1. IdentificationandAuthenticationforRoutineRe‐keySubscribersmayrequestre‐keyofacertificatepriortoacertificate’sexpiration.Afterreceivingarequestforre‐key,DigiCertcreatesanewcertificatewiththesamecertificatecontentsexceptforanewPublicKeyand,optionally,anextendedvalidityperiod.Ifthecertificatehasanextendedvalidityperiod,DigiCertmayperformsomerevalidationoftheApplicantbutmayalsorelyoninformationpreviouslyprovidedorobtained.
6
3.4. IDENTIFICATIONANDAUTHENTICATIONFORREVOCATIONREQUESTDigiCertoranRAauthenticatesallrevocationrequests.DigiCertmayauthenticaterevocationrequestsbyreferencingtheuseofthePrivateKeycorrespondingtotheCertificate’sPublicKey,regardlessofwhethertheassociatedPrivateKeyiscompromised.
4. CERTIFICATELIFE‐CYCLEOPERATIONALREQUIREMENTS
4.1. CERTIFICATEAPPLICATION4.1.1. WhoCanSubmitaCertificateApplication
EithertheApplicantoranindividualauthorizedtorequestcertificatesonbehalfoftheApplicantmaysubmitcertificaterequests.ApplicantsareresponsibleforanydatathattheApplicantoranagentoftheApplicantsuppliestoDigiCert.
4.1.2. EnrollmentProcessandResponsibilitiesInnoparticularorder,theenrollmentprocessmayinclude:
Submittingacertificateapplication,
Generatingakeypair,
DeliveringthepublickeyofthekeypairtoDigiCert,
AgreeingtotheapplicableSubscriberAgreement,and
Payinganyapplicablefees.
4.2. CERTIFICATEAPPLICATIONPROCESSING4.2.1. PerformingIdentificationandAuthenticationFunctions
Afterreceivingacertificateapplication,DigiCertoranRAverifiestheapplicationinformationandotherinformationinaccordancewithSection3.2.IfanRAassistsintheverification,theRAmustcreateandmaintainrecordssufficienttoestablishthatithasperformeditsrequiredverificationtasksandcommunicatethecompletionofsuchperformancetoDigiCert.Afterverificationiscomplete,DigiCertevaluatesthecorpusofinformationanddecideswhetherornottoissuethecertificate.DigiCertconsidersasource’savailability,purpose,andreputationwhendeterminingwhetherathirdpartysourceisreasonablyreliable.
4.2.2. ApprovalorRejectionofCertificateApplicationsDigiCertmayrejectacertificateapplicationifDigiCertbelievesthatissuingthecertificatecoulddamageordiminishDigiCert’sreputationorbusiness.
4.2.3. TimetoProcessCertificateApplicationsAsspecifiedintherelevantcustomeragreement.Ifthetimeframeisnotspecified,DigiCertwillusuallycompletethevalidationprocessandissueorrejectacertificateapplicationwithintwoworkingdaysafterreceivingallofthenecessarydetailsanddocumentationfromtheApplicant,althougheventsoutsideofthecontrolofDigiCertcandelaytheissuanceprocess.
4.3. CERTIFICATEISSUANCE4.3.1. CAActionsduringCertificateIssuance
IssuanceiscompletedusingtheappropriateCAcertificate.Afterissuanceiscomplete,thecertificateisstoredinadatabaseandsenttotheSubscriber.
7
4.3.2. NotificationtoSubscriberbytheCAofIssuanceofCertificateDigiCertmaydelivercertificatesinanysecuremannerwithinareasonabletimeafterissuance.Generally,DigiCertdeliverscertificatesbyprovidingtheSubscriberahypertextlinktoauserid/password‐protectedlocationwherethesubscribermayloginanddownloadthecertificateorviaemailtotheemailaddressdesignatedbytheSubscriberduringtheapplicationprocess.
4.4. CERTIFICATEACCEPTANCE4.4.1. ConductConstitutingCertificateAcceptance
SubscribersaresolelyresponsibleforinstallingtheissuedcertificateontheSubscriber’scomputerorhardwaresecuritymodule.Certificatesareconsideredaccepted30daysafterthecertificate’sissuance,orearlieruponuseofthecertificatewhenevidenceexiststhattheSubscriberusedthecertificate.
4.4.2. PublicationoftheCertificatebytheCADigiCertpublishesend‐entitycertificatesbydeliveringthemtotheSubscriber.
4.4.3. NotificationofCertificateIssuancebytheCAtoOtherEntitiesRAsmayreceivenotificationofacertificate’sissuanceiftheRAwasinvolvedintheissuanceprocess.
4.5. KEYPAIRANDCERTIFICATEUSAGE4.5.1. SubscriberPrivateKeyandCertificateUsage
SubscribersareobligatedtoprotecttheirPrivateKeysfromunauthorizeduseordisclosure,discontinueusingaPrivateKeyafterexpirationorrevocationoftheassociatedcertificate,anduseCertificatesinaccordancewiththeirintendedpurpose.
4.5.2. RelyingPartyPublicKeyandCertificateUsageDigiCertdoesnotwarrantthatanythirdpartysoftwarewillsupportorenforcethecontrolsandrequirementsfoundherein.ARelyingPartyshouldusediscretionwhenrelyingonacertificateandshouldconsiderthetotalityofthecircumstancesandriskoflosspriortorelyingonacertificate.Ifthecircumstancesindicatethatadditionalassurancesarerequired,theRelyingPartymustobtainsuchassurancesbeforeusingthecertificate.
4.6. CERTIFICATERENEWAL4.6.1. CircumstanceforCertificateRenewal
DigiCertmayrenewacertificateif:
theassociatedpublickeyhasnotreachedtheendofitsvalidityperiod,
theSubscriberandattributesareconsistent,and
theassociatedprivatekeyremainsuncompromised.
DigiCertmayalsorenewacertificateifaCAcertificateisre‐keyedorasotherwisenecessarytoprovideservicestoacustomer.DigiCertmaynotifySubscriberspriortoacertificate’sexpirationdate.Certificaterenewalrequirespaymentofadditionalfees.
4.6.2. WhoMayRequestRenewalOnlythecertificatesubjectoranauthorizedrepresentativeofthecertificatesubjectmayrequestrenewaloftheSubscriber’scertificates.DigiCertmayrenewacertificatewithoutacorrespondingrequestifthesigningcertificateisre‐keyed.
8
4.6.3. ProcessingCertificateRenewalRequestsRenewalapplicationrequirementsandproceduresaregenerallythesameasthoseusedduringthecertificate’soriginalissuance.DigiCertmayrefusetorenewacertificateifitcannotverifyanyrecheckedinformation.Ifanindividualisrenewingaclientcertificateandtherelevantinformationhasnotchanged,thenDigiCertdoesnotrequireanyadditionalidentityvetting.IfthePrivateKeyanddomaininformationhasnotchanged,theSubscribermayrenewanSSL/TLSservercertificateusingapreviouslyissuedcertificateorprovidedCSR.
4.6.4. NotificationofNewCertificateIssuancetoSubscriberDigiCertmaydeliverthecertificateinanysecurefashion,typicallybyemailorbyprovidingtheSubscriberahypertextlinktoauserid/password‐protectedlocationwherethesubscribermayloginanddownloadthecertificate.
4.6.5. ConductConstitutingAcceptanceofaRenewalCertificateRenewedcertificatesareconsideredaccepted30daysafterthecertificate’srenewal,orearlieruponuseofthecertificatewhenevidenceexiststhattheSubscriberusedthecertificate.
4.6.6. PublicationoftheRenewalCertificatebytheCADigiCertpublishesarenewedcertificatebydeliveringittotheSubscriber.
4.6.7. NotificationofCertificateIssuancebytheCAtoOtherEntitiesRAsmayreceivenotificationofacertificate’srenewaliftheRAwasinvolvedintheissuanceprocess.
4.7. CERTIFICATERE‐KEY4.7.1. CircumstanceforCertificateRekey
Re‐keyingacertificateconsistsofcreatinganewcertificatewithanewpublickeyandserialnumberwhilekeepingthesubjectinformationthesame.Thenewcertificatemayhaveadifferentvaliditydate,keyidentifiers,CRLandOCSPdistributionpoints,andsigningkey.
4.7.2. WhoMayRequestCertificateRekeyDigiCertwillonlyacceptre‐keyrequestsfromthesubjectofthecertificateorthePKIsponsor.DigiCertmayinitiateacertificatere‐keyattherequestofthecertificatesubjectorinDigiCert’sowndiscretion.
4.7.3. ProcessingCertificateRekeyRequestsDigiCertmayre‐useexistingverificationinformationunlessre‐verificationandauthenticationisrequiredbycontractorifDigiCertbelievesthattheinformationhasbecomeinaccurate.
4.7.4. NotificationofCertificateRekeytoSubscriberDigiCertnotifiestheSubscriberwithinareasonabletimeafterthecertificateissues.
4.7.5. ConductConstitutingAcceptanceofaRekeyedCertificateIssuedcertificatesareconsideredaccepted30daysafterthecertificateisrekeyed,orearlieruponuseofthecertificatewhenevidenceexiststhattheSubscriberusedthecertificate.
4.7.6. PublicationoftheIssuedCertificatebytheCADigiCertpublishesrekeyedcertificatesbydeliveringthemtoSubscribers.
4.7.7. NotificationofCertificateIssuancebytheCAtoOtherEntitiesRAsmayreceivenotificationofacertificate’srekeyiftheRAwasinvolvedintheissuanceprocess.
9
4.8. CERTIFICATEMODIFICATION4.8.1. CircumstancesforCertificateModification
Modifyingacertificatemeanscreatinganewcertificateforthesamesubjectwithinformationthatdiffersslightlyfromtheoldcertificate(e.g.,changestoemailaddressornon‐essentialpartsofnamesorattributes)providedthatthemodificationotherwisecomplieswiththisCPS.Thenewcertificatemayhavethesameoradifferentsubjectpublickey.
4.8.2. WhoMayRequestCertificateModificationDigiCertmodifiescertificatesattherequestofcertaincertificatesubjectsorinitsowndiscretion.DigiCertdoesnotmakecertificatemodificationservicesavailabletoallSubscribers.
4.8.3. ProcessingCertificateModificationRequestsAfterreceivingarequestformodification,DigiCertverifiesanychangedinformationinaccordancewithsection3.2.
4.8.4. NotificationofCertificateModificationtoSubscriberDigiCertnotifiestheSubscriberwithinareasonabletimeafterthecertificateissues.
4.8.5. ConductConstitutingAcceptanceofaModifiedCertificateModifiedcertificatesareconsideredaccepted30daysafterthecertificateismodified,orearlieruponuseofthecertificatewhenevidenceexiststhattheSubscriberusedthecertificate.
4.8.6. PublicationoftheModifiedCertificatebytheCADigiCertpublishesmodifiedcertificatesbydeliveringthemtoSubscribers.
4.8.7. NotificationofCertificateModificationbytheCAtoOtherEntitiesRAsmayreceivenotificationofacertificate’smodificationiftheRAwasinvolvedintheissuanceprocess.
4.9. CERTIFICATEREVOCATIONANDSUSPENSION4.9.1. CircumstancesforRevocation
Revocationofacertificatepermanentlyendstheoperationalperiodofthecertificatepriortothecertificatereachingtheendofitsstatedvalidityperiod.Priortorevokingacertificate,DigiCertverifiestheidentityandauthorityoftheentityrequestingrevocation.DigiCertmayrevokeanycertificateinitssolediscretion,includingifDigiCertbelievesthat:
1. TheSubscriberrequestedrevocationofitscertificate;
2. TheSubscriberdidnotauthorizetheoriginalcertificaterequestanddidnotretroactivelygrantauthorization;
3. EitherthePrivateKeyassociatedwiththecertificateorthePrivateKeyusedtosignthecertificatewascompromisedormisused;
4. TheSubscriberbreachedamaterialobligationundertheCPSortherelevantagreement;
5. EithertheSubscriber’sorDigiCert’sobligationsundertheCPSaredelayedorpreventedbycircumstancesbeyondtheparty’sreasonablecontrol,includingcomputerorcommunicationfailure,and,asaresult,anotherentity’sinformationismateriallythreatenedorcompromised;
6. TheSubscriber,sponsor,orotherentitythatwasissuedthecertificatehaslostitsrightstoaname,trademark,device,IPaddress,domainname,orotherattributethatwasassociatedwiththecertificate;
7. ThecertificatewasnotissuedinaccordancewiththeCPSorapplicableindustrystandards;
10
8. DigiCertreceivedalawfulandbindingorderfromagovernmentorregulatorybodytorevokethecertificate;
9. DigiCertceasedoperationsanddidnotarrangeforanothercertificateauthoritytoproviderevocationsupportforthecertificates;
10. DigiCert'srighttomanagecertificatesunderapplicableindustrystandardswasterminated(unlessarrangementshavebeenmadetocontinuerevocationservicesandmaintaintheCRL/OCSPRepository);
11. AnyinformationappearingintheCertificatewasorbecameinaccurateormisleading;
12. ThetechnicalcontentorformatoftheCertificatepresentsanunacceptablerisk;or
13. TheSubscriberwasaddedasadeniedpartyorprohibitedpersontoablacklistorisoperatingfromadestinationprohibitedunderthelawsoftheUnitedStates.
4.9.2. WhoCanRequestRevocationAnyappropriatelyauthorizedparty,suchasarecognizedrepresentativeofasubscriberorcross‐signedpartner,mayrequestrevocationofacertificate.DigiCertmayrevokeacertificatewithoutreceivingarequestandwithoutreason.Thirdpartiesmayrequestcertificaterevocationforproblemsrelatedtofraud,misuse,orcompromise.Certificaterevocationrequestsmustidentifytheentityrequestingrevocationandspecifythereasonforrevocation.
4.9.3. ProcedureforRevocationRequestDigiCertprocessesarevocationrequestasfollows:
1. DigiCertlogstheidentityofentitymakingtherequestorproblemreportandthereasonforrequestingrevocation.DigiCertmayalsoincludeitsownreasonsforrevocationinthelog.
2. DigiCertmayrequestconfirmationoftherevocationfromtheSubscriberoraknownadministrator,whereapplicable,viaout‐of‐bandcommunication(e.g.,telephone,fax,etc.).
3. IftherequestisauthenticatedasoriginatingfromtheSubscriber,DigiCertrevokesthecertificate.
4. Forrequestsfromthirdparties,DigiCertpersonnelbegininvestigatingtherequestanddecidewhetherrevocationisappropriatebasedonthefollowingcriteria:
a. thenatureoftheallegedproblem,
b. thenumberofreportsreceivedaboutaparticularcertificate,
c. theidentityofthecomplainants(forexample,complaintsfromalawenforcementofficialthatawebsiteisengagedinillegalactivitieshavemoreweightthanacomplaintfromaconsumerallegingtheyneverreceivedthegoodstheyordered),and
d. relevantlegislation.
5. IfDigiCertdeterminesthatrevocationisappropriate,DigiCertpersonnelrevokethecertificateandupdatetheCRL.
DigiCertmaintainsacontinuous24/7abilitytointernallyrespondtoanyhighpriorityrevocationrequests.Ifappropriate,DigiCertforwardscomplaintstolawenforcement.
4.9.4. RevocationRequestGracePeriodSubscribersarerequiredtorequestrevocationwithinonedayafterdetectingthelossorcompromiseofthePrivateKey.DigiCertmaygrantandextendrevocationgraceperiodsonacase‐by‐casebasis.
11
4.9.5. TimewithinwhichCAMustProcesstheRevocationRequestDigiCertwillrevokeaCAcertificatewithinonehourafterreceivingclearinstructionsfromtheDCPA.Othercertificatesarerevokedasquicklyaspracticalaftervalidatingtherevocationrequest.
4.9.6. RevocationCheckingRequirementforRelyingPartiesNostipulation.
4.9.7. CRLIssuanceFrequencyCRLsaregenerallypublishedatleastevery24hours.
4.9.8. MaximumLatencyforCRLsCRLsforcertificatesissuedtoendentitysubscribersarepostedautomaticallytotheonlinerepositorywithinacommerciallyreasonabletimeaftergeneration,usuallywithinminutesofgeneration.RegularlyscheduledCRLsarepostedpriortothenextUpdatefieldinthepreviouslyissuedCRLofthesamescope.
4.9.9. On‐lineRevocation/StatusCheckingAvailabilityNostipulation.
4.9.10. On‐lineRevocationCheckingRequirementsNostipulation.
4.9.11. OtherFormsofRevocationAdvertisementsAvailableNostipulation.
4.9.12. SpecialRequirementsRelatedtoKeyCompromiseNostipulation.
4.9.13. CircumstancesforSuspensionNotapplicable.
4.9.14. WhoCanRequestSuspensionNotapplicable.
4.9.15. ProcedureforSuspensionRequestNotapplicable.
4.9.16. LimitsonSuspensionPeriodNotapplicable.
4.10. CERTIFICATESTATUSSERVICES
4.10.1. OperationalCharacteristicsCertificatestatusinformationmaybeavailableviaCRLandOCSPresponder.TheserialnumberofarevokedcertificateremainsontheCRLuntiloneadditionalCRLispublishedaftertheendofthecertificate’svalidityperiod.
4.10.2. ServiceAvailabilityCertificatestatusservicesareavailable24x7withoutinterruption.
4.10.3. OptionalFeaturesOCSPRespondersmaynotbeavailableforallcertificatetypes.
12
4.11. ENDOFSUBSCRIPTIONASubscriber’ssubscriptionserviceendsifitscertificateexpiresorisrevokedoriftheapplicableSubscriberAgreementexpireswithoutrenewal.
4.12. KEYESCROWANDRECOVERY
4.12.1. KeyEscrowandRecoveryPolicyPractices
Nostipulation.
4.12.2. SessionKeyEncapsulationandRecoveryPolicyandPracticesNostipulation.
5. FACILITY,MANAGEMENT,ANDOPERATIONALCONTROLS
5.1. PHYSICALCONTROLS5.1.1. SiteLocationandConstruction
DigiCertperformsitsCAoperationsfromsecureandgeographicallydiversecommercialdatacenters.ThedatacentersareequippedwithlogicalandphysicalcontrolsthatmakeDigiCert’sCAoperationsinaccessibletonon‐trustedpersonnel.DigiCertoperatesunderasecuritypolicydesignedtodetect,deter,andpreventunauthorizedaccesstoDigiCert'soperations.
5.1.2. PhysicalAccessDigiCertprotectsitsequipmentfromunauthorizedaccessandimplementsphysicalcontrolstoreducetheriskofequipmenttampering.ThesecurepartsofDigiCertCAhostingfacilitiesareprotectedusingphysicalaccesscontrolsmakingthemaccessibleonlytoappropriatelyauthorizedindividuals.Accesstosecureareasofthebuildingsrequirestheuseofan"access"or"pass"card.Thebuildingsareequippedwithmotiondetectingsensors,andtheexteriorandinternalpassagewaysofthebuildingsareunderconstantvideosurveillance.DigiCertsecurelystoresallremovablemediaandpapercontainingsensitiveplain‐textinformationrelatedtoitsCAoperationsinsecurecontainersinaccordancewithitsDataClassificationPolicy.
ThedatacenterswhereDigiCert’sCAsystemsoperatehavesecuritypersonnelondutyfulltime(24hoursperday,365daysperyear).AccesstothedatacentershousingtheCAplatformsrequirestwo‐factorauthentication—theindividualmusthaveanauthorizedaccesscardandpassbiometricaccesscontrolauthenticators.Thesebiometricauthenticationaccesssystemslogeachuseoftheaccesscard.
DigiCertdeactivatesandsecurelystoresitsCAequipmentwhennotinuse.Activationdatamusteitherbememorizedorrecordedandstoredinamannercommensuratewiththesecurityaffordedthecryptographicmodule.ActivationdataisneverstoredwiththecryptographicmoduleorremovablehardwareassociatedwithequipmentusedtoadministerDigiCert’sprivatekeys.Cryptographichardwareincludesamechanismtolockthehardwareafteracertainnumberoffailedloginattempts.
TheDigiCertdatacentersarecontinuouslyattended.However,ifDigiCerteverbecomesawarethatadatacenteristobeleftunattendedorhasbeenleftunattendedforanextendedperiodoftime,DigiCertpersonnelwillperformasecuritycheckofthedatacentertoverifythat:
1. DigiCert’sequipmentisinastateappropriatetothecurrentmodeofoperation,
2. Anysecuritycontainersareproperlysecured,
3. Physicalsecuritysystems(e.g.,doorlocks)arefunctioningproperly,and
4. Theareaissecuredagainstunauthorizedaccess.
13
DigiCert’sadministratorsareresponsibleformakingthesechecksandmustsignoffthatallnecessaryphysicalprotectionmechanismsareinplaceandactivated.Theidentityoftheindividualmakingthecheckislogged.
5.1.3. PowerandAirConditioningDatacentershaveprimaryandsecondarypowersuppliesthatensurecontinuousanduninterruptedaccesstoelectricpower.Uninterruptedpowersupplies(UPS)anddieselgeneratorsprovideredundantbackuppower.DigiCertmonitorscapacitydemandsandmakesprojectionsaboutfuturecapacityrequirementstoensurethatadequateprocessingpowerandstorageareavailable.DigiCert’sdatacenterfacilitiesusemultipleload‐balancedHVACsystemsforheating,cooling,andairventilationthroughperforated‐tileraisedflooringtopreventoverheatingandtomaintainasuitablehumiditylevelforsensitivecomputersystems.
5.1.4. WaterExposuresThecabinetshousingDigiCert'sCAsystemsarelocatedonraisedflooring,andthedatacentersareequippedwithmonitoringsystemstodetectexcessmoisture.
5.1.5. FirePreventionandProtectionThedatacentersareequippedwithfiresuppressionmechanisms.
5.1.6. MediaStorageDigiCertprotectsitsmediafromaccidentaldamageandunauthorizedphysicalaccess.Backupfilesarecreatedonaregularbasis.DigiCert’sbackupfilesaremaintainedatlocationsseparatefromDigiCert’sprimarydataoperationsfacility.
5.1.7. WasteDisposalAllunnecessarycopiesofprintedsensitiveinformationareshreddedon‐sitebeforedisposal.
5.1.8. Off‐siteBackupDigiCertmaintainsatleastonefullbackupandmakesregularbackupcopiesofanyinformationnecessarytorecoverfromasystemfailure.BackupcopiesofCAPrivateKeysandactivationdataarestoredfordisasterrecoverypurposesoff‐siteinsafedepositboxesthatareaccessibleonlybytrustedpersonnel.
5.2. PROCEDURALCONTROLS5.2.1. TrustedRoles
PersonnelactingintrustedrolesincludeCAandRAsystemadministrationpersonnel,andpersonnelinvolvedwithidentityvettingandtheissuanceandrevocationofcertificates.ThefunctionsanddutiesperformedbypersonsintrustedrolesaredistributedsothatonepersonalonecannotcircumventsecuritymeasuresorsubvertthesecurityandtrustworthinessofthePKIoperations.AllpersonnelintrustedrolesmustbefreefromconflictsofinterestthatmightprejudicetheimpartialityoftheDigiCertPKI’soperations.Trustedrolesareappointedbyseniormanagement.Alistofpersonnelappointedtotrustedrolesismaintainedandreviewedannually.
5.2.1.1. CAAdministratorsTheCAAdministratorinstallsandconfigurestheCAsoftware,includingkeygeneration,keybackup,andkeymanagement.TheCAAdministratorperformsandsecurelystoresregularsystembackupsoftheCAsystem.AdministratorsdonotissuecertificatestoSubscribers.
5.2.1.2. RegistrationOfficers–ValidationandVettingPersonnelTheRegistrationOfficerroleisresponsibleforissuingandrevokingcertificates,includingenrollment,identityverification,andcompliancewithrequiredissuanceandrevocationstepssuchasmanagingthecertificaterequestqueueandcompletingcertificateapprovalchecklistsasidentityvettingtasksaresuccessfullycompleted.
14
5.2.1.3. SystemAdministrators/SystemEngineers(Operator)TheSystemAdministrator/SystemEngineerinstallsandconfiguressystemhardware,includingservers,routers,firewalls,andnetworkconfigurations.TheSystemAdministrator/SystemEngineeralsokeepsCAandRAsystemsupdatedwithsoftwarepatchesandothermaintenanceneededforsystemstabilityandrecoverability.
5.2.1.4. InternalAuditorsInternalAuditorsareresponsibleforreviewing,maintaining,andarchivingauditlogsandperformingoroverseeinginternalcomplianceauditstodetermineifDigiCertisoperatinginaccordancewiththisCPS.
5.2.2. NumberofPersonsRequiredperTaskDigiCertrequiresthatatleasttwopeopleactinginatrustedrole(onetheCAAdministratorandtheothernotanInternalAuditor)takeactionrequiringatrustedrole,suchasactivatingDigiCert’sPrivateKeys,generatingaCAkeypair,orbackingupaDigiCertprivatekey.TheInternalAuditormayservetofulfilltherequirementofmultipartycontrolforphysicalaccesstotheCAsystembutnotlogicalaccess.
5.2.3. IdentificationandAuthenticationforeachRoleAllpersonnelarerequiredtoauthenticatethemselvestoCAandRAsystemsbeforetheyareallowedaccesstosystemsnecessarytoperformtheirtrustedroles.
5.2.4. RolesRequiringSeparationofDutiesRolesrequiringaseparationofdutiesinclude:
1. Thoseperformingauthorizationfunctionssuchastheverificationofinformationincertificateapplicationsandapprovalsofcertificateapplicationsandrevocationrequests,
2. Thoseperformingbackups,recording,andrecordkeepingfunctions;
3. Thoseperformingaudit,review,oversight,orreconciliationfunctions;and
4. ThoseperformingdutiesrelatedtoCAkeymanagementorCAadministration.
5.3. PERSONNELCONTROLS5.3.1. Qualifications,Experience,andClearanceRequirements
TheDCPAisresponsibleandaccountableforDigiCert’sPKIoperationsandensurescompliancewiththisCPS.DigiCert’spersonnelandmanagementpracticesprovidereasonableassuranceofthetrustworthinessandcompetenceofitsemployeesandofthesatisfactoryperformanceoftheirduties.
5.3.2. BackgroundCheckProceduresDigiCertverifiestheidentityofeachemployeeappointedtoatrustedroleandperformsabackgroundcheckpriortoallowingsuchpersontoactinatrustedrole.DigiCertrequireseachindividualtoappearin‐personbeforeahumanresourcesemployeewhoseresponsibilityitistoverifyidentity.Thehumanresourcesemployeeverifiestheindividual’sidentityusinggovernment‐issuedphotoidentification(e.g.,passportsand/ordriver’slicensesreviewedpursuanttoU.S.CitizenshipandImmigrationServicesFormI‐9,EmploymentEligibilityVerification,orcomparableprocedureforthejurisdictioninwhichtheindividual’sidentityisbeingverified).Backgroundchecksincludeemploymenthistory,education,characterreferences,socialsecuritynumber,previousresidences,drivingrecordsandcriminalbackground.Checksofpreviousresidencesareoverthepastthreeyears.Allotherchecksareforthepreviousfiveyears.Thehighesteducationdegreeobtainedisverifiedregardlessofthedateawarded.Basedupontheinformationobtainedduringthebackgroundcheck,thehumanresourcesdepartmentmakesanadjudicationdecision,withtheassistanceoflegalcounselwhennecessary,astowhethertheindividualissuitableforthepositiontowhichtheywillbeassigned.Backgroundchecksarerefreshedandre‐adjudicationoccursatleasteverytenyears.
15
5.3.3. TrainingRequirementsDigiCertprovidesskillstrainingtoallemployeesinvolvedinDigiCert’sPKIoperations.Thetrainingrelatestotheperson’sjobfunctionsandcovers:
1. basicPublicKeyInfrastructure(PKI)knowledge,
2. softwareversionsusedbyDigiCert,
3. authenticationandverificationpoliciesandprocedures,
4. DigiCertsecurityprincipalsandmechanisms,
5. disasterrecoveryandbusinesscontinuityprocedures,
6. commonthreatstothevalidationprocess,includingphishingandothersocialengineeringtactics,and
7. applicableindustryandgovernmentguidelines.
Trainingisprovidedviaamentoringprocessinvolvingseniormembersoftheteamtowhichtheemployeebelongs.
DigiCertmaintainsrecordsofwhoreceivedtrainingandwhatleveloftrainingwascompleted.RegistrationOfficersmusthavetheminimumskillsnecessarytosatisfactorilyperformvalidationdutiesbeforebeinggrantedvalidationprivileges.Wherecompetenceisdemonstratedinlieuoftraining,DigiCertmaintainssupportingdocumentation.
5.3.4. RetrainingFrequencyandRequirementsEmployeesmustmaintainskilllevelsthatareconsistentwithindustry‐relevanttrainingandperformanceprogramsinordertocontinueactingintrustedroles.DigiCertmakesallemployeesactingintrustedrolesawareofanychangestoDigiCert’soperations.IfDigiCert’soperationschange,DigiCertwillprovidedocumentedtraining,inaccordancewithanexecutedtrainingplan,toallemployeesactingintrustedroles.
5.3.5. JobRotationFrequencyandSequenceNostipulation.
5.3.6. SanctionsforUnauthorizedActionsDigiCertemployeesandagentsfailingtocomplywiththisCPS,whetherthroughnegligenceormaliciousintent,aresubjecttoadministrativeordisciplinaryactions,includingterminationofemploymentoragencyandcriminalsanctions.Ifapersoninatrustedroleiscitedbymanagementforunauthorizedorinappropriateactions,thepersonwillbeimmediatelyremovedfromthetrustedrolependingmanagementreview.Aftermanagementhasreviewedanddiscussedtheincidentwiththeemployeeinvolved,managementmayreassignthatemployeetoanon‐trustedroleordismisstheindividualfromemploymentasappropriate.
5.3.7. IndependentContractorRequirementsIndependentcontractorswhoareassignedtoperformtrustedrolesaresubjecttothedutiesandrequirementsspecifiedforsuchrolesinthisSection5.3andaresubjecttosanctionsstatedaboveinSection5.3.6.
5.3.8. DocumentationSuppliedtoPersonnelPersonnelintrustedrolesareprovidedwiththedocumentationnecessarytoperformtheirduties.Personnelarealsogivenaccesstoinformationoninternalsystemsandsecuritydocumentation,identityvettingpoliciesandprocedures,discipline‐specificbooks,treatisesandperiodicals,andotherinformation.
16
5.4. AUDITLOGGINGPROCEDURES5.4.1. TypesofEventsRecorded
DigiCert’ssystemsrequireidentificationandauthenticationatsystemlogonwithauniqueusernameandpassword.Importantsystemactionsareloggedtoestablishtheaccountabilityoftheoperatorswhoinitiatesuchactions.
DigiCertenablesallessentialeventauditingcapabilitiesofitsCAapplicationsinordertorecordtheeventslistedbelow.IfDigiCert’sapplicationscannotautomaticallyrecordanevent,DigiCertimplementsmanualprocedurestosatisfytherequirements.Foreachevent,DigiCertrecordstherelevant(i)dateandtime,(ii)typeofevent,(iii)successorfailure,and(iv)userorsystemthatcausedtheeventorinitiatedtheaction.EventrecordsareavailabletoauditorsasproofofDigiCert’spractices.
AuditableEventSECURITYAUDITAnychangestotheauditparameters,e.g.,auditfrequency,typeofeventauditedAnyattempttodeleteormodifytheauditlogsAUTHENTICATIONTOSYSTEMSSuccessfulandunsuccessfulattemptstoassumearoleThevalueofmaximumnumberofauthenticationattemptsischangedMaximumnumberofauthenticationattemptsoccurduringuserloginAnadministratorunlocksanaccountthathasbeenlockedasaresultofunsuccessfulauthenticationattemptsAnadministratorchangesthetypeofauthenticator,e.g.,fromapasswordtoabiometricLOCALDATAENTRYAllsecurity‐relevantdatathatisenteredinthesystemREMOTEDATAENTRYAllsecurity‐relevantmessagesthatarereceivedbythesystemDATAEXPORTANDOUTPUTAllsuccessfulandunsuccessfulrequestsforconfidentialandsecurity‐relevantinformationKEYGENERATIONWheneveraCAgeneratesakey(notmandatoryforsinglesessionorone‐timeusesymmetrickeys)PRIVATEKEYLOADANDSTORAGETheloadingofComponentPrivateKeysAllaccesstocertificatesubjectPrivateKeysretainedwithintheCAforkeyrecoverypurposesTRUSTEDPUBLICKEYENTRY,DELETIONANDSTORAGESECRETKEYSTORAGEThemanualentryofsecretkeysusedforauthenticationPRIVATEANDSECRETKEYEXPORTTheexportofprivateandsecretkeys(keysusedforasinglesessionormessageareexcluded)CERTIFICATEREGISTRATIONAllcertificaterequests,includingissuance,re‐key,renewal,andrevocationCertificateissuanceVerificationactivitiesCERTIFICATEREVOCATIONAllcertificaterevocationrequestsCERTIFICATESTATUSCHANGEAPPROVALANDREJECTIONCACONFIGURATIONAnysecurity‐relevantchangestotheconfigurationofaCAsystemcomponentACCOUNTADMINISTRATIONRolesandusersareaddedordeletedTheaccesscontrolprivilegesofauseraccountorarolearemodified
17
CERTIFICATEPROFILEMANAGEMENTAllchangestothecertificateprofileREVOCATIONPROFILEMANAGEMENTAllchangestotherevocationprofileCERTIFICATEREVOCATIONLISTPROFILEMANAGEMENTAllchangestothecertificaterevocationlistprofileGenerationofCRLsandOCSPentriesTIMESTAMPINGClocksynchronizationMISCELLANEOUSAppointmentofanindividualtoaTrustedRoleDesignationofpersonnelformultipartycontrolInstallationofanOperatingSystem,PKIApplication,orHardwareSecurityModuleRemovalorDestructionofHSMsSystemStartupLogonattemptstoPKIApplicationReceiptofhardware/softwareAttemptstosetormodifypasswordsBackuporrestorationoftheinternalCAdatabaseFilemanipulation(e.g.,creation,renaming,moving)PostingofanymaterialtoarepositoryAccesstotheinternalCAdatabaseAllcertificatecompromisenotificationrequestsLoadingHSMswithCertificatesShipmentofHSMsZeroizingHSMsRe‐keyoftheComponentCONFIGURATIONCHANGESHardwareSoftwareOperatingSystemPatchesSecurityProfilesPHYSICALACCESS/SITESECURITYPersonnelaccesstosecureareahousingCAcomponentAccesstoaCAcomponentKnownorsuspectedviolationsofphysicalsecurityFirewallandrouteractivitiesANOMALIESSystemcrashesandhardwarefailuresSoftwareerrorconditionsSoftwarecheckintegrityfailuresReceiptofimpropermessagesandmisroutedmessagesNetworkattacks(suspectedorconfirmed)EquipmentfailureElectricalpoweroutagesUninterruptiblePowerSupply(UPS)failureObviousandsignificantnetworkserviceoraccessfailuresViolationsofaCPSResettingOperatingSystemclock
5.4.2. FrequencyofProcessingLogAtleastonceeverytwomonths,aDigiCertadministratorreviewsthelogsgeneratedbyDigiCert’ssystems,
18
makessystemandfileintegritychecks,andconductsavulnerabilityassessment.Theadministratormayperformthechecksusingautomatedtools.Duringthesechecks,theadministrator(1)checkswhetheranyonehastamperedwiththelog,(2)scansforanomaliesorspecificconditions,includinganyevidenceofmaliciousactivity,and(3)preparesawrittensummaryofthereview.Anyanomaliesorirregularitiesfoundinthelogsareinvestigated.ThesummariesincluderecommendationstoDigiCert’soperationsmanagementcommitteeandaremadeavailabletoDigiCert'sauditorsuponrequest.DigiCertdocumentsanyactionstakenasaresultofareview.
5.4.3. RetentionPeriodforAuditLogDigiCertretainsauditlogson‐siteuntilaftertheyarereviewed.TheindividualswhoremoveauditlogsfromDigiCert’sCAsystemsaredifferentthantheindividualswhocontrolDigiCert’ssignaturekeys.
5.4.4. ProtectionofAuditLogCAauditloginformationisretainedonequipmentuntilafteritiscopiedbyasystemadministrator.DigiCert’sCAsystemsareconfiguredtoensurethat(i)onlyauthorizedpeoplehavereadaccesstologs,(ii)onlyauthorizedpeoplemayarchiveauditlogs,and(iii)auditlogsarenotmodified.Auditlogsareprotectedfromdestructionpriortotheendoftheauditlogretentionperiodandareretainedsecurelyon‐siteuntiltransferredtoabackupsite.DigiCert’soff‐sitestoragelocationisasafeandsecurelocationthatisseparatefromthelocationwherethedatawasgenerated.
5.4.5. AuditLogBackupProceduresDigiCertmakesregularbackupcopiesofauditlogsandauditlogsummariesandsavesacopyoftheauditlogoff‐siteonatleastamonthlybasis.
5.4.6. AuditCollectionSystem(internalvs.external)Automaticauditprocessesbeginonsystemstartupandendatsystemshutdown.Ifanautomatedauditsystemfailsandtheintegrityofthesystemorconfidentialityoftheinformationprotectedbythesystemisatrisk,DigiCert’sAdministratorsandtheDCPAshallbenotifiedandtheDCPAwillconsidersuspendingtheCA’sorRA’soperationsuntiltheproblemisremedied.
5.4.7. NotificationtoEvent‐causingSubjectNostipulation.
5.4.8. VulnerabilityAssessmentsDigiCertperformsannualriskassessmentsthatidentifyandassessreasonablyforeseeableinternalandexternalthreatsthatcouldresultinunauthorizedaccess,disclosure,misuse,alteration,ordestructionofanycertificatedataorcertificateissuanceprocess.DigiCertalsoroutinelyassessesthesufficiencyofthepolicies,procedures,informationsystems,technology,andotherarrangementsthatDigiCerthasinplacetocontrolsuchrisks.DigiCert’sInternalAuditorsreviewthesecurityauditdatachecksforcontinuity.DigiCert’sauditlogmonitoringtoolsalerttheappropriatepersonnelofanyevents,suchasrepeatedfailedactions,requestsforprivilegedinformation,attemptedaccessofsystemfiles,andunauthenticatedresponses.
5.5. RECORDSARCHIVALDigiCertcomplieswithallrecordretentionpoliciesthatapplybylaw.DigiCertincludessufficientdetailinallarchivedrecordstoshowthatacertificatewasissuedinaccordancewiththisCPS.
5.5.1. TypesofRecordsArchivedDigiCertretainsthefollowinginformationinitsarchives(assuchinformationpertainstoDigiCert’sCAoperations):
1. AccreditationsofDigiCert,
2. CPandCPSversions,
3. ContractualobligationsandotheragreementsconcerningtheoperationoftheCA,
19
4. Systemandequipmentconfigurations,modifications,andupdates,
5. Rejectionoracceptanceofacertificaterequest,
6. Certificateissuance,rekey,renewal,andrevocationrequests,
7. SufficientidentityauthenticationdatatosatisfytheidentificationrequirementsofSection3.2,includinginformationabouttelephonecallsmadeforverificationpurposes,
8. Anydocumentationrelatedtothereceiptoracceptanceofacertificateortoken,
9. SubscriberAgreements,
10. Issuedcertificates,
11. Arecordofcertificatere‐keys,
12. CRLandOCSPentries,
13. Dataorapplicationsnecessarytoverifyanarchive’scontents,
14. Complianceauditorreports,
15. ChangestoDigiCert’sauditparameters,
16. Anyattempttodeleteormodifyauditlogs,
17. Keygeneration,destruction,storage,backup,andrecovery,
18. AccesstoPrivateKeysforkeyrecoverypurposes,
19. ExportofPrivateKeys,
20. Approvalorrejectionofacertificatestatuschangerequest,
21. Appointmentofanindividualtoatrustedrole,
22. Destructionofacryptographicmodule,
23. Certificatecompromisenotifications,
24. Remedialactiontakenasaresultofviolationsofphysicalsecurity,and
25. ViolationsoftheCPS.
5.5.2. RetentionPeriodforArchiveNostipulation.
5.5.3. ProtectionofArchiveArchiverecordsarestoredatasecureoff‐sitelocationandaremaintainedinamannerthatpreventsunauthorizedmodification,substitution,ordestruction.ArchivesarenotreleasedexceptasallowedbytheDCPAorasrequiredbylaw.DigiCertmaintainsanysoftwareapplicationrequiredtoprocessthearchivedatauntilthedataiseitherdestroyedortransferredtoanewermedium.
IfDigiCertneedstotransferanymediatoadifferentarchivesiteorequipment,DigiCertwillmaintainbotharchivedlocationsand/orpiecesofequipmentuntilthetransferarecomplete.Alltransferstonewarchiveswilloccurinasecuremanner.
20
5.5.4. ArchiveBackupProceduresOnatleastanannualbasis,DigiCertcreatesanarchivediskofthedatalistedinsection5.5.1bygroupingthedatatypestogetherbysourceintoseparate,compressedarchivefiles.DigiCertstoresthearchivediskinasecureoff‐sitelocationforthedurationofthesetretentionperiod.
5.5.5. RequirementsforTime‐stampingofRecordsDigiCertautomaticallytime‐stampsarchivedrecordswithsystemtime(non‐cryptographicmethod)astheyarecreated.DigiCertsynchronizesitssystemtimeatleasteveryeighthoursusingarealtimevaluedistributedbyarecognizedUTC(k)laboratoryorNationalMeasurementInstitute.
5.5.6. ArchiveCollectionSystem(internalorexternal)ArchiveinformationiscollectedinternallybyDigiCert.
5.5.7. ProcedurestoObtainandVerifyArchiveInformationDetailsconcerningthecreationandstorageofarchiveinformationarefoundinsection5.5.4.AfterreceivingarequestmadeforaproperpurposebyaCustomer,itsagent,orapartyinvolvedinadisputeoveratransactioninvolvingthePKI,DigiCertmayelecttoretrievetheinformationfromarchival.DigiCertmayelecttotransmittherelevantinformationviaasecureelectronicmethodorcourier,oritmayalsorefusetoprovidetheinformationinitsdiscretionandmayrequirepriorpaymentofallcostsassociatedwiththedata.
5.6. KEYCHANGEOVERKeychangeoverproceduresenablethesmoothtransitionfromexpiringCAcertificatestonewCAcertificates.TowardstheendofaCAPrivateKey’slifetime,DigiCertceasesusingtheexpiringCAPrivateKeytosigncertificatesandusestheoldPrivateKeyonlytosignCRLs,OCSPresponses,andOCSPrespondercertificates.AnewCAsigningkeypairiscommissionedandallsubsequentlyissuedcertificatesandCRLsaresignedwiththenewprivatesigningkey.Boththeoldandthenewkeypairsmaybeconcurrentlyactive.ThiskeychangeoverprocesshelpsminimizeanyadverseeffectsfromCAcertificateexpiration.
5.7. COMPROMISEANDDISASTERRECOVERY5.7.1. IncidentandCompromiseHandlingProcedures
DigiCertmaintainsincidentresponseprocedurestoguidepersonnelinresponsetosecurityincidents,naturaldisasters,andsimilareventsthatmaygiverisetosystemcompromise.DigiCertreviews,tests,andupdatesitsincidentresponseplansandproceduresonatleastanannualbasis.
5.7.2. ComputingResources,Software,and/orDataAreCorruptedDigiCertmakesregularsystembackupsonatleastaweeklybasisandmaintainsbackupcopiesofitsPrivateKeys,whicharestoredinasecure,off‐sitelocation.IfDigiCertdiscoversthatanyofitscomputingresources,software,ordataoperationshavebeencompromised,DigiCertassessesthethreatsandrisksthatthecompromisepresentstotheintegrityorsecurityofitsoperationsorthoseofaffectedparties.IfDigiCertdeterminesthatacontinuedoperationcouldposeasignificantrisktoRelyingPartiesorSubscribers,DigiCertsuspendssuchoperationuntilitdeterminesthattheriskismitigated.
5.7.3. EntityPrivateKeyCompromiseProceduresIfDigiCertsuspectsthatoneofitsPrivateKeyshasbeencomprisedorlost,thenanemergencyresponseteamwillconveneandassessthesituationtodeterminethedegreeandscopeoftheincidentandtakeappropriateaction.DigiCertmaygenerateanewkeypairandsignanewcertificate.IfadisasterphysicallydamagesDigiCert’sequipmentanddestroysallcopiesofDigiCert’ssignaturekeys,thenDigiCertwillprovidenoticetoaffectedpartiesattheearliestfeasibletime.
5.7.4. BusinessContinuityCapabilitiesafteraDisasterTomaintaintheintegrityofitsservices,DigiCertimplementsdatabackupandrecoveryproceduresaspartofitsBusinessContinuityManagementPlan(BCMP).StatedgoalsoftheBCMParetoensurethatcertificate
21
statusservicesbeonlyminimallyaffectedbyanydisasterinvolvingDigiCert’sprimaryfacilityandthatDigiCertbecapableofmaintainingotherservicesorresumingthemasquicklyaspossiblefollowingadisaster.DigiCertreviews,tests,andupdatestheBCMPandsupportingproceduresatleastannually.
DigiCert'ssystemsareredundantlyconfiguredatitsprimaryfacilityandaremirroredataseparate,geographicallydiverselocationforfailoverintheeventofadisaster.IfadisastercausesDigiCert’sprimaryCAoperationstobecomeinoperative,DigiCertwillre‐initiateitsoperationsatitssecondarylocationgivingprioritytotheprovisionofcertificatestatusinformationandtimestampingcapabilities,ifaffected.
5.8. CAORRATERMINATIONBeforeterminatingitsCAactivities,DigiCertwill:
1. Providenoticeandinformationabouttheterminationbysendingnoticebyemailtoitscustomers;and
2. Transferallresponsibilitiestoaqualifiedsuccessorentity.
Ifaqualifiedsuccessorentitydoesnotexist,DigiCertwill:
1. transferthosefunctionscapableofbeingtransferredtoareliablethirdpartyandarrangetopreserveallrelevantrecordswithareliablethirdpartyoragovernment,regulatory,orlegalbodywithappropriateauthority;
2. revokeallcertificatesthatarestillun‐revokedorun‐expiredonadateasspecifiedinthenoticeandpublishfinalCRLs;
3. destroyallPrivateKeys;and
4. makeothernecessaryarrangementsthatareinaccordancewiththisCPS.
DigiCerthasmadearrangementstocoverthecostsassociatedwithfulfillingtheserequirementsincaseDigiCertbecomesbankruptorisunabletocoverthecosts.Anyrequirementsofthissectionthatarevariedbycontractapplyonlythecontractingparties.
6. TECHNICALSECURITYCONTROLS
6.1. KEYPAIRGENERATIONANDINSTALLATION6.1.1. KeyPairGeneration
CAkeypairsaregeneratedbytrustedrolesandusingacryptographichardwaredevice.Typically,thecryptographichardwareisevaluatedtoFIPS140‐1Level3andEAL4+.DigiCertcreatesauditableevidenceduringthekeygenerationprocesstoprovethattheCPSwasfollowedandroleseparationwasenforcedduringthekeygenerationprocess.
6.1.2. PrivateKeyDeliverytoSubscriberNostipulation.
6.1.3. PublicKeyDeliverytoCertificateIssuerSubscribersgeneratekeypairsandsubmitthePublicKeytoDigiCertinaCSRaspartofthecertificaterequestprocess.TheSubscriber’ssignatureontherequestisauthenticatedpriortoissuingthecertificate.
6.1.4. CAPublicKeyDeliverytoRelyingPartiesNostipulation.
22
6.1.5. KeySizesNostipulation.
6.1.6. PublicKeyParametersGenerationandQualityCheckingDigiCertusesacryptomodulethatconformstoFIPS186‐2andprovidesrandomnumbergenerationandon‐boardgenerationofupto4096‐bitRSAPublicKeysandawiderangeofECCcurves.
6.1.7. KeyUsagePurposes(asperX.509v3keyusagefield)DigiCert'scertificatesmayincludekeyusageextensionfieldsthatspecifytheintendeduseofthecertificateandtechnicallylimitthecertificate’sfunctionalityinX.509v3compliantsoftware.TheuseofaspecifickeyisdeterminedbythekeyusageextensionintheX.509certificate.Subscribercertificatesassertkeyusagesbasedontheintendedapplicationofthekeypair.Inparticular,certificatestobeusedfordigitalsignatures(includingauthentication)setthedigitalSignatureand/ornonRepudiationbits.CertificatestobeusedforkeyordataencryptionshallsetthekeyEnciphermentand/ordataEnciphermentbits.CertificatestobeusedforkeyagreementshallsetthekeyAgreementbit.
Keyusagebitsandextendedkeyusagesarespecifiedinthecertificateprofileforeachtypeofcertificateassetforthinrelevantprofileddocument.
6.2. PRIVATEKEYPROTECTIONANDCRYPTOGRAPHICMODULEENGINEERINGCONTROLS6.2.1. CryptographicModuleStandardsandControls
Nostipulation.
6.2.2. PrivateKey(noutofm)Multi‐personControlDigiCert'sauthenticationmechanismsareprotectedsecurelywhennotinuseandmayonlybeaccessedbyactionsofmultipletrustedpersons.BackupsofCAPrivateKeysaresecurelystoredoff‐siteandrequiretwo‐personaccess.Re‐activationofabacked‐upCAPrivateKey(unwrapping)requiresthesamesecurityandmulti‐personcontrolaswhenperformingothersensitiveCAPrivateKeyoperations.
6.2.3. PrivateKeyEscrowNostipulation.
6.2.4. PrivateKeyBackupNostipulation.
6.2.5. PrivateKeyArchivalNostipulation.
6.2.6. PrivateKeyTransferintoorfromaCryptographicModuleNostipulation.
6.2.7. PrivateKeyStorageonCryptographicModuleNostipulation.
6.2.8. MethodofActivatingPrivateKeysDigiCert'sPrivateKeysareactivatedaccordingtothespecificationsofthecryptographicmodulemanufacturer.Activationdataentryisprotectedfromdisclosure.SubscribersaresolelyresponsibleforprotectingtheirPrivateKeys.SubscribersshoulduseastrongpasswordorequivalentauthenticationmethodtopreventunauthorizedaccessoruseoftheSubscriber’sPrivateKey.Ataminimum,Subscribersarerequiredtoauthenticatethemselvestothecryptographicmodulebeforeactivatingtheirprivatekeys.
23
6.2.9. MethodofDeactivatingPrivateKeysDigiCert’sPrivateKeysaredeactivatedvialogoutproceduresontheapplicableHSMdevicewhennotinuse.DigiCertneverleavesitsHSMdevicesinanactiveunlockedorunattendedstate.SubscribersshoulddeactivatetheirPrivateKeysvialogoutandremovalprocedureswhennotinuse.
6.2.10. MethodofDestroyingPrivateKeysDigiCert/RApersonnel,actingintrustedroles,destroyCA,RA,andstatusserverPrivateKeyswhennolongerneeded.SubscribersshalldestroytheirPrivateKeyswhenthecorrespondingcertificateisrevokedorexpiredorifthePrivateKeyisnolongerneeded.DigiCertmaydestroyaPrivateKeybydeletingitfromallknownstoragepartitions.DigiCertalsozeroizestheHSMdeviceandassociatedbackuptokensaccordingtothespecificationsofthehardwaremanufacturer.Thisreinitializesthedeviceandoverwritesthedatawithbinaryzeros.
6.2.11. CryptographicModuleRatingSeeSection6.2.1.
6.3. OTHERASPECTSOFKEYPAIRMANAGEMENT
6.3.1. PublicKeyArchivalDigiCertarchivescopiesofPublicKeysinaccordancewithSection5.5.
6.3.2. CertificateOperationalPeriodsandKeyPairUsagePeriodsNostipulation.
6.4. ACTIVATIONDATA
6.4.1. ActivationDataGenerationandInstallationDigiCertactivatesthecryptographicmodulecontainingitsCAPrivateKeysaccordingtothespecificationsofthehardwaremanufacturer.AllDigiCertpersonnelandSubscribersareinstructedtousestrongpasswordsandtoprotectPINsandpasswords.DigiCertemployeesarerequiredtocreatenon‐dictionary,alphanumericpasswordswithaminimumlengthandtochangetheirpasswordsonaregularbasis.IfDigiCertusespasswordsasactivationdataforasigningkey,DigiCertwillchangetheactivationdatachangeuponrekeyoftheCAcertificate.
6.4.2. ActivationDataProtectionDigiCertprotectsdatausedtounlockprivatekeysfromdisclosureusingacombinationofcryptographicandphysicalaccesscontrolmechanisms.Protectionmechanismsincludekeepingactivationmechanismssecureusingrole‐basedphysicalcontrol.AllDigiCertpersonnelareinstructedtomemorizeandnottowritedowntheirpasswordorshareitwithanotherindividual.DigiCertlocksaccountsusedtoaccesssecureCAprocessesifacertainnumberoffailedpasswordattemptsoccur.
6.4.3. OtherAspectsofActivationDataNostipulation.
6.5. COMPUTERSECURITYCONTROLS6.5.1. SpecificComputerSecurityTechnicalRequirements
DigiCertsecuresitsCAsystemsandauthenticatesandprotectscommunicationsbetweenitssystemsandtrustedroles.DigiCert'sCAserversandsupport‐and‐vettingworkstationsrunontrustworthysystemsthatareconfiguredandhardenedusingindustrybestpractices.
6.5.2. ComputerSecurityRatingNostipulation.
24
6.6. LIFECYCLETECHNICALCONTROLS6.6.1. SystemDevelopmentControls
DigiCerthasmechanismsinplacetocontrolandmonitortheacquisitionanddevelopmentofitsCAsystems.Changerequestsrequiretheapprovalofatleastoneadministratorwhoisdifferentfromthepersonsubmittingtherequest.DigiCertonlyinstallssoftwareonCAsystemsifthesoftwareispartoftheCA’soperation.CAhardwareandsoftwarearededicatedtoperformingoperationsoftheCA.
Vendorsareselectedbasedontheirreputationinthemarket,abilitytodeliverqualityproduct,andlikelihoodofremainingviableinthefuture.Managementisinvolvedinthevendorselectionandpurchasedecisionprocess.Non‐PKIhardwareandsoftwareispurchasedwithoutidentifyingthepurposeforwhichthecomponentwillbeused.Allhardwareandsoftwareareshippedunderstandardconditionstoensuredeliveryofthecomponentdirectlytoatrustedemployeewhoensuresthattheequipmentisinstalledwithoutopportunityfortampering.
SomeofthePKIsoftwarecomponentsusedbyDigiCertaredevelopedin‐houseorbyconsultantsusingstandardsoftwaredevelopmentmethodologies.Allsuchsoftwareisdesignedanddevelopedinacontrolledenvironmentandsubjectedtoqualityassurancereview.Othersoftwareispurchasedcommercialoff‐the‐shelf(COTS).Qualityassuranceismaintainedthroughouttheprocessthroughtestinganddocumentationorbypurchasingfromtrustedvendorsasdiscussedabove.
Updatesofequipmentandsoftwarearepurchasedordevelopedinthesamemannerastheoriginalequipmentorsoftwareandareinstalledandtestedbytrustedandtrainedpersonnel.AllhardwareandsoftwareessentialtoDigiCert’soperationsisscannedformaliciouscodeonfirstuseandperiodicallythereafter.
6.6.2. SecurityManagementControlsDigiCerthasmechanismsinplacetocontrolandmonitorthesecurity‐relatedconfigurationsofitsCAsystems.WhenloadingsoftwareontoaCAsystem,DigiCertverifiesthatthesoftwareisthecorrectversionandissuppliedbythevendorfreeofanymodifications.DigiCertverifiestheintegrityofsoftwareusedwithitsCAprocessesatleastonceaweek.
6.6.3. LifeCycleSecurityControlsNostipulation.
6.7. NETWORKSECURITYCONTROLSDigiCertdocumentsandcontrolstheconfigurationofitssystems,includinganyupgradesormodificationsmade.DigiCert'sCAsystemisconnectedtooneinternalnetworkandisprotectedbyfirewallsandNetworkAddressTranslationforallinternalIPaddresses(e.g.,192.168.x.x).DigiCert'scustomersupportandvettingworkstationsarealsoprotectedbyfirewall(s)andonlyuseinternalIPaddresses.RootKeysarekeptofflineandbroughtonlineonlywhennecessarytosigncertificate‐issuingsubordinateCAs,OCSPresponses,OCSPResponderCertificates,orperiodicCRLs.Firewallsandboundarycontroldevicesareconfiguredtoallowaccessonlybytheaddresses,ports,protocolsandcommandsrequiredforthetrustworthyprovisionofPKIservicesbysuchsystems.DigiCert'ssecuritypolicyistoblockallportsandprotocolsandopenonlyportsnecessarytoenableCAfunctions.AllCAequipmentisconfiguredwithaminimumnumberofservicesandallunusednetworkportsandservicesaredisabled.DigiCert'snetworkconfigurationisavailableforreviewon‐sitebyitsauditorsandconsultantsunderanappropriatenon‐disclosureagreement.
6.8. TIME‐STAMPINGNostipulation.
7. CERTIFICATE,CRL,ANDOCSPPROFILES
DigiCertusestheITUX.509,version3standardtoconstructdigitalcertificatesforusewithintheDigiCertPKI.
25
7.1. CERTIFICATEPROFILE7.1.1. VersionNumber(s)
AllcertificatesareX.509version3certificates.
7.1.2. CertificateExtensionsAsagreedtowiththecustomer.
7.1.3. AlgorithmObjectIdentifiersAsagreedtowiththecustomer.DigiCertstronglyrecommendsthefollowing:
sha256WithRSAEncryption [iso(1)member‐body(2)us(840)rsadsi(113549)pkcs(1)pkcs‐1(1)11]
ecdsa‐with‐sha384 [iso(1)member‐body(2)us(840)ansi‐X9‐62(10045)signatures(4)ecdsa‐with‐SHA2(3)3]
7.1.4. NameFormsNostipulation.
7.1.5. NameConstraintsNostipulation.
7.1.6. CertificatePolicyObjectIdentifierNostipulation.
7.1.7. UsageofPolicyConstraintsExtensionNotapplicable.
7.1.8. PolicyQualifiersSyntaxandSemanticsDigiCertmayincludebriefstatementsincertificatesaboutthelimitationsofliabilityandothertermsassociatedwiththeuseofacertificateinthePolicyQualifierfieldoftheCertificatesPolicyextension.
7.1.9. ProcessingSemanticsfortheCriticalCertificatePoliciesExtensionNostipulation.
7.2. CRLPROFILE
7.2.1. Versionnumber(s)DigiCertissuesversion2CRLsthatcontainthefollowingfields:
Field ValueIssuerSignatureAlgorithm sha‐1WithRSAEncryption[12840113549115]OR
sha‐256WithRSAEncryption[128401135491111]ORecdsa‐with‐sha384[1284010045433]
IssuerDistinguishedName [Asappropriate]thisUpdate CRLissuedateinUTCformatnextUpdate DatewhenthenextCRLwillissueinUTCformat.RevokedCertificatesList Listofrevokedcertificates,includingtheserialnumberand
revocationdateIssuer’sSignature [Signature]
7.2.2. CRLandCRLEntryExtensionsCRLshavethefollowingextensions:
26
Extension ValueCRLNumber NeverrepeatedmonotonicallyincreasingintegerAuthorityKeyIdentifier SameastheAuthorityKeyIdentifierlistedinthecertificateInvalidityDate OptionaldateinUTCformatReasonCode Optionalreasonforrevocation
7.3. OCSPPROFILE7.3.1. VersionNumber(s)
DigiCert’sOCSPrespondersconformtoversion1ofRFC2560.
7.3.2. OCSPExtensionsNostipulation.
8. COMPLIANCEAUDITANDOTHERASSESSMENTS
8.1. FREQUENCYORCIRCUMSTANCESOFASSESSMENTAuditsreferencingthisCPSshallcoverDigiCert’sCAsystems,SubCAs,andOCSPResponders.
8.2. IDENTITY/QUALIFICATIONSOFASSESSORNostipulation.
8.3. ASSESSOR'SRELATIONSHIPTOASSESSEDENTITYNostipulation.
8.4. TOPICSCOVEREDBYASSESSMENTAnyauditcoversDigiCert'sbusinesspracticesdisclosure,theintegrityofDigiCert'sPKIoperations,andDigiCert’scompliancewithrelevantstandards.
8.5. ACTIONSTAKENASARESULTOFDEFICIENCYIfanauditreportsamaterialnoncompliancewithapplicablelaw,thisCPS,oranyothercontractualobligationsrelatedtoDigiCert’sservices,then(1)theauditorwilldocumentthediscrepancy,(2)theauditorwillpromptlynotifyDigiCert,and(3)DigiCertwilldevelopaplantocurethenoncompliance.DigiCertwillsubmittheplantotheDCPAforapprovalandtoanythirdpartythatDigiCertislegallyobligatedtosatisfy.TheDCPAmayrequireadditionalactionifnecessarytorectifyanysignificantissuescreatedbythenon‐compliance,includingrequiringrevocationofaffectedcertificates.
8.6. COMMUNICATIONOFRESULTSTheresultsofeachauditarereportedtotheDCPAandtoanythirdpartyentitieswhichareentitledbylaw,regulation,oragreementtoreceiveacopyoftheauditresults.
8.7. SELF‐AUDITSNostipulation.
9. OTHERBUSINESSANDLEGALMATTERS
9.1. FEES9.1.1. CertificateIssuanceorRenewalFees
DigiCertchargesfeesforcertificateissuanceandrenewal.DigiCertmaychangeitsfeesinaccordancewiththeapplicablecustomeragreement.
27
9.1.2. CertificateAccessFeesDigiCertmaychargeareasonablefeeforaccesstoitscertificatedatabases.
9.1.3. RevocationorStatusInformationAccessFeesDigiCertdoesnotchargeacertificaterevocationfeeorafeeforcheckingthevaliditystatusofanissuedcertificateusingaCRL.DigiCertmaychargeafeeforprovidingcertificatestatusinformationviaOCSP.
9.1.4. FeesforOtherServicesNostipulation.
9.1.5. RefundPolicyAssetforthintherelevantcustomeragreement.
9.2. FINANCIALRESPONSIBILITY
9.2.1. InsuranceCoverageDigiCertmaintainsCommercialGeneralLiabilityinsurancewithapolicylimitofatleast$2millionincoverageandProfessionalLiability/Errors&Omissionsinsurancewithapolicylimitofatleast$5millionincoverage.InsuranceiscarriedthroughcompaniesratednolessthanA‐astoPolicyHolder’sRatinginthecurrenteditionofBest’sInsuranceGuide(orwithanassociationofcompanies,eachofthemembersofwhicharesorated).
9.2.2. OtherAssetsNostipulation.
9.2.3. InsuranceorWarrantyCoverageforEnd‐EntitiesNostipulation.
9.3. CONFIDENTIALITYOFBUSINESSINFORMATION
9.3.1. ScopeofConfidentialInformationThefollowinginformationisconsideredconfidentialandprotectedagainstdisclosureusingareasonabledegreeofcare:
PrivateKeys;
ActivationdatausedtoaccessPrivateKeysortogainaccesstotheCAsystem;
Businesscontinuity,incidentresponse,contingency,anddisasterrecoveryplans;
Othersecuritypracticesusedtoprotecttheconfidentiality,integrity,oravailabilityofinformation;
InformationheldbyDigiCertasprivateinformationinaccordancewithSection9.4;
Auditlogsandarchiverecords;and
Transactionrecords,financialauditrecords,andaudittrailrecordsandanyauditreports(withtheexceptionofanauditor’sletterconfirmingtheeffectivenessofthecontrolssetforthinthisCPS).
9.3.2. InformationNotWithintheScopeofConfidentialInformationAnyinformationnotlistedasconfidentialisconsideredpublicinformation.Publishedcertificateandrevocationdataisconsideredpublicinformation.
28
9.3.3. ResponsibilitytoProtectConfidentialInformationDigiCert’semployees,agents,andcontractorsareresponsibleforprotectingconfidentialinformationandarecontractuallyobligatedtodoso.Employeesreceivetrainingonhowtohandleconfidentialinformation.
9.4. PRIVACYOFPERSONALINFORMATION
9.4.1. PrivacyPlanDigiCertfollowstheprivacypolicypostedonitswebsitewhenhandlingpersonalinformation.Personalinformationisonlydisclosedwhenthedisclosureisrequiredbylaworwhenrequestedbythesubjectofthepersonalinformation.
9.4.2. InformationTreatedasPrivateDigiCerttreatsallpersonalinformationaboutanindividualthatisnotpubliclyavailableinthecontentsofacertificateorCRLasprivateinformation.DigiCertprotectsprivateinformationusingappropriatesafeguardsandareasonabledegreeofcare.
9.4.3. InformationNotDeemedPrivatePrivateinformationdoesnotincludecertificates,CRLs,ortheircontents.
9.4.4. ResponsibilitytoProtectPrivateInformationDigiCertemployeesandcontractorsareexpectedtohandlepersonalinformationinstrictconfidenceandmeettherequirementsofUSandEuropeanlawconcerningtheprotectionofpersonaldata.Allsensitiveinformationissecurelystoredandprotectedagainstaccidentaldisclosure.
9.4.5. NoticeandConsenttoUsePrivateInformationPersonalinformationobtainedfromanapplicantduringtheapplicationoridentityverificationprocessisconsideredprivateinformationiftheinformationisnotincludedinacertificate.DigiCertwillonlyuseprivateinformationafterobtainingthesubject'sconsentorasrequiredbyapplicablelaworregulation.AllSubscribersmustconsenttotheglobaltransferandpublicationofanypersonaldatacontainedinacertificate.
9.4.6. DisclosurePursuanttoJudicialorAdministrativeProcessDigiCertmaydiscloseprivateinformation,withoutnotice,ifDigiCertbelievesthedisclosureisrequiredbylaworregulation.
9.4.7. OtherInformationDisclosureCircumstancesNostipulation.
9.5. INTELLECTUALPROPERTYRIGHTSDigiCertand/oritsbusinesspartnersowntheintellectualpropertyrightsinDigiCert’sservices,includingthecertificates,trademarksusedinprovidingtheservices,andthisCPS.“DigiCert”isaregisteredtrademarkofDigiCert,Inc.
CertificateandrevocationinformationarethepropertyofDigiCert.DigiCertgrantspermissiontoreproduceanddistributecertificatesonanon‐exclusiveandroyalty‐freebasis,providedthattheyarereproducedanddistributedinfull.DigiCertdoesnotallowderivativeworksofitscertificatesorproductswithoutpriorwrittenpermission.PrivateandPublicKeysremainthepropertyoftheSubscriberswhorightfullyholdthem.Allsecretshares(distributedelements)oftheDigiCertPrivateKeysarethepropertyofDigiCert.
9.6. REPRESENTATIONSANDWARRANTIES
9.6.1. CARepresentationsandWarrantiesExceptasexpresslystatedinthisCPSorinaseparateagreementwithaSubscriber,DigiCertdoesnotmake
29
anyrepresentationsregardingitsproductsorservices.DigiCertrepresents,totheextentspecifiedinthisCPS,that:
DigiCertcomplies,inallmaterialaspects,withthisCPSandallapplicablelawsandregulations,and
DigiCertpublishesandupdatesCRLsandOCSPresponsesonaregularbasis,
DigiCert:
Doesnotwarranttheaccuracy,authenticity,completeness,orfitnessofanyunverifiedinformation,
IsnotresponsibleforinformationcontainedinacertificateexceptasstatedinthisCPS,
Doesnotwarrantthequality,function,orperformanceofanysoftwareorhardwaredevice,and
IsnotresponsibleforfailingtocomplywiththisCPSbecauseofcircumstancesoutsideofDigiCert’scontrol.
9.6.2. RARepresentationsandWarrantiesRAsrepresentthat:
1. TheRA’scertificateissuanceandmanagementservicesconformtothisCPS,
2. InformationprovidedbytheRAdoesnotcontainanyfalseormisleadinginformation,
3. TranslationsperformedbytheRAareanaccuratetranslationoftheoriginalinformation,and
4. AllcertificatesrequestedbytheRAmeettherequirementsofthisCPS.
DigiCert’sagreementwiththeRAmaycontainadditionalrepresentations.
9.6.3. SubscriberRepresentationsandWarrantiesSubscribersaresolelyresponsibleforanymisrepresentationstheymaketothirdpartiesandforalltransactionsthatusetheSubscriber’sPrivateKey,regardlessofwhethersuchusewasauthorized.SubscribersarerequiredtonotifyDigiCertandanyapplicableRAifachangeoccursthatcouldaffectthestatusofthecertificate.SubscribersrepresenttoDigiCert,ApplicationSoftwareVendors,andRelyingPartiesthat,foreachcertificate,theSubscriberwill:
1. SecurelygenerateitsPrivateKeysandprotectitsPrivateKeysfromcompromise,
2. ProvideaccurateandcompleteinformationwhencommunicatingwithDigiCert,
3. Confirmtheaccuracyofthecertificatedatapriortousingthecertificate,
4. PromptlyceaseusingacertificateandnotifyDigiCertif(i)anyinformationthatwassubmittedtoDigiCertorisincludedinacertificatechangesorbecomesmisleadingor(ii)thereisanyactualorsuspectedmisuseorcompromiseofthePrivateKeyassociatedwiththecertificate,
5. Ensurethatindividualsusingcertificatesonbehalfofanorganizationhavereceivedsecuritytrainingappropriatetothecertificate,
6. Usethecertificateonlyforauthorizedandlegalpurposes,consistentwiththecertificatepurpose,thisCPS,anyapplicableCP,andtherelevantSubscriberAgreement,includingonlyinstallingSSLcertificatesonserversaccessibleatthedomainlistedinthecertificateandnotusingcodesigningcertificatestosignmaliciouscodeoranycodethatisdownloadedwithoutauser’sconsent,and
30
7. PromptlyceaseusingthecertificateandrelatedPrivateKeyafterthecertificate’sexpiration.
9.6.4. RelyingPartyRepresentationsandWarrantiesEachRelyingPartyrepresentsthat,priortorelyingonaDigiCertcertificate,it:
1. ObtainedsufficientknowledgeontheuseofdigitalcertificatesandPKI,
2. StudiedtheapplicablelimitationsontheusageofcertificatesandagreestoDigiCert’slimitationsonliabilityrelatedtotheuseofcertificates,
3. Hasread,understands,andagreestotheDigiCertRelyingPartyAgreementandthisCPS,
4. VerifiedboththeDigiCertcertificateandthecertificatesinthecertificatechainusingtherelevantCRLorOCSP,
5. WillnotuseaDigiCertcertificateifthecertificatehasexpiredorbeenrevoked,and
6. Willtakeallreasonablestepstominimizetheriskassociatedwithrelyingonadigitalsignature,includingonlyrelyingonaDigiCertcertificateafterconsidering:
a) applicablelawandthelegalrequirementsforidentificationofaparty,protectionoftheconfidentialityorprivacyofinformation,andenforceabilityofthetransaction;
b) theintendeduseofthecertificateaslistedinthecertificateorthisCPS,
c) thedatalistedinthecertificate,
d) theeconomicvalueofthetransactionorcommunication,
e) thepotentiallossordamagethatwouldbecausedbyanerroneousidentificationoralossofconfidentialityorprivacyofinformationintheapplication,transaction,orcommunication,
f) theRelyingParty’spreviouscourseofdealingwiththeSubscriber,
g) theRelyingParty’sunderstandingoftrade,includingexperiencewithcomputer‐basedmethodsoftrade,and
h) anyotherindiciaofreliabilityorunreliabilitypertainingtotheSubscriberand/ortheapplication,communication,ortransaction.
Anyunauthorizedrelianceonacertificateisataparty’sownrisk.
9.6.5. RepresentationsandWarrantiesofOtherParticipantsNostipulation.
9.7. DISCLAIMERSOFWARRANTIESEXCEPTASEXPRESSLYSTATEDINSECTION9.6.1,ALLCERTIFICATESANDANYRELATEDSOFTWAREANDSERVICESAREPROVIDED"ASIS"AND"ASAVAILABLE”.TOTHEMAXIMUMEXTENTPERMITTEDBYLAW,DIGICERTDISCLAIMSALLEXPRESSANDIMPLIEDWARRANTIES,INCLUDINGALLWARRANTIESOFMERCHANTABILITY,FITNESSFORAPARTICULARPURPOSE,ANDNON‐INFRINGEMENT.DIGICERTDOESNOTWARRANTTHATANYSERVICEORPRODUCTWILLMEETANYEXPECTATIONSORTHATACCESSTOCERTIFICIATESWILLBETIMELYORERROR‐FREE.DigiCertdoesnotguaranteetheavailabilityofanyproductsorservicesandmaymodifyordiscontinueanyproductorserviceofferingatanytime.AfiduciarydutyisnotcreatedsimplybecauseanentityusesDigiCert’sservices.
31
9.8. LIMITATIONSOFLIABILITYNOTHINGHEREINLIMITSLIABILTYRELATEDTO(I)DEATHORPERSONALINJURYRESULTINGFROMDIGICERT’SNEGLIGENCEOR(II)FRAUDCOMMITTEDBYDIGICERT.EXCEPTASSTATEDABOVE,ANYENTITYUSINGADIGICERTCERTIFICATEORSERVICEWAIVESALLLIABILITYOFDIGICERTRELATEDTOSUCHUSE,PROVIDEDTHATDIGICERTHASMATERIALLYCOMPLIEDWITHTHISCPSINPROVIDINGTHECERTIFICATEORSERVICE.DIGICERT’SLIABILITYFORCERTIFICATESANDSERVICESTHATDONOTMATERIALLYCOMPLYWITHTHISCPSISLIMITEDASFOLLOWS:
1. NOLIABILITYIFTHEDAMAGEORLOSSRELATESTOACERTIFICATEOTHERTHANASSLCERTIFICATEORCODESIGNINGCERTIFICATE,
2. AMAXIMUMLIABILITYOF$1,000PERTRANSACTIONFORSSLCERTIFICATES,
3. ANAGGREGATEMAXIMUMLIABILITYOF$10,000FORALLCLAIMSRELATEDTOASINGLECERTIFICATEORSERVICE,
4. ANDANAGGREGATEMAXIMUMLIABILITYOF$1MILLIONFORALLCLAIMS,REGARDLESSOFTHENUMBERORSOURCEOFTHECLAIMS.
DIGICERTAPPORTIONSPAYMENTSRELATEDTOANAGGREGATEMAXIMUMLIMITATIONONLIABILITYUNDERTHISSECTIONTOTHEFIRSTCLAIMSTHATACHIEVEFINALRESOLUTION.
Allliabilityislimitedtoactualandlegallyprovabledamages.DigiCertisnotliablefor:
1. Anyindirect,consequential,special,orpunitivedamagesoranylossofprofit,revenue,data,oropportunity,evenifDigiCertisawareofthepossibilityofsuchdamages;
2. LiabilityrelatedtofraudorwillfulmisconductoftheApplicant;
3. Liabilityrelatedtouseofacertificatethatexceedsthelimitationsonuse,value,ortransactionsasstatedeitherinthecertificateorthisCPS;
4. Liabilityrelatedtothesecurity,usability,orintegrityofproductsnotsuppliedbyDigiCert,includingtheSubscriber’sandRelyingParty’shardware;or
5. LiabilityrelatedtothecompromiseofaSubscriber’sPrivateKey.
Thelimitationsinthissectionapplytothemaximumextentpermittedbylawandapplyregardlessof(i)thereasonforornatureoftheliability,includingtortclaims,(ii)thenumberofclaimsofliability,(iii)theextentornatureofthedamages,(iv)whetherDigiCertfailedtofollowanyprovisionofthisCPS,or(v)whetheranyprovisionofthisCPSwasprovenineffective.
ThedisclaimersandlimitationsonliabilitiesinthisCPSarefundamentaltermstotheuseofDigiCert’scertificatesandservices.
9.9. INDEMNITIES9.9.1. IndemnificationbyDigiCert
Assetforthintherelevantcustomeragreement.
9.9.2. IndemnificationbySubscribersTotheextentpermittedbylaw,eachSubscribershallindemnifyDigiCert,itspartners,andanycross‐signedentities,andtheirrespectivedirectors,officers,employees,agents,andcontractorsagainstanyloss,damage,orexpense,includingreasonableattorney’sfees,relatedto(i)anymisrepresentationoromissionofmaterialfactbySubscriber,regardlessofwhetherthemisrepresentationoromissionwasintentionalorunintentional;
(ii)Subscriber’sbreachoftheSubscriberAgreement,thisCPS,orapplicablelaw;(iii)thecompromiseor
32
unauthorizeduseofacertificateorPrivateKeycausedbytheSubscriber’snegligenceorintentionalacts;or
(iv)Subscriber’smisuseofthecertificateorPrivateKey.
9.9.3. IndemnificationbyRelyingPartiesTotheextentpermittedbylaw,eachRelyingPartyshallindemnifyDigiCert,itspartners,andanycross‐signedentities,andtheirrespectivedirectors,officers,employees,agents,andcontractorsagainstanyloss,damage,orexpense,includingreasonableattorney’sfees,relatedtotheRelyingParty’s(i)breachoftheRelyingPartyAgreement,anEnd‐UserLicenseAgreement,thisCPS,orapplicablelaw;(ii)unreasonablerelianceonacertificate;or(iii)failuretocheckthecertificate’sstatuspriortouse.
9.10. TERMANDTERMINATION9.10.1. Term
ThisCPSandanyamendmentstotheCPSareeffectivewhenadoptedbytheDCPAandremainineffectuntilreplacedwithanewerversion.
9.10.2. TerminationThisCPSandanyamendmentsremainineffectuntilreplacedbyanewerversion.
9.10.3. EffectofTerminationandSurvivalDigiCertwillcommunicatetheconditionsandeffectofthisCPS’sterminationviaemailortheDigiCertrepository.Thecommunicationwillspecifywhichprovisionssurvivetermination.Ataminimum,allresponsibilitiesrelatedtoprotectingconfidentialinformationwillsurvivetermination.Allagreementsremaineffectiveuntilthecertificateisrevokedorexpired,evenifthisCPSterminates.
9.11. INDIVIDUALNOTICESANDCOMMUNICATIONSWITHPARTICIPANTSDigiCertacceptsnoticesrelatedtothisCPSatthelocationsspecifiedinSection2.2.NoticesaredeemedeffectiveafterthesenderreceivesavalidanddigitallysignedacknowledgmentofreceiptfromDigiCert.Ifanacknowledgementofreceiptisnotreceivedwithinfivedays,thesendermustresendthenoticeinpaperformtothestreetaddressspecifiedinSection2.2usingeitheracourierservicethatconfirmsdeliveryorviacertifiedorregisteredmailwithpostageprepaidandreturnreceiptrequested.DigiCertmayallowotherformsofnoticeintherelevantcustomeragreement.
9.12. AMENDMENTS
9.12.1. ProcedureforAmendmentThisCPSisperiodicallyreviewedandupdatedbytheDCPA.ControlsareinplacetoreasonablyensurethatthisCPSisnotamendedandpublishedwithoutthepriorauthorizationoftheDCPA.
9.12.2. NotificationMechanismandPeriodDigiCertdoesnotguaranteeorsetanotice‐and‐commentperiodandmaymakechangestothisCPSwithoutnoticeandwithoutchangingtheversionnumber.Majorchangesaffectingaccreditedcertificatesareannouncedandapprovedbytheaccreditingagencypriortobecomingeffective.TheDCPAisresponsiblefordeterminingwhatconstitutesamaterialchangeoftheCPS.
9.12.3. CircumstancesunderwhichOIDMustBeChangedTheDCPAissolelyresponsiblefordeterminingwhetheranamendmenttotheCPSrequiresanOIDchange.
9.13. DISPUTERESOLUTIONPROVISIONSPartiesarerequiredtonotifyDigiCertandattempttoresolvedisputesdirectlywithDigiCertbeforeresortingtoanydisputeresolutionmechanism,includingadjudicationoranytypeofalternativedisputeresolution.
9.14. GOVERNINGLAWThelawsofthestateofUtahgoverntheinterpretation,construction,andenforcementofthisCPSandall
33
proceedingsrelatedtoDigiCert’sproductsandservices,includingtortclaims,withoutregardtoanyconflictsoflawprinciples.ThestateofUtahhasnon‐exclusivevenueandjurisdictionoveranyproceedingsrelatedtotheCPSoranyDigiCertproductorservice.
9.15. COMPLIANCEWITHAPPLICABLELAWThisCPSissubjecttoallapplicablelawsandregulations,includingUnitedStatesrestrictionsontheexportofsoftwareandcryptographyproducts.
9.16. MISCELLANEOUSPROVISIONS9.16.1. EntireAgreement
DigiCertcontractuallyobligatesanyentityoperatingunderthisCPStocomplywiththisCPSandapplicableindustryguidelines.DigiCertalsorequireseachpartyusingitsproductsandservicestoenterintoanagreementthatdelineatesthetermsassociatedwiththeproductorservice.IfanagreementhasprovisionsthatdifferfromthisCPS,thentheagreementwiththatpartycontrols,butsolelywithrespecttothatparty.Thirdpartiesmaynotrelyonorbringactiontoenforcesuchagreement.
9.16.2. AssignmentAnyentitiesoperatingunderthisCPSmaynotassigntheirrightsorobligationswithoutthepriorwrittenconsentofDigiCert.Unlessspecifiedotherwiseinacontractwithaparty,DigiCertdoesnotprovidenoticeofassignment.
9.16.3. SeverabilityIfanyprovisionofthisCPSisheldinvalidorunenforceablebyacompetentcourtortribunal,theremainderoftheCPSwillremainvalidandenforceable.EachprovisionofthisCPSthatprovidesforalimitationofliability,disclaimerofawarranty,oranexclusionofdamagesisseverableandindependentofanyotherprovision.
9.16.4. Enforcement(attorneys'feesandwaiverofrights)DigiCertmayseekindemnificationandattorneys'feesfromapartyfordamages,losses,andexpensesrelatedtothatparty'sconduct.DigiCert’sfailuretoenforceaprovisionofthisCPSdoesnotwaiveDigiCert’srighttoenforcethesameprovisionlaterorrighttoenforceanyotherprovisionofthisCPS.Tobeeffective,waiversmustbeinwritingandsignedbyDigiCert.
9.16.5. ForceMajeureDigiCertisnotliableforanydelayorfailuretoperformanobligationunderthisCPStotheextentthatthedelayorfailureiscausedbyanoccurrencebeyondDigiCert’sreasonablecontrol.TheoperationoftheInternetisbeyondDigiCert’sreasonablecontrol.
9.17. OTHERPROVISIONSNostipulation.