1 / 9

Trusted Third Parties in the Netherlands

Trusted Third Parties in the Netherlands. TTP.NL Scheme Version 1, 21/12/1999 Anton Pronk. Shell Roccade MegaSign PTT Post KeyMail DigiNotar KPN Telecom Interpay. Rabobank ECP.NL EZ KPMG PWC ICIT. TTP.NL. High-level scheme. 10 years. Functional and quality standards. 5 years.

kawena
Télécharger la présentation

Trusted Third Parties in the Netherlands

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Trusted Third Parties in the Netherlands TTP.NL Scheme Version 1, 21/12/1999 Anton Pronk

  2. Shell Roccade MegaSign PTT Post KeyMail DigiNotar KPN Telecom Interpay Rabobank ECP.NL EZ KPMG PWC ICIT TTP.NL

  3. High-level scheme 10 years Functional and quality standards 5 years Technical standards 1 - 2 years Product lists Real-time Design parameters

  4. Criteria for CSPs • Directional documents • National Action Plan Electronic Highway • Annex II EU Directive on Electronic Signatures • Requirements and guidance documents • PKI processes • Information security • Organisational reliability

  5. T T P . N L P A R T 1 General controls Plan C P / C P S Key mgnt l.c. controls CSP Certificate l.c.controls Control PKI processes Information securityOrganisational reliability T T P . N L P A R T 2 T T P . N L P A R T 3 Document / Implement

  6. Self Assessment Questionnaire for CSPs(based on ANSI ABA/X9) • Information Security Management Controls • Key Management Life Cycle Controls • Certificate Life Cycle Controls

  7. Certification and accreditation • Apply for certificate • Trial assessment • Documentation audit • Implementation audit • Decision to certify • Certificate maintenance

  8. Management framework • ‘TTP-kamer’ • Council of Experts • Tasks • Co-ordination of the Management of audit programs • Control of the Scheme • Maintenance of the Scheme • International harmonisation • Arbitration

  9. Criteria for Auditors( based on ISO 10011-2) • Workplace experience in Information Technology • Audit experience • Specific fields of expertise • PKI • Information security • Organisational reliability

More Related