1 / 9

Trusted Third Parties in the Netherlands: TTP NL Scheme Overview and Standards

This document details the TTP NL scheme, established to ensure trust and reliability among third-party service providers in the Netherlands. It outlines functional and quality standards over ten years, along with technical standards for one to two years. Key elements include the national action plan for electronic signatures, PKI processes, information security, and organizational reliability. It also specifies the requirements for certification, self-assessment questionnaires for CSPs, and criteria for auditors, ensuring a comprehensive framework to foster secure electronic transactions.

kawena
Télécharger la présentation

Trusted Third Parties in the Netherlands: TTP NL Scheme Overview and Standards

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Trusted Third Parties in the Netherlands TTP.NL Scheme Version 1, 21/12/1999 Anton Pronk

  2. Shell Roccade MegaSign PTT Post KeyMail DigiNotar KPN Telecom Interpay Rabobank ECP.NL EZ KPMG PWC ICIT TTP.NL

  3. High-level scheme 10 years Functional and quality standards 5 years Technical standards 1 - 2 years Product lists Real-time Design parameters

  4. Criteria for CSPs • Directional documents • National Action Plan Electronic Highway • Annex II EU Directive on Electronic Signatures • Requirements and guidance documents • PKI processes • Information security • Organisational reliability

  5. T T P . N L P A R T 1 General controls Plan C P / C P S Key mgnt l.c. controls CSP Certificate l.c.controls Control PKI processes Information securityOrganisational reliability T T P . N L P A R T 2 T T P . N L P A R T 3 Document / Implement

  6. Self Assessment Questionnaire for CSPs(based on ANSI ABA/X9) • Information Security Management Controls • Key Management Life Cycle Controls • Certificate Life Cycle Controls

  7. Certification and accreditation • Apply for certificate • Trial assessment • Documentation audit • Implementation audit • Decision to certify • Certificate maintenance

  8. Management framework • ‘TTP-kamer’ • Council of Experts • Tasks • Co-ordination of the Management of audit programs • Control of the Scheme • Maintenance of the Scheme • International harmonisation • Arbitration

  9. Criteria for Auditors( based on ISO 10011-2) • Workplace experience in Information Technology • Audit experience • Specific fields of expertise • PKI • Information security • Organisational reliability

More Related