90 likes | 204 Vues
Trusted Third Parties in the Netherlands. TTP.NL Scheme Version 1, 21/12/1999 Anton Pronk. Shell Roccade MegaSign PTT Post KeyMail DigiNotar KPN Telecom Interpay. Rabobank ECP.NL EZ KPMG PWC ICIT. TTP.NL. High-level scheme. 10 years. Functional and quality standards. 5 years.
E N D
Trusted Third Parties in the Netherlands TTP.NL Scheme Version 1, 21/12/1999 Anton Pronk
Shell Roccade MegaSign PTT Post KeyMail DigiNotar KPN Telecom Interpay Rabobank ECP.NL EZ KPMG PWC ICIT TTP.NL
High-level scheme 10 years Functional and quality standards 5 years Technical standards 1 - 2 years Product lists Real-time Design parameters
Criteria for CSPs • Directional documents • National Action Plan Electronic Highway • Annex II EU Directive on Electronic Signatures • Requirements and guidance documents • PKI processes • Information security • Organisational reliability
T T P . N L P A R T 1 General controls Plan C P / C P S Key mgnt l.c. controls CSP Certificate l.c.controls Control PKI processes Information securityOrganisational reliability T T P . N L P A R T 2 T T P . N L P A R T 3 Document / Implement
Self Assessment Questionnaire for CSPs(based on ANSI ABA/X9) • Information Security Management Controls • Key Management Life Cycle Controls • Certificate Life Cycle Controls
Certification and accreditation • Apply for certificate • Trial assessment • Documentation audit • Implementation audit • Decision to certify • Certificate maintenance
Management framework • ‘TTP-kamer’ • Council of Experts • Tasks • Co-ordination of the Management of audit programs • Control of the Scheme • Maintenance of the Scheme • International harmonisation • Arbitration
Criteria for Auditors( based on ISO 10011-2) • Workplace experience in Information Technology • Audit experience • Specific fields of expertise • PKI • Information security • Organisational reliability