BG.ACAD CA Self-audit report 2018

Slides:



Advertisements
Similar presentations
Status of Auditing Guidelines Document Oct. 15 Yoshio Tanaka, AIST.
Advertisements

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America The Brazilian Grid Certification Authority.
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.
PKI Activities at Virginia September 2000 Jim Jokl
IHEP Grid CA Status Report Gongxing Sun F2F Meeting 20 Apr Computing Centre, IHEP,CAS,China.
IHEP Grid CA Status Report Wei F2F Meeting 8 Mar Computing Centre, IHEP,CAS,China.
KFKI CA József Kadlecsik KFKI RMKI
Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.
KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim Jae-Hyuck Kwan
Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.
Academia Sinica Grid Computing Certification Authority (ASGCCA)
Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien April 20, th APGridPMA in Taipei.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.
Preserving Electronic Mailing Lists as Scholarly Resources: The H-Net Archives Lisa M. Schmidt
NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.
APGrid PMA face-to-face meeting, 9/16/2008 PRAGMA-UCSD CA Team Pacific Rim Application and Grid Middleware Assembly
0 NAREGI CA Status Report APGrid F2F meeting in Singapore June 4, 2007 Rumiko Masuko.
KEK GRID CA Takashi Sasaki Computing Research Center KEK.
MICS Authentication Profile Maintenance & Update Presented for review and discussion to the TAGPMA On 1May09 by Marg Murray.
NIIF CA Status Update and Self-Audit Results 15 th EUGridPMA meeting Nicosia Tamás Máray NIIF Institute.
Baltic Grid Certification Authority 15th EUGridPMA, January 28th 2009, Nicosia1 Self-audit Hardi Teder EENet.
PKI for improved cybersecurity in NATO Partner countries Software Arsen Hayrapetyan, ArmeSFo CA.
TR-GRID CA Self-Auditing Results and Status Update EUGridPMA Meeting September 12-14, 2011 Marrakesh Feyza Eryol, Onur Temizsoylu TUBITAK-ULAKBIM
HKU Computer Centre Grid Certificate Authority Status Update Lilian Chan IT Services, The University of Hong Kong APGrid.
FP6−2004−Infrastructures−6-SSA [ Empowering e Science across the Mediterranean ] Rome, Tutorial for Certification Authority Managers,
BG.ACAD CA HTTP :// CA. ACAD. BG S ELF - AUDIT REPORT 2014 Vladimir Dimitrov IICT-BAS ( 32 nd EUGridPMA Meeting Poznan, 8-10.
18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.
Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )
Feyza Eryol TÜBİTAK ULAKBİM TR-GRID CA SELF-AUDIT & UPDATES.
UGRID CA Self-audit report Sergii Stirenko 21 st EUGRIDPMA Meeting Utrecht 24 January 2011.
HellasGrid CA self Audit. In general We do operations well Our policy documents need work (mostly to make the text clearer in a few sections) 2.
News from EUGridPMA EGI OMB, 22 Jan 2013 David Kelsey (STFC) Using notes from David Groep 22/01/20131EUGridPMA News.
29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.
DOEGrids Audit Report Michael Helm 1 Networking for the Future of Science Energy Sciences Network Lawrence Berkeley National Laboratory 10 May 2009.
TNGrid CA 24 th EUGridPMA meeting Ljubljana, Slovenia, January, 2012 Heithem ABBES Mohamed JEMNI
H I A S T HIAST GRID CA 21 th EUGridPMA meeting Utrecht, January, 2011 Ghassan SABA Houssam ABED
IRAN-GRID Certificate Authority 13 th EUgridPMA Meeting Copenhagen May 2008 Majid Arabgol Hessamdding Arfaei Shahin Rouhani
Self-Audit & Status Report for KEK GRID CA Hiroyuki Matsunaga KEK (High Energy Accelerator Research Organization), Computing Research Center APGridPMA.
PKGrid CA Self-Audit 2012 Adeel-ur-Rehman Mansoor Sheikh.
IRAN-GRID CA Self Audit IRAN-GRID CA Self Audit Report Shahin Rouhani IRAN-GRID Tehran Iran Shahin Rouhani Grid Computation Group IPM, Tehran, Iran May.
Alternative Governance Models for PKI
Jens Jensen EU Grid PMA, Berlin Jan 2015
OGF PGI – EDGI Security Use Case and Requirements
AEGIS Certification Authority
Classic X.509 AP updates (v4.1)
UGRID CA Sergii Stirenko, Oleg Alienin
Guidelines for auditing Grid CAs
HellasGrid CA & euGridPMA
USOAP Continuous Monitoring Approach (CMA) Workshop
CERN Certificates platform Emmanuel Ormancey / Anatoly Gladkov
MaGrid CA Self audit and update
NATIONAL CENTRE FOR PHYSICS PK-Grid-CA
Emir Imamagić University Computing Centre (Srce)
Bill Yau HKU Grid Certificate Authority (HKU Grid CA) Self Audit & Status Report Bill Yau
MyIFAM CA Self-Audit Report APGridPMA F2F Meeting 1/4/2019
HKU Grid Certificate Authority (HKU Grid CA) CP/CPS Reviewer’s Comments Bill Yau
KISTI CA Report Status & Self-Audit
National Trust Platform
Presentation transcript:

BG.ACAD CA http://ca.acad.bg Self-audit report 2018 Vladimir Dimitrov vgd@acad.bg IICT-BAS (www.iict.bas.bg) 44th EUGridPMA Meeting Toulouse, 24-26 Sep 2018 (9 slides)

44th EUGridPMA Meeting, Toulouse, 24-26 Sep 2018 BG.ACAD CA Overview (1) BG.ACAD CA is member since 5.03.2007 Serves academic community in Bulgaria Located in Sofia, IICT-BAS Implementation, simple: Online CA based on Scientific Linux 6.9 and Apache. Offline Signing machine with recent FreeBSD, OpenSSL and some own developed scripts. Issued 1021 certificates since 2007: Personal: 507 Hosts: 513 Services (robot): 1 Revoked certificates: 21 Currently valid certificates (total): 65 bot 44th EUGridPMA Meeting, Toulouse, 24-26 Sep 2018

44th EUGridPMA Meeting, Toulouse, 24-26 Sep 2018 BG.ACAD CA Overview (2) Current CP/CPS revision: 1.2, OID: 1.3.6.1.4.1.26646.1.3.1.1.2 TACAR member since Jan 2013 Since 5 May 2014 all new EE certificates are hashed with SHA-256. The last SHA-1 certificate expired in Jan 2015. CRL is hashed with SHA-256. In 2016 the root certificate was extended to 2027, also hashed with SHA-256, same private key. The Online CA machine has full IPv6 support. CA staff members: 3 RAs: 10 people from 3 cities and 9 institutions in Bulgaria. 44th EUGridPMA Meeting, Toulouse, 24-26 Sep 2018

44th EUGridPMA Meeting, Toulouse, 24-26 Sep 2018 Self-audit The previous self-audit was presented during the 32nd meeting in Poznan, Sep 2014 and was approved in 36th meeting, Bratislava, Jan 2016. The current Self-audit was done in accordance with the Guidelines for auditing Grid CAs version 1.1, 2010 and OGF GFD.169 document. Audit dates: 17-20 Sep 2018 Reviewers: TBD Summary: A: 66 Good. B: 0 Recommendation (minor change) C: 0 Recommendation (major change) D: 0 Advice (must change) X: 0 Could not evaluate (N/A) 44th EUGridPMA Meeting, Toulouse, 24-26 Sep 2018

44th EUGridPMA Meeting, Toulouse, 24-26 Sep 2018 Pre-examination CP/CPS – yes, in repository Relevant IGTF Authentication Profile(s) - yes Manuals for subscribers – yes, in repository Operational manuals – yes, available for the CA members CA Repository (e.g. Web site) - yes , http://ca.acad.bg CA Certificate – yes, in repository CRL – yes, in repository End entity certificates – yes, in repository HSM manual – N/A, offline signing machine. Any other document described as published in the repository in the CP/CPS – yes, EE statement, user guide. Any other document available for the auditors: EE declarations and evidences for user employment – yes, on papers. 44th EUGridPMA Meeting, Toulouse, 24-26 Sep 2018

44th EUGridPMA Meeting, Toulouse, 24-26 Sep 2018 Main examination (1) CA room for Online CA machine: located in IICT-BAS, in the main NOC of Bulgarian NREN (BREN). Restricted access, CCTV, fire alarm system. CA room for Offline CA signing machine: located in IICT-BAS inside the main academic HPC and data center. Access with personal RFID cards and keys, CCTV, 24/7 surveillance, fire alarm system. The removable hard disks of the machine are locked in a dedicated safe box. HSM – not present. Backup media of the CA private key – Yes. Burned on a CD-R and locked in a dedicated safe box on another floor in IICT-BAS. Offline media (sealed envelope) which contains a pass phrase of the CA private key – Yes. In the same safe box as above. But we haven’t another dedicated safe box for now. 44th EUGridPMA Meeting, Toulouse, 24-26 Sep 2018

44th EUGridPMA Meeting, Toulouse, 24-26 Sep 2018 Main examination (2) Media storage of archived logs and other documents and their place – Yes, the logs of offline CA are included in the full backups on 2 flash cards in a dedicated safe box. End entity certificates (if not available for the pre-examination), including issuance activities – Yes, in the repository. Logs of the CA/RA servers – No, there are no such servers. Logs of the CA repository (e.g. Web server) - Yes, on the server and included in the regular backups on a dedicated separated storage array. Records of operation of the CA private key (including accesses to the HSM) – Yes. Access log to the CA room – Yes. In the central security system. Based on the personal RFID cards usage. Any other documents (e.g. daily report of the CA operators) – No. 44th EUGridPMA Meeting, Toulouse, 24-26 Sep 2018

44th EUGridPMA Meeting, Toulouse, 24-26 Sep 2018 Auditing Checklist There are 66 A scores (all good). Some difficulties when using the proposed Excel file for RFC 3647. This file: https://wiki.eugridpma.org/pub/Main/AssuranceAssessment/IGTF-CAs-Auditing_v1.xlsx So I read the relevant texts and decided if we did them. 44th EUGridPMA Meeting, Toulouse, 24-26 Sep 2018

44th EUGridPMA Meeting, Toulouse, 24-26 Sep 2018 Additional changes Perhaps chapter 9.4 will need to be slightly modified according to GDPR. But long time ago it was very Jesuitical written and should not have a problem now. End of Self-Audit Questions? Vladimir Dimitrov, vgd@acad.bg 44th EUGridPMA Meeting, Toulouse, 24-26 Sep 2018

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.