Presentation is loading. Please wait.

Presentation is loading. Please wait.

Guidelines for auditing Grid CAs

Published byBartholomew Young Modified over 6 years ago

Similar presentations

Presentation on theme: "Guidelines for auditing Grid CAs"— Presentation transcript:

1 Guidelines for auditing Grid CAs
Yoshio Tanaka AIST, Japan

2 background APGrid PMA is doing external (mutual) audit.
The purpose of auditing is to improve CA operation NAREGI has subjectively selected audit items from the WebTrustTM Criteria based on the minimum CA requirements. It would be helpful to have documentation which justifies the choices describes the detailed procedures of auditing e.g. how each item should be verified? by document review, interview, or inspection ?

3 Proposed contents (1/4) Introduction Audit checklist
describes audit items and justifies them. Procedures of auditing Pre examination: static review of documents (~weeks) CP/CPS Manuals for subscribers (e.g. enrollment manual) Operational manuals (for CA operators) CA repository checks whether all documents described as “published on the repository” in the CP/CPS are available CA Certificate CRL End entity certificates HSM manual (or appropriate web site) As a result of pre-examination, an auditor prepares score sheets and figures out issues need to be interviewed.

4 Proposed contents (2/4) Procedures of auditing (cont’d)
Main examination: interview & inspection (half day) interview (~ 3 hours) All issues which were not clarified by static review will be interviewed to the CA operators. An auditor especially interested in How the CA private key is protected (including access control to the CA room). Enough events have been recorded? Flow chart of issuing end entity certificates. (1) generate a key pair (2) send a CSR (3) RA verifies the end entity (4) RA communicates with the CA (5) CA issues an end entity certificate (6) the end entity obtains her/his certificate

5 Proposed contents (3/4) Procedures of auditing (cont’d)
Main examination: interview & inspection (half day) (cont’d) inspection (~ 1 hour) All archived logs CA system log s records of how the RA verified end entities Facilities, devices CA room (how the access is controlled) CA server (including network connection) RA server Repository (web) server HSM backup media a safe box

6 Proposed contents (4/4) Procedures of auditing (cont’d)
Post examination: draft report Send the report to the CA The CA is requested to send a report which describes plans (including schedule) for the improvements.

7 Plans for drafting NGO/Singapore uses a commercial CA (Netrust Inc.)
Netrust agreed to publish their audit report. confidential and available only for APGrid PMA auditors I’ll review the audit report, then draft this document. PROMISE to draft by the next GGF in Tokyo 

8 a question How to justify the audit checklist
audit items were subjectively selected from WebTrustTM criteria based on the minimum CA requirements. Does ‘justify’ mean to justify the minimum CA requirements?

Download ppt "Guidelines for auditing Grid CAs"

Similar presentations

Updates of the APGrid PMA Catania March 3, 2009 Yoshio Tanaka APGridPMA Chair, AIST, Japan.

Updates of the APGrid PMA Catania March 3, 2009 Yoshio Tanaka APGridPMA Chair, AIST, Japan.
Status of Auditing Guidelines Document Oct. 15 Yoshio Tanaka, AIST.

Status of Auditing Guidelines Document Oct. 15 Yoshio Tanaka, AIST.
Tips to a Successful Monitoring Visit

Tips to a Successful Monitoring Visit
APGrid PMA Face-to-Face Meeting NCHC CA Weicheng Huang National Center for High-performance Computing April 8, 2008.

APGrid PMA Face-to-Face Meeting NCHC CA Weicheng Huang National Center for High-performance Computing April 8, 2008.
1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March 08 2008.

1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.

CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
By Waqar Hussaian International Islamic university Islamabad.

By Waqar Hussaian International Islamic university Islamabad.
National Institute of Advanced Industrial Science and Technology Proposals for auditing Yoshio Tanaka Grid Technology Research.

National Institute of Advanced Industrial Science and Technology Proposals for auditing Yoshio Tanaka Grid Technology Research.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Federation of Campus PKI and Grid PKI for Academic GOC Management Conformable to APGrid PMA National Institute of Informatics, JAPAN Toshiyuki Kataoka,

Federation of Campus PKI and Grid PKI for Academic GOC Management Conformable to APGrid PMA National Institute of Informatics, JAPAN Toshiyuki Kataoka,
EMS Auditing Definitions

EMS Auditing Definitions
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
D. Keane June 20051 Internal Quality Audits (4.14) -ISO 15189 Requirements for Internal Audits -The Audit Process -Templates for Meeting Requirements.

D. Keane June Internal Quality Audits (4.14) -ISO Requirements for Internal Audits -The Audit Process -Templates for Meeting Requirements.
Compliance Monitoring Audit Tutorial Version 1.0 April 2013.

Compliance Monitoring Audit Tutorial Version 1.0 April 2013.
Computing Research Center, High Energy Accelerator Organization (KEK) KEK Grid CA Go Iwai The 2 nd APGrid PMA Meeting at Osaka Univ.

Computing Research Center, High Energy Accelerator Organization (KEK) KEK Grid CA Go Iwai The 2 nd APGrid PMA Meeting at Osaka Univ.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, 15 2006 Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
Study Circle 4 October 2009 SA 230 - Documentation.

Study Circle 4 October 2009 SA Documentation.
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

Similar presentations

Ads by Google