CYB_300_4-4
.docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
300
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
3
Uploaded by JusticeJellyfishPerson10226
CA Server Root Certificate Requirements Checklist (CA-1)
CYB 300
2023 November 19
Requirements
•
Identify information systems that support organizational missions/business functions
•
Identify and select the following types of information system accounts that support
organizational missions/business functions: [
administrative, service
]
•
Identify authorities from each department for root certificate assignment approval
•
Secure protocols used, TLS v1.2
•
Client renegotiation disabled
•
Account notification to CA authorities:
•
When user or system accounts are terminated
•
When individual information system usage changes
•
When account inactivity is for a period of 90 days
•
Authorize root certificate assignment for information systems based on:
•
A valid access authorization
•
Other attributes as required by the organization or associated
missions/business functions
•
Automatic Certificate Revocation and some of the following reasons
•
Superseded: This is used when there has been a change in the information
associated with the user.
•
KeyCompromise: This is when both the certificate and private key have been
compromised.
•
CertificateHold: This refers to a temporary suspension or revocation of a
certificate.
•
AffiliationChanged: This is invoked when an employee's certificate is revoked
upon leaving the company.
•
PrivilegeWithdrawl: This is utilized to revoke the privileges of an employee.
•
Unspecified: This is used as a default revocation reason when no specific reason
is provided.
•
The PKI encryption that will be used is the following.
a.We will use PKI for symmetrical and asymmetrical encryption for the messages.
•
The recommended duration for certification validity should be one to three years,
with a maximum limit of five years.
CA-1 Root Certificate Requirements
Requirements
Support organizational missions: <
IT defined
>
Parameter CA-1(D): <
IT-defined transport layer security>
Parameter CA-1(E): <
IT-defined client renegotiation policy>
Implementation Status (check all that apply):
☒
Implemented
☐
Partially implemented
☐
Planned
☐
Alternative implementation
☐
Not applicable
Control Origination (check all that apply):
☐
Organization
☒
IT system specific
Hybrid (organization and IT system specific)
Control Overview
Part
Description
Part A
<
The IT department will be responsible for identifying and selecting the types of accounts
required to support the application. Examples of account types include individual, shared,
group, system, guest/anonymous, emergency, developer/manufacturer/vendor, temporary,
and service. A successful control response will need to address the specific requirements
fulfilled by each account type in use.>
Part B
<
The IT department will be responsible for select information systems, and who will have
responsibilities related to the management and maintenance. A successful control response
will need to discuss how information systems are defined within the organization.
>
Part C
<
The IT department will be responsible for identification of individuals responsible for CA
assignment approval. A successful control response will need to identify the person
responsible for CA assignments.
>
Part D
<
The IT department will be responsible for identifying the transport layer security. A
successful control response will need to ensure that the proper communication security is in
place.
>
Part E
<
The IT department will be responsible for verifying that the certificate renegotiation is
disabled from the client machine. The certificate renegotiation will be initiated only from the
server. A successful control response will need to identify that a policy is in place to be
audited and maintained.
>
Part F
<
The IT department will be responsible for defining the role of an individual to be notified if
any criterion [a, b, or c] is met. A successful control response will identify the individuals and
procedures used to enforce those conditions.
>
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help