This document provides a detailed template for the wording and information that organizations will need to follow the standard Public Key Infrastructure Certificate Policy format, as defined in RFC 3647.
This certificate policy (CP) template provides the wording and information needed for organizations to follow the standard Public Key Infrastructure (PKI) CP format defined in RFC 3647; however, this CP does not cover all the standard CP topics in the same way that a traditional PKI CP would cover them. Instead, it addresses each topic as it relates to the security model and explains the differences between a traditional PKI security model and the federation management organization (FMO) security model where necessary. The document first provides an overview of the CP contents, purposes, and logic, including sections on PKI participants, certificate usage, policy administration, and definitions of terms. The subsequent chapters cover the following topics: publication and repository responsibilities; identification and authentication; certificate life-cycle operational requirements; facility, management, and operational controls; technical security controls; certificate, CRL, and OCSP profiles; compliance audits and other assessments; other business and legal matters; and an appendix provides the document history.