9.2 System Entity Credentials and Private Keys

In TAS³, services and other system entities are identified using X509 digital certificates. They are used in TLS connections for authentication using Client TLS and they are used for digital signatures.

Responsible management of the private keys associated with the digital certificates is the corner stone of TAS³ accountability and liability framework. Your organization will be held responsible for all actions performed using your private keys.

1. Which certification authority do you use for issuance of certificates? (if selfissued, indicate who in your organization is responsible)

   _________________________________

2. How do you generate private key and certification request?

   _________________________________

3. What measures are in place to ensure that the private key remains confidential during generation, certificate issuance, and installation process? How do you know that no copy is left on any device (e.g. USB stick of a consultant) used to handle the private key?

   _________________________________

4. What backup arrangements do you have for the private key and how are they kept confidential?

   _________________________________

5. Once installed on a server, how do you ensure confidentiality of the private key? (tick all that apply)

   1. (__) Private key protected by hardware token

   2. (__) Password required for each use of private key

   3. (__) Password required for first use after reboot

   4. (__) Filesystem permissions

   5. (__) No root or administration access over the network. For example if you have configured sudo(8) so that no user is unlimited root and only appropriate process has access to the private key.

   6. (__) All system administrators are authorized to access the private key

   7. Other: _________________________________

6. If private key could be stored in a jump start, kick start, or backup image, what confidentiality measures are in place to protect such images? _________________

7. Do you track or register who is authorized to access private keys?

   How: _____________________________

   Are there written records? ____________

8. Do you track or register who has system administration access to servers, especially if not all sysadms are authorized to access private keys?

9. Do all those who are authorized to access private keys or who could have access to the private keys (e.g. sysadms) go through training on private keys and sign a confidentiality undertaking regarding them? __________