RAPIDPIV-I Credential Service Certification Practice Statement Redacted

Transcription

1 James D. Campbell Digitally signed by James D. Campbell DN: c=us, cn=james D. Campbell Date: :45:03-07'00' RAPIDPIV-I Credential Service Certification Practice Statement Redacted Key Information: Page 1 of 97 Formal title: Eid Passport, Inc. RAPIDPIV-I Credential Issuing and Management Service X.509 Certification Practice Statement - Redacted Principal Policy OID: { iso (1) org (3) dod (6) internet (1) private (4) enterprise (1) eidpassportinc (38948) eidpma (2) eidpolicies (1) eidrapidpiv-i (1) } URL Filename Eid Passport RAPIDPIV-I CPS v1.2-redacted.pdf Responsible authority: Eid Passport Policy Management Authority (EPMA) Version: Redacted Release; v 1.2

2 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Effective date: April 2014; Classification / Distribution Point-of-Contact: Company confidential / Hosting on Eid Passport website for public release Eid Passport Eid Policy Management Authority 5800 NW Pinefarm Pl, Hillsboro, OR United States of America [email protected] phone: Page 2 of 97

3 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement This page intentionally devoid of useful information Page 3 of 97

4 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted APPROVALS Each formal release of this Certification Practice Statement (CPS) requires approval by the Eid Passport Policy Management Authority. Approval control: Version identification has three levels requiring the approval authority identified below according to level. Version identification is a simple integer sequencing at each level. Version: A formal release of this CPS which has a significant policy change requiring a vote by the EPMA to approve; Sub-version: A formal release of this CPS which has a no significant policy change and therefore does NOT require a vote by the EPMA to approve; Draft: A draft of this CPS intended for review and/or recommendation as the next formal release. When the identification at a given level is incremented all subordinate levels revert to zero. Only the first two levels need be shown in formal releases (level three is by default zero in any formal release). During the drafting of revisions this record records all draft versions and their approvals until such time as a formal release is approved. Records of ALL past drafting releases are preserved within the EPMA for archival purposes. On its effective date a formal version of this CPS becomes the applicable version of the policy for all operational purposes and supersedes all previous versions which thereby become redundant. The EPMA preserves records of all past versions. Approval authorities: Top-level: Second level: Third level: Approval record: Eid Passport PMA; As top-level; Author / Editor for informal PMA member and development / editorial team review. Version Approval date Summary of Changes Initial Rough Draft Draft Ready for Compliance Audit Final Compliance Audit Draft Official Version Draft to update minor details Sync with updated CP Page 4 of 97

5 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement CONTENTS 1 INTRODUCTION Overview Certificate Policy Relationship between this CPS and the CP Scope Document Name and Identification Certificate Policy Name Object Identifiers (OIDs) PKI Participants PKI Authorities Eid Passport Card Management System (CMS) Registration Authority (RA) Subscribers Organizational Affiliation Relying Parties Other Participants Applicability Certificate Usage Appropriate Certificate Uses Prohibited Certificate Uses Policy Administration Organization Administering this Document Contact Person Person Determining CPS Suitability for the Policy Eid Passport RAPIDPIV-I PKI CPS Approval Procedures Waivers Definitions and Acronyms PUBLICATION AND PKI REPOSITORY RESPONSIBILITIES PKI Repositories Repository Obligations Publication of Certificate Information Publication of CA Information Interoperability Time or Frequency of Publication Access Controls on PKI Repositories IDENTIFICATION AND AUTHENTICATION Naming Page 5 of 97

6 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Types of Names Need for Names to be Meaningful Anonymity or Pseudonymity of Subscribers Rules for Interpreting Various Name Forms Uniqueness of Names Recognition, Authentication, and Role of Trademarks Name Claim Dispute Resolution Procedure Initial Identity Validation Method to Prove Possession of Private Key Authentication of Organization Identity Authentication of Individual Identity Authentication of Component Identities Non-verified Subscriber Information Validation of Authority Criteria for Interoperation Identification and Authentication for Re-Key Requests Identification and Authentication for Routine Re-Key Identification and Authentication for Re-Key After Revocation Identification and Authentication for Revocation Request CERTIFICATE LIFE-CYCLE OPERATIONAL REQUIREMENTS Certificate Application Submission of Certificate Application Enrolment Process and Responsibilities Certificate Application Processing Performing Identification and Authentication Functions Approval or Rejection of Certificate Applications Time to Process Certificate Applications Certificate Issuance CA Actions During Certificate Issuance Notification to Subscriber of Certificate Issuance Certificate Acceptance Conduct Constituting Certificate Acceptance Publication of the Certificate by the CA Notification of Certificate Issuance by the CA to other Entities Key Pair and Certificate Usage Subscriber Private Key and Certificate Usage Relying Party Public Key and Certificate Usage Certificate Renewal Circumstance for Certificate Renewal...31 Page 6 of 97

7 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Who May Request Renewal Processing Certificate Renewal Requests Notification of New Certificate Issuance to Subscriber Conduct Constituting Acceptance of a Renewal Certificate Publication of the Renewal Certificate by the CA Notification of Certificate Issuance by the CA to other Entities Certificate Re-Key Circumstance for Certificate Re-Key Who may Request Certification of a New Public Key Processing Certificate Re-Keying Requests Notification of new Certificate Issuance to Subscriber Conduct Constituting Acceptance of a Re-Keyed Certificate Publication of the Re-Keyed Certificate by the CA Notification of Certificate Issuance by the CA to Other Entities Certificate Modification Circumstance for Certificate Modification Who may Request Certificate Modification Processing Certificate Modification Requests Notification of New Certificate Issuance to Subscriber Conduct Constituting Acceptance of Modified Certificate Publication of the Modified Certificate by the CA Notification of Certificate Issuance by the CA to Other Entities Certificate Revocation and Suspension Circumstances for Revocation Who can Request Revocation Procedure for Revocation Request Revocation Request Grace Period Time Within Which the CA Must Process the Revocation Request Revocation Checking Requirement for Relying Parties CRL Issuance Frequency Maximum Latency for CRLs On-Line Revocation/Status Checking Availability On-Line Revocation Checking Requirements Other Forms of Revocation Advertisements Available Special Requirements Related to Key Compromise Circumstances for Suspension Page 7 of 97

8 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Who can Request Suspension Procedure for Suspension Request Limits on Suspension Period Certificate Status Services Operational Characteristics Service Availability Optional Features End of Subscription Key Escrow and Recovery Key Escrow and Recovery Policy and Practices Session Key Encapsulation and Recovery Policy and Practices FACILITY, MANAGEMENT, AND OPERATIONAL CONTROLS Physical Controls Site Location and Construction Physical Access Power and Air Conditioning Water Exposures Fire Prevention and Protection Media Storage Waste Disposal Off-Site Backup Procedural Controls Trusted Roles Number of Persons Required Per Task Identification and Authentication for Each Role Roles Requiring Separation of Duties Personnel Controls Qualifications, Experience, and Clearance Requirements Background Check Procedures Training Requirements Retraining Frequency and Requirements Job Rotation Frequency and Sequence Sanctions for Unauthorized Actions Independent Contractor Requirements Documentation Supplied to Personnel Audit Logging Procedures Types of Events Recorded Frequency of Processing Audit Logs...48 Page 8 of 97

9 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Retention Period for Audit Logs Protection of Audit Log Audit Log Backup Procedures Audit Collection System (Internal vs. External) Notification to Event-Causing Subject Vulnerability Assessments Records Archival Types of Records Archived Retention Period for Archive Protection of Archive Archive Backup Procedures Requirements for Time-Stamping of Records Archive Collection System (Internal vs. External) Procedures to Obtain and Verify Archive Information Key Changeover Compromise and Disaster Recovery Incident and Compromise Handling Procedures Computing Resources, Software, and/or Data are Corrupted Private Key Compromise Procedures Business Continuity Capabilities after a Disaster CA, CMS, CSA, or RA Termination TECHNICAL SECURITY CONTROLS Key Pair Generation and Installation Key Pair Generation Private Key Delivery to Subscriber Public Key Delivery to Certificate Issuer CA Public Key Delivery to Relying Parties Key Sizes Public Key Parameters Generation and Quality Checking Key Usage Purposes Private Key Protection and Cryptographic Module Engineering Controls Cryptographic Module Standards and Controls Private Key Multi-Person Control Private Key Escrow Private Key Backup Private Key Archival Private Key Transfer Into or From a Cryptographic Module Page 9 of 97

10 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Private Key Storage on Cryptographic Module Method of Activating Private Key Method of Deactivating Private Key Method of Destroying Private Key Cryptographic Module Rating Other Aspects of Key Pair Management Public Key Archival Certificate Operational Periods and Key Pair Usage Periods Activation Data Activation Data Generation and Installation Activation Data Protection Other Aspects of Activation Data Computer Security Controls Specific Computer Security Technical Requirements Computer Security Rating Life-Cycle Technical Controls System Development Controls Security Management Controls Life-Cycle Security Controls Network Security Controls Time-Stamping CERTIFICATE, CRL, AND OCSP PROFILES Certificate Profile Version Numbers Certificate Extensions Algorithm Object Identifiers Name Forms Name Constraints Certificate Policy Object Identifier Usage of Policy Constraints Extension Policy Qualifiers Syntax and Semantics Processing Semantics for the Critical Certificate Policies Extension CRL Profile Version Numbers CRL and CRL Entry Extensions OCSP Profile Version Numbers OCSP Extensions COMPLIANCE AUDIT AND OTHER ASSESSMENTS Page 10 of 97

11 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement 8.1 Frequency or Circumstances of Assessments Identity and Qualifications of Assessor Assessor's Relationship to Assessed Entity Topics Covered by Assessment Actions Taken as a Result of Deficiency Communication of Results OTHER BUSINESS AND LEGAL MATTERS Fees Certificate Issuance or Renewal Fees Certificate Access Fee Revocation or Status Information Access Fees Fees for Other Services Refund Policy Financial Responsibility Insurance Coverage Other Assets Insurance or Warranty Coverage for End-Entities Confidentiality of Business Information Privacy of Personal Information Intellectual Property Rights Property Rights in Certificates and Revocation Information Property Rights in the CP and this CPS Property Rights in Names Property Rights in Keys Representations and Warranties The RAPIDPIV-I CA Representations and Warranties Subscribers Relying Parties Affiliated Organizations Other Participants Disclaimers of Warranties Limitations of Liabilities Indemnities Indemnification by Relying Parties and Subscribers Term and Termination Term Termination Effect of Termination and Survival Individual Notices and Communications with Participants Amendments Procedure for Amendment Page 11 of 97

12 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Notification Mechanism and Period Dispute Resolution Provisions Disputes between Eid Passport and Third Parties Alternate Dispute Resolution Provisions Compliance with Applicable Law Miscellaneous Provisions Entire Agreement Assignment Severability Waiver of Rights Force Majeure Other Provisions CERTIFICATE, CRL, AND OCSP FORMATS eidrootca Certificate (Trust Anchor) RAPIDPIV-I CA Certificate RAPIDPIV-I Principle CA to CBCA Certificate Subscriber Identity Certificate Subscriber Signature Certificate Subscriber Encryption Certificate eidpiv-i Card Authentication Certificate eidpiv-i Content Signer Certificate Device or Server Certificate OCSP Responder Certificate CRL Format Full and Complete CRL Distribution Point Based Partitioned CRL OCSP Request Format OCSP Response Format Extended Key Usage PIV-I CMS REQUIREMENTS INTEROPERABLE SMART CARD DEFINITION BIBLIOGRAPHY ACRONYMS GLOSSARY Page 12 of 97

13 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Figure 1 OID Architecture Figure 2 - Eid Passport PKI Architecture Page 13 of 97

14 1 INTRODUCTION RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted This document is Eid Passport s Certification Practice Statement (CPS) for its RAPIDPIV-I Credential Issuance and Management Service Public Key Infrastructure (hereafter RAPIDPIV-I PKI ). As such, the practices found in this CPS is used along with the RAPIDPIV-I Certificate Policy (CP) (hereafter known as the CP ) to govern and run the RAPIDPIV-I PKI. The policies in the CP represent five different assurance levels: Medium Medium-CBP PIV-I Medium-Hardware Medium-CBP-Hardware This CPS conforms to the Internet Engineering Task Force s (IETF) RFC 3647, Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practice Statement Framework of RFC The structure of sections 1 to 9 inclusive of this CPS follow the Outline of a Set of Provisions defined in section 6 of RFC 3647 and additional sections are appended thereafter in order to convey additional necessary information. 1.1 Overview Certificate Policy The RAPIDPIV-I certificate policy object identifiers (OIDs) correspond to specific assurance levels established by the RAPIDPIV-I CP, and are available to Relying Parties. Certificates issued under the policies in the CP assert the appropriate level of assurance. The RAPIDPIV-I PKI encompasses the entire lifecycle of certificate issuance including Subscriber registration, credential issuance and credential revocation, and this CPS gives the high level practices for managing and operating this PKI Relationship between this CPS and the CP This CPS documents the practices for certificate assurance policies stated in the RAPIDPIV-I CP, thus giving any Relying Party confidence that the certificate they are presented with may be trusted. This RAPIDPIV-I CPS puts in practice the policy requirements stated in the CP Scope The RAPIDPIV-I PKI is a Trust network that its Subscribers and Relying Parties may use to provide interoperability with Federal Government entities. The RAPIDPIV-I CA issues PIV-I certificates only to properly identified and vetted Subscribers. The certificates issued by the RAPIDPIV-I CA meet all requirements of PIV-I laid out in FIPS 201 and the Personal Identity Verification Interoperability For Non- Federal Issuers (Issued by the Federal CIO Council in May 2009), as well as the CertiPath X.509 Certificate Policy v3.24 November 19, This CPS documents the specific practices the RAPIDPIV-I PKI follows when issuing those certificates. 1.2 Document Name and Identification Certificate Policy Name This document adopts the Formal name given on the cover page. It is also be referred-to by citing any OID from section in the CP or by being called by the specific policy title in that Section, in which case the applicable policy is only the scope of that one explicitly identified Object Identifiers (OIDs) OIDs defined within the CP are subordinate to Eid Passport s IANA-registered Private Enterprise Number (IANA-PEN-arc) and are found in section of the RAPIDPIV-I CP. Page 14 of 97

15 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement IANA-PEN-arc eidpassport-inc eidpma ::= { iso (1) org (3) dod (6) internet (1) private (4) enterprise (1) } ::= { IANA-PEN-arc } Ref. ::= { EID-Passport-Inc 2 } OIDs defined in the RAPIDPIV-I CP follow. eidrootca ::= { eidpma 0 } eidpma-policies ::= { eidpma 1 } eidrapidpiv-i ::= { eidpma-policies 1 } eidmediumsw ::= { eidrapidpiv-i 1 } eidmediumhw ::= { eidrapipiv-i 2 } eidmediumcbpsw ::= { eidrapidpiv-i 4 } eidmediumcbphw ::= { eidrapidpiv-i 5 } eidpiv-i-hw ::= { eidrapidpiv-i 7 } eidpiv-i-cardauthn ::= { eidrapidpiv-i 8 } eidpiv-i-contsign ::= { eidrapidpiv-i 9 } Page 15 of 97

16 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Unless otherwise stated, a requirement stated in the CP applies to all Assurance Levels. The following page shows these OIDs in a hierarchical manner. Page 16 of 97

17 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Figure 1 OID Architecture Page 17 of 97

18 1.3 PKI Participants RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted This section documents the requirements for the various roles used in the RAPIDPIV-I PKI. Throughout this CPS when the CPS refers to the term RAPIDPIV-I PKI generally the components alluded to in this label include the CA(s) CSA and CMS. Where the term has more limited scope, the specific components will be called out PKI Authorities Eid Passport Policy Management Authority The EPMA has the following general responsibilities, in accordance with the further terms of the EPMA Charter: Maintenance and Approval of the RAPIDPIV-I CP, its associated (this) CPS, its Key Recovery Practice Statement (KRPS), its Registration Authority Practice Statement (RPS), various Standard Operating Procedures (SOP), other associated documentation, and any revisions to these documents; and Maintaining Cross-Certification compliance with the CertiPath Bridge CA (CBCA) A complete description of EPMA roles and responsibilities is provided in the EPMA Charter Eid Passport Operational Authority (OA) The Eid Passport OA is responsible for operating the RAPIDPIV-I CAs in a manner commensurate with the practices in this CPS. This work includes the following: a. Issuing certificates; b. Revoking certificates; c. Issuing periodic Certificate Revocation Lists (CRL); d. Making CRLs available by Lightweight Directory Access Protocol (LDAP) and/or Hypertext Transfer Protocol (HTTP) as directed in later sections of this CPS; and e. Managing the Key Escrow Database (KED) and requests for escrowed private keys Eid Passport Operational Authority Manager The Eid Passport PKI Program Manager is also the Operational Authority Manager and is the individual within Eid Passport who has principal responsibility for overseeing the proper operation of the RAPIDPIV-I CAs including the RAPIDPIV-I PKI Repository, as well as the Card Management System (CMS) and who oversees appointment of the Operational Authority Staff RAPIDPIV-I Root CA The RAPIDPIV-I eidrootca is the Root CA that issues a self-signed certificate and exchanges certificates with the CBCA, as well as issues certificates to the RAPIDPIV-I PKI CAs RAPIDPIV-I Signing CA The Signing CA associated with the CP is the Eid RAPIDPIV-I CA. It only issues certificates to End-Entities; it does not issue certificates to other CAs. As operated by the OA, the RAPIDPIV-I CA is responsible for all aspects of the issuance and management of end-entity certificates as required by the CP, including the following: a. Control over the registration process; b. The identification and authentication process; Page 18 of 97

19 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement c. The certificate manufacturing process; d. The publication of certificates; e. The revocation of certificates; and f. Ensuring that all aspects of the services, operations, and infrastructure related to certificates issued under the CP are performed in accordance with the requirements, representations, and warranties of the CP Principal Certification Authority (PCA) A PCA is a CA within a PKI that has been designated to interoperate directly with an external domain CA (i.e., through the exchange of Cross-Certificates) and perform the role of certifying CA applications for crosscertification as per 4.1, as applicable. The eidrootca is the Eid Passport Root CA and the only PCA in the RAPIDPIV-I PKI. Its sole PCA functions is to enable cross-certification with the CertiPath Bridge Certification Authority (CBCA) and sign the RAPIDPIV- I CA certificate. As operated by the RAPIDPIV-I OA, the eidrootca (in its PCA capacity) is responsible for all aspects of the issuance and management of Cross-Certificates issued to the CBCA, including the following: a. Control over the registration process; b. The identification and authentication process; c. The Cross-Certificate manufacturing process; d. The publication of Cross-Certificates; e. The revocation of Cross-Certificates; and f. Ensuring that all aspects of the services, operations, and infrastructure related to Cross-Certificates issued under the CP are performed in accordance with the requirements, representations, and warranties of the CP Certificate Status Authority (CSA) A CSA is an authority that provides status of certificates or certification paths. CSAs can be operated in conjunction with the CAs or independent of the CAs. Examples of CSAs include the following: a. Online Certificate Status Protocol (OCSP) Responders that provide revocation status of certificates; or b. Simple Certificate Validation Protocol (SCVP) Servers that validate certification paths or provide revocation status checking services. OCSP Responders that are keyless and simply repeat responses signed by other Responders and SCVP Servers that do not provide certificate validation services adhere to the same security requirements as Repositories. As the RAPIDPIV-I CA issues certificates at the eidpiv-i Assurance Levels, it provides an OCSP Responder. Furthermore, this OCSP Responder is issued a CA-delegated certificate in order to ensure interoperability with Relying Parties. The eidrootca does not provide certificate Status information via OCSP, and therefore does not provide an OCSP Responder Eid Passport Card Management System (CMS) A CMS is responsible for managing smart card token content. In the context of this CPS, the Eid Passport CMS requirements are mandatory for all Assurance Levels. The RAPIDPIV-I EPMA bears the responsibility for Page 19 of 97

20 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted ensuring that the RAPIDPIV-I CMS meets the practices described in this CPS, including the practices in section Registration Authority (RA) An RA is the entity that collects and verifies each Subscriber's identity and information that are to be entered into his or her public key certificate. An RA interacts with the CA to enter and approve the Subscriber certificate request information. The RAPIDPIV-I OA acts as the RA for the eidrootca and RAPIDPIV-I CA. It performs its function in accordance with this CPS approved by the EPMA Subscribers A Subscriber is the entity whose name appears as the subject in an end-entity certificate, agrees to use its key and certificate in accordance with the certificate policy asserted in the certificate, and does not itself issue certificates. CAs are sometimes technically considered subscribers in a PKI. However, the term Subscriber as used in this document refers only to those entities or persons who request certificates for uses other than signing and issuing certificates or certificate status information. These proper uses include applying a digital signature to a document, encrypting documents, card authentication, and other uses. Other properly designated Subscribers include servers and devices that have a human Sponsor that bears responsibility for the certificate issued to the server or device Organizational Affiliation Subscriber certificates may be issued in conjunction with an organization that has a relationship with the Subscriber; this is termed affiliation. The organizational affiliation is indicated in a relative distinguished name in the subject field in the certificate, and the certificate is revoked in accordance with Section when affiliation is terminated Relying Parties A Relying Party is the entity that relies on the validity of the binding of the Subscriber's name to a public key. The Relying Party is responsible for deciding whether and how to check the validity of the certificate by checking the appropriate certificate status information. The Relying Party can use the certificate to verify the integrity of a digitally signed message, to identify the creator of a message, or to establish confidential communications with the holder of the certificate. A Relying Party may use information in the certificate (such as certificate Policy identifiers) to determine the suitability of the certificate for a particular use Other Participants Related Authorities The RAPIDPIV-I CA operating under this CPS require the services of other security, community, and application authorities, such as compliance auditors and attribute authorities. This CPS identifies the parties responsible for providing such services, and the mechanisms used to support these services Trusted Agent (TA) A TA is a person who verifies Subscriber identity and information on behalf of an RA. A TA does not have privileges on the CA to issue and revoke certificates Applicability The sensitivity of the information processed or protected using certificates issued by the RAPIDPIV-I CA varies. Entities must evaluate the environment and the associated threats and vulnerabilities and determine the level of risk they are willing to accept based on the sensitivity or significance of the information. This evaluation is done by each Entity for each application and is not controlled by this CPS. The certificate levels of assurance contained in this CPS as in section 1.2 are set forth below, as well as a brief and non-binding description of the applicability for applications suited to each level. Assurance Level Applicability Page 20 of 97

21 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement eidpiv-i-cardauth medium-hardware or mediumhardware CBP eidpiv-i-hardware or eidpiv-i-contentsigning medium-software or mediumsoftware CBP This level is relevant to environments where risks and consequences of data compromise are moderate. This includes contactless smart card readers where use of an activation PIN is not practical. This level is relevant to environments where risks and consequences of data compromise are moderate. These certificates are issued to devices and servers. Private Keys are stored in hardware at this Assurance Level. This level is relevant to environments where risks and consequences of data compromise are moderate. This may include transactions having substantial monetary value or risk of fraud, or involving access to private information where the likelihood of malicious access is substantial. eidpiv- I-contentSigning is only issued to the CMS. eidpiv-i-hardware Subscriber Private Keys are stored in hardware at this Assurance Level. This level is relevant to environments where risks and consequences of data compromise are moderate. These certificates are issued to devices and servers. Private Keys are stored in software at this Assurance Level Factors in Determining Usage The Relying Party must first determine the level of assurance required for an application, and then select the certificate appropriate for meeting the needs of that application. This is determined by evaluating the various risk factors including the value of the information, the threat environment, and the existing protection of the information environment. These determinations are made by the Relying Party and are not controlled by the EPMA or OA. Nonetheless, this CPS contains some helpful guidance, set forth herein, which Relying Parties may consider in making their decisions Obtaining Certificates There are two groups of persons or entities who need access to certificates issued by the Eid Passport RAPIDPIV-I PKI. Subscribers follow the requirements in section 3 below. Relying Parties follow the requirements in section Certificate Usage Appropriate Certificate Uses No Stipulation Prohibited Certificate Uses No stipulation. 1.5 Policy Administration Organization Administering this Document The EPMA is responsible for all aspects of this CPS Contact Person Questions regarding this CPS are to be directed to the Point of Contact defined on the cover page of this CPS Person Determining CPS Suitability for the Policy The EPMA approves the Eid RAPIDPIV-I CPS and commission an analysis to determine whether this CPS conforms to the Eid RAPIDPIV-I CP. Information regarding this compliance analysis is found in section 8. Page 21 of 97

22 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Eid Passport RAPIDPIV-I PKI CPS Approval Procedures By its very name, a CPS details how to implement the policies in the CP. Just as the EPMA is responsible for approving the CP, the EPMA is also responsible for this RAPIDPIV-I CPS Waivers There are no waivers to this CPS. 1.6 Definitions and Acronyms See sections 14 and 15 Page 22 of 97

23 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement 2 PUBLICATION AND PKI REPOSITORY RESPONSIBILITIES 2.1 PKI Repositories The Eid Passport RAPIDPIV-I PKI makes its PKI Repositories available to Relying Parties over the Internet. These Repositories provide the appropriate information, including but not limited to, CA certificates, CRLs, and Authority Revocation Lists (ARLs) Repository Obligations The RAPIDPIV-I OA use a variety of mechanisms for posting information into the repositories as required by this CPS. These mechanisms, at a minimum include the following: a. Unrestricted read-only access to the certificates and certificate status information in the RAPIDPIV-I repositories is given to Relying Parties; and b. Access control mechanisms when needed to protect repository information as described in later sections. 2.2 Publication of Certificate Information Publication of CA Information The Operational Authority publishes information concerning the Eid Passport RAPIDPIV-I CAs necessary to support their use and operation. All CAs post CA certificates and CRLs to the Eid Passport PKI Repositories. The PKI Repositories containing certificates and certificate status information is deployed so as to provide 24 hour per day/365 day per year availability. Eid Passport has implemented features to provide high levels of PKI Repository reliability (99% availability) Interoperability See section Time or Frequency of Publication Certificates and certificate status information are published according to the stipulations of section 4 of this CPS. 2.4 Access Controls on PKI Repositories Any PKI Repository information not intended for public dissemination or modification is protected against unauthorized access. Public keys and certificate status information in the RAPIDPIV-I PKI Repository is publicly available as per section 2.1. Any certificates that contain a UUID (i.e., Subscriber Identity and Card Authentication certificates), are not be distributed by the RAPIDPIV-I PKI Repositories. Page 23 of 97

24 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted 3 IDENTIFICATION AND AUTHENTICATION 3.1 Naming Types of Names The RAPIDPIV-I CAs generate and issue certificates with a unique and non-null X.500 Distinguished Name (DN) in the Issuer and Subject fields, and the certificates may include additional names via the subjectaltname extension, provided it is marked noncritical, and is in accordance with the profiles in section 10. The base DN are in this format: c=us, o=[organization], ou=[department], ou=[agency], ou=[optional]for certificates issued to human Subscribers, the subject DN contains the value Unaffiliated in the last organizational unit (ou) attribute or contains the affiliated organization name in an appropriate relative distinguished name attribute (i.e., organization (o), organizational unit (ou), or domain component (dc) attribute). For certificates issued to humans under eidpiv-i-hardware the certificate includes: {BaseDN}, ou=[affiliated organization name], cn=subscriber s full nameeidpiv-i-contentsigning certificates clearly indicates Eid Passport as the organization administering the CMS in the following form: {BaseDN}, ou=[cms organization name], cn=cms name eidpiv-i-cardauth certificate s subject DN does not contain the common name (cn). Instead, the DN populates the serialnumber attribute with the Universally Unique Identifier (UUID) associated with the card. {BaseDN}, ou=[affiliated organization name], serialnumber=uuid For eidpiv-i-cardauth certificates, the subject DN either contains the value Unaffiliated in the last organizational unit (ou) attribute or contains the affiliated organization name in an appropriate relative distinguished name attribute (i.e., organization (o), organizational unit (ou), or domain component (dc) attribute). When issuing any eidpiv-i certificate to unaffiliated individuals, the DN shall include ou=unaffiliated, o=eid Passport along with any other required DN attributes for the DN written for the specific individual. An example DN for unaffiliated would look like this: cn=john Doe, ou=unaffiliated, o=eid Passport, c=us Need for Names to be Meaningful The certificates issued pursuant to this CPS are meaningful only if the names that appear in the certificates can be understood and used by Relying Parties. Names used in the certificates must identify the person or object to which they are assigned in a meaningful way. Additionally, all DNs must be unique to prevent accidental or deliberate reuse of DNs. See section for more details on name uniqueness. Appropriate DNs with a Common Name (CN) that is understandable for humans areused in Identity, Signature, Encryption, and Device certificates. Legal names are appropriate for humans, while IP address, Fully Qualified Doman Name (FQDN), or model name and serial number may be used for devices and other equipment. Here are some examples: For human subscribers follow the convention cn=firstname initial. lastname For a subscriber that is an entity, such as a cross-certified CA, follow this convention: cn=ca name All DNs accurately reflect the organization with whom the Subject is affiliated. When User Principal Name (UPN) is used it accurately reflects an organizational structure. Page 24 of 97

25 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Anonymity or Pseudonymity of Subscribers CA certificates does not contain anonymous or pseudonymous identities. DNs in certificates issued to Subscribers and devices may contain a pseudonym to meet local privacy regulations as long as name space uniqueness requirements are met and as long as such name is unique and traceable to the actual entity Rules for Interpreting Various Name Forms Rules for interpreting name forms are contained in the applicable certificate profile. Rules for interpreting UUIDs are specified in RFC Uniqueness of Names Name uniqueness are enforced in certificates issued by the RAPIDPIV-I CA. The CMS enforces name uniqueness within the X.500 name space, in which they have been authorized. The OA is responsible for ensuring name uniqueness in certificates issued by the RAPIDPIV-I PKI. This CPS defines the following: The name forms used in the architecture How the RAPIDPIV-I CA allocates names within the Subscriber community to guarantee name uniqueness among current and past Subscribers or between the subscribers of two different organizations, (e.g., if Jane Doe leaves a CA s community of Subscribers, and a new, different Jane Doe enters the community of Subscribers) a unique name shall be provided in the Subject DN belonging to the second person. The name space used for all Subject DNs is indicated in section Additionally, the Eid Passport CMS checks for name uniqueness and notifies the RA when there is a name collision, offering suggested name alternatives Recognition, Authentication, and Role of Trademarks No stipulation Name Claim Dispute Resolution Procedure When a possible name collision occurs the EPMA will work with the entity to develop an acceptable alternative, but the EPMA will contact the CertiPath PMA for instructions if the EPMA cannot resolve the disputed name. 3.2 Initial Identity Validation Method to Prove Possession of Private Key In all cases where the party named in a certificate generates their own keys they are required to prove possession of the private key corresponding to the public key in the certificate Request. For signature keys, this is done by the entity using its private key to sign a value and providing that value to the RAPIDPIV-I CA. The CA then validates the signature using the party s public key. When the RAPIDPIV-I PKI is issuing smart cards, the CMS initiates a certificate request over SSL, and uses the CMS s authentication keys to authenticate to the RAPIDPIV-I Signing CA Authentication of Organization Identity The existence of an affiliated organization is verified prior to issuing any end user certificates on its behalf. Once an organization signs a contract with Eid Passport, the organization name and other pertinent information is entered into the CMS system by a CMS Systems Administrator. Requests for subscriber certificates in the name of an Affiliated Organization includes the organization name, address, and Page 25 of 97

26 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted documentation of the existence of the organization. The RA verifies the information, in addition to the authenticity of the requesting representative and the representative s authorization to act in the name of the organization Authentication of Individual Identity eidpiv-i certificates are issued only to human subscribers. Identity is established by in-person proofing before the RA, a Trusted Agent, or, for Assurance Levels other than eidpiv-i Assurance Levels, an entity certified by a State or Federal Entity as being authorized to confirm identities; information provided is verified to ensure legitimacy. For Assurance Levels other than eidpiv-i the applicant presents one valid National Government-issued photo ID, or two valid non-national Government IDs, one of which is a recent photo ID (i.e., driver's license) Authentication of individual identity using antecedent in-person identity-proofing data is not supported by this CPS. The RA ensures that the applicant s identity information is verified. For certificates issued under id-eidpiv- I-medium, and id-eidpiv-i-mediumhardware, identity is established no more than 30 days before initial certificate issuance. RAs may use remote authentication of an applicant s identity using an Eid Passport TA to support identity proofing of applicants, assuming RAPIDPIV-I identity badging requirements are otherwise satisfied. Minimal procedures for authentication of human subscribers are detailed below. Verify that a request for certificate issuance to the applicant was submitted by an authorized sponsoring/affiliated organization employee. This validation includes the authentication of organization identity as specified in section and inclusion of the organization name within the subscriber DN Applicant s employment is verified through use of official organization records Applicant s identity is established by in-person proofing before the Registration Authority or Trusted Agent, based on the following processes: o Identity source documents are presented as follows: The applicant presents two identity source documents in original form. The identity source documents must come from the list of acceptable documents included in Form I-9, OMB No , Employment Eligibility Verification. At least one document must be a valid State or Federal Government-issued picture identification (ID). For PIV- I credentials, an in-person antecedent is not permitted. o The RA examines the presented credential for biometric data that can be linked to the applicant (e.g. a photograph on the credential itself or a securely linked photograph of applicant) o The credential presented above is verified by the RA for currency and legitimacy (e.g., the organization ID is verified as valid) Biometric data is captured for PIV-I credentials and formatted in accordance with NIST SP as follows: o An electronic facial image used for printing facial image on the card, as well as for performing visual authentication during card usage (a new facial image is collected each time a card is issued) o Two electronic fingerprints to be stored on the card for automated authentication during card usage The CMS is set up to require two persons to provide input before any certificate is issued. Page 26 of 97

27 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Where it is not possible for applicants to appear in person before the RA, a Trusted Agent may serve as proxy for the RA. The Trusted Agent forwards the information collected from the applicant directly to the RA in a secure manner. Authentication by a Trusted Agent does not relieve the RA of its responsibility to perform the appropriate steps above. In addition, the RA records the process that was followed for issuance of each certificate, and the process documentation includes the following on the last page of the Subscriber Agreement: a. The identity of the person (TA or RA) performing the identity verification; b. A signed declaration by that person that he or she verified the identity of the applicant as required by the RAPIDPIV-I CP using the format set forth at 28 U.S.C (declaration under penalty of perjury); c. Name of identifying document type (e.g., Passport); d. Ensure the identifying document is still valid and not expired; e. Unique identifying numbers from the ID of the verifier and from an ID of the applicant; and The date and time of the verification Authentication of Component Identities Some computing and communications components (routers, firewalls, servers, etc.) may be named as certificate subjects. In such cases, the component (usually referred to as a device ) has a human sponsor (the PKI Sponsor ). The PKI Sponsor is responsible for providing the following registration information: a. Equipment identification (i.e., serial number) or service name (i.e., DNS name) sufficient to uniquely identify the Subject; b. Equipment public keys; c. Equipment authorizations and attributes (if any are to be included in the certificate); and d. Contact information to enable the CA or RA to communicate with the sponsor when required. The RAPIDPIV-I PKI requires in person registration of the PKI Sponsor, with the identity of the PKI Sponsor confirmed in in the same manner as required in Section If the PKI Sponsor has a valid certificate issued by the RAPIDPIV-I PKI, verification of the signature on a digitally signed message from the PKI Sponsor is acceptable for identity authentication. When a PKI Sponsor is changed, the new PKI Sponsor must review the status of each device under his/her sponsorship to ensure it is still authorized to receive certificates, and any found to no longer need a certificate from the RAPIDPIV-I PKI will request it to be revoked Non-verified Subscriber Information Information that is not verified is not included in certificates Validation of Authority Certificates that contain explicit or implicit organizational affiliation are issued after ascertaining the applicant has the authorization to act on behalf of the organization in the asserted capacity. Page 27 of 97

28 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Criteria for Interoperation Although the Eid Passport PKI Cross-Certified with CertiPath is not intended to serve as its own Bridge, in any cases where an external PKI-domain CA wishing to interoperate with the RAPIDPIV-I PKI must adhere to the following requirements: a. Have a contractual relationship with Eid Passport; b. Have a CP mapped to and determined by the EPMA to be in conformance with the RAPIDPIV-I CP; c. Operate a PKI that has undergone a successful compliance audit pursuant to section 8 of this CPS and as set forth in the Subject CA CPS s corresponding section; d. Issue certificates compliant with the profiles described in this CPS, and make certificate status information available in compliance with this CPS; and e. Provide CA certificate and certificate status information to the Relying Parties in compliance with this CPS. 3.3 Identification and Authentication for Re-Key Requests Identification and Authentication for Routine Re-Key Subscribers are authenticated through use of their current Signing Key or by using the initial identity-proofing process as described in section 3.2. Subscribers with medium-software, medium-hardware, medium-cbp-software, and/or medium-cbphardware certificates must re-establish identity through the initial identity-proofing process at least once every nine years. When a current public key certificate is used for identification and authentication purposes, the expiration date of the new certificate does not extend beyond the initial identity-proofing times specified in the paragraphs above, and the Assurance Level of the new certificate does not exceed the Assurance Level of the certificate being used for identification and authentication purposes Identification and Authentication for Re-Key After Revocation Once a certificate has been revoked, the certificate subject (i.e., Subscriber or device) is authenticated by using the initial identity-proofing process as described in section 3.2 or through use of another current, valid public key certificate in accordance with section Identification and Authentication for Revocation Request {Redacted} As in section 3.2.3, a Company PKI Sponsor or Trusted Agent may request revocation of an affiliated Subscriber s certificate by sending a digitally signed message to the RA. The RA must ensure the TA is requesting a revocation for a Subscriber that is affiliated with the TA s organization. Page 28 of 97

29 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement 4 CERTIFICATE LIFE-CYCLE OPERATIONAL REQUIREMENTS 4.1 Certificate Application Submission of Certificate Application Only an RA acting on behalf of the Subscriber submits a certificate application to the CA. In some cases devices are issued a trusted certificate. For these situations, a PKI Sponsor submits identity information to an RA who submits the request. This PKI Sponsor already had gone through the process of identity vetting and have in their possession a valid and current PIV-I credential Enrolment Process and Responsibilities Applicants for public key certificates are responsible for providing accurate information in their applications for certification, and the RAPIDPIV-I PKI ensures the following actions take place: a. Check and record identity of Subscriber (per section 3.2); b. Verify the applicant s authority to request the certificate by using a point of contact or other verfiable means of determining authorization; and c. Generate and confirm the functionality of a Public/Private Key pair for each certificate required. 4.2 Certificate Application Processing It is the responsibility of the RA, or, in the case of a CA certificate, the EPMA, to verify that the information in a certificate application is accurate. Section gives details on how the CMS verifies that the certificate application is processed accurately and with authorization Performing Identification and Authentication Functions {Redacted} Prior to certificate issuance, a Subscriber is required to sign a Subscriber Agreement containing the requirements that the Subscriber protects the private key and use the certificate and private key for authorized purposes only Approval or Rejection of Certificate Applications The EPMA or any of its RAs may approve or reject a certificate application. Some examples of reason to reject an application include, but are not limited to the following: Information on the certificate application is contradictory or does not match the applicant Vital information on the certificate application cannot be authenticated Payment is not received in time Time to Process Certificate Applications Certificate application processing from the time the request/application is posted on the CA or RA system to certificate issuance does not exceed thirty (30) days. Identity is checked at time of issuance and is verified by a 2:2 biometric match with data gathered at Subscriber enrollment (e.g. finger print and facial image). Page 29 of 97

30 4.3 Certificate Issuance RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted While the Subscriber may do most of the data entry, it is still the responsibility of the CA and the RA to verify that the information in a certificate request is correct and accurate CA Actions During Certificate Issuance The CA: Verifies the source of a certificate request before issuance; Checks certificates to ensure that all fields and extensions are properly populated; and Posts the certificate after generation, verification, and acceptance. In addition, the CA requires PIV-I certificate authentication before processing certificate requests in order to verify the source of the request. The Eid Passport CMS holds a PIV-I Auth certificate to use for establising certificate authentication. This PIV-I Auth certificate was issued by the RAPIDPIV-I CA, thus ensuring authorization. Every Eid Passport RA uses the CMS to communicate with the RAPIDPIV-I CA Notification to Subscriber of Certificate Issuance Subscribers are notified of certificate issuance by means of handing the card to the Subscriber. 4.4 Certificate Acceptance Conduct Constituting Certificate Acceptance Failure to object to the certificate indicates acceptance of it. The Subscriber must sign a Subscriber Agreement, acknowledging their understanding and acceptance of their responsibilities as defined in Section of this CPS. Once the RA downloads the Subscriber s certificates to the smart card, the RA releases the PIV-I Card to the subscriber only after a successful 1:1 biometric match of the applicant against the biometrics collected in Section In the case of devices or services (web servers, routers, firewalls, etc.), the PKI Sponsor (as defined in Section ) performs the same function as described above for the acceptance of the device certificate. There is no escrow of private keys associated with certificates for devices or services Publication of the Certificate by the CA All CA certificates are published in a dedicated PKI repository site accessible to the Internet Notification of Certificate Issuance by the CA to other Entities No stipulation beyond an agreement in any MOU. 4.5 Key Pair and Certificate Usage Subscriber Private Key and Certificate Usage Subscribers and CAs protect their private keys from access by any other party. The Subscriber must agree to the Subscriber Agreement and accept the certificate before the private key corresponding to the public key in the certificate may be used. Subscribers and CAs use their private keys for the purposes as constrained by the extensions (such as key usage, extended key usage, certificate policies, etc.) in the certificates issued to them, and they do not continue to use the certificates after they have expired or been revoked. {Redacted} Page 30 of 97

31 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Relying Party Public Key and Certificate Usage Relying Parties accept and use public key certificates and their associated public keys for the purposes intended as constrained by the extensions (such as key usage, extended key usage, certificate policies, etc.) in the certificates. 4.6 Certificate Renewal Renewing a certificate means creating a new certificate with the same name, key, and other information as the old one, but with a new, extended validity period and a new serial number. 1 However, certificate renewal does not apply to eidpiv-i Subscriber certificates. There is no certificate renewal or modification allowed for these Subscriber certificates. The old certificate(s) may or may not be revoked, but must not be further rekeyed, renewed or updated Circumstance for Certificate Renewal For certificates other than eidpiv-i Assurance Level certificates a certificate may be renewed if the public key has not reached the end of its validity period, the associated private key has not been revoked or compromised, and the device or CA name and attributes are unchanged. In addition, the validity period of the certificate does not exceed the remaining lifetime of the private key, as specified in section 5.6. The identity proofing requirement listed in section must also be met Who May Request Renewal A Subject may request the renewal of its certificate. A PKI Sponsor may request renewal of its Device certificate. A CA may request renewal of its Subscriber certificates, i.e., when the CA re-keys Processing Certificate Renewal Requests A certificate renewal is achieved using one of the following processes: a. Initial registration process as described in section 3.2; or b. Identification & Authentication for Re-key as described in section 3.3, except the old key can also be used as the new key. For Cross-Certificates issued by an Eid RAPIDPIV-I CA, certificate renewal also requires that a valid MOU exists between the EPMA and the Subject CA, and the term of the MOU is beyond the expiry period for the new certificate Notification of New Certificate Issuance to Subscriber See section Conduct Constituting Acceptance of a Renewal Certificate See section Publication of the Renewal Certificate by the CA See section Renewal is supported by this CPS primarily for OCSP Responder certificates (renewed monthly) and external PKI-domain Crosscertificates (renewed according to an MoU, for example annually). Page 31 of 97

32 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Notification of Certificate Issuance by the CA to other Entities See section Certificate Re-Key The longer and more often a key is used, the more susceptible it is to loss or discovery. Therefore, it is important that a Subscriber periodically obtains new keys and re-establishes its identity. Re-keying a Certificate means that a new certificate is created that has the same characteristics and Assurance Level as the old one, except that the new certificate has a new, different public key (corresponding to a new, different private key) and a different serial number, and it may be assigned a different validity period. Credentials that are to be re-keyed have its current certificates revoked Circumstance for Certificate Re-Key A CA issues a new certificate to the Subject when the Subject has generated a new key pair and is entitled to a certificate Who may Request Certification of a New Public Key A Subject may request re-key of its certificate. A PKI Sponsor may request re-key of a Device certificate Processing Certificate Re-Keying Requests A certificate re-key is be achieved using one of the following processes: a. Initial registration process as described in section 3.2; or b. Identification and Authentication for Re-Key as described in section 3.3. To re-key a cross-certificate between the RAPIDPIV-I PKI and an external PKI domains' CAs, (such as with the CBCA) certificate re-key also requires that a valid MOU exists between Eid Passport and the PMA of the other CA, and the term of the MOU is beyond the expiry period for the new certificate Notification of new Certificate Issuance to Subscriber See section Conduct Constituting Acceptance of a Re-Keyed Certificate See section Publication of the Re-Keyed Certificate by the CA See section Notification of Certificate Issuance by the CA to Other Entities See section Certificate Modification Updating a certificate means creating a new certificate for the Subscriber. Existing certificates are not changed. Certificates are modified by having the Subscriber provide identity documentation and going through the registration and issuance process for a new set of certificates. New certificates may be put on the Subscriber s existing card, but in this case, the old certificates will first be revoked. Consideration must be taken based on whether the Subscriber has encrypted anything that needs the old encryption keys, before revoking them. Further, if an individual's name changes (e.g., due to marriage), then proof of the name change is provided to the RA or the Trusted Agent in order for an updated certificate having the new name to be issued. Page 32 of 97

33 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Circumstance for Certificate Modification A CA issues a new certificate to the Subject when some of the Subject information has changed, e.g., name change due to change in marital status, change in subject attributes, etc., and the Subject continues to be entitled to a certificate Who may Request Certificate Modification A Subject may request modification of its certificate. A PKI Sponsor may request modification of Device certificate Processing Certificate Modification Requests A certificate modification is achieved using one of the following processes: a. Initial registration process as described in section 3.2; or b. Identification & Authentication for Re-key as described in section 3.3. In addition, the validation of the changed subject information is in accordance with the initial identity-proofing process as described in section 3.2. For Cross-Certificates issued by an Eid RAPIDPIV-I CA, certificate modification also requires that a valid MOU exists between the EPMA and the Subject CA, and the term of the MOU is beyond the expiry period for the new certificate Notification of New Certificate Issuance to Subscriber See section Conduct Constituting Acceptance of Modified Certificate See section Publication of the Modified Certificate by the CA See section Notification of Certificate Issuance by the CA to Other Entities See section Certificate Revocation and Suspension All revocation requests are authenticated. Here are some acceptable methods for authenticating a certificate revocation request, with the caveat however, that the compromised private key is not used to authenticate a revocation. {Redacted} Circumstances for Revocation A certificate is revoked when the binding between the Subject and the Subject's public key defined within a certificate is no longer considered valid. Examples of circumstances that invalidate the binding include the following 2 : a. Identifying information or affiliation components of any names in the certificate become invalid; 2 No privilege attributes are asserted in any current certificate Profile. In the event that any future profile allows for privilege attributes, reduction of privileges must be added to the list of reasons for revocation. Page 33 of 97

34 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted b. An Organization terminates its relationship with the CA such that it no longer provides affiliation information; c. Privilege attributes asserted in the Subject s certificate are reduced; d. The Subject can be shown to have violated the stipulations of its agreement; e. The private key, or the media holding the private key, is suspected of compromise; or f. The Subject or other authorized party (as defined in this CPS) asks for his/her certificate to be revoked; Whenever any of the above circumstances occurs, the associated certificate is revoked and placed on the CRL. Revoked certificates are included on all new publications of the certificate status information until the certificates expire. If it is ever determined subsequent to issuance of new certificates that a private key used to sign requests for one or more additional certificates may have been compromised at the time the requests for additional certificates were made, all certificates authorized by directly or indirectly chaining back to that compromised key are to be revoked Who can Request Revocation The following parties are allowed to request a revocation on behalf of the Subscriber for either affiliated or unaffiliated Subscribers: An RA The Eid Passport Operational Authority (OA) A PKI Sponsor or other official in the Subscriber s authorizing organization Other authorized party including a Trusted Agent All of these can request the revocation of a Subscriber s certificate on the Subscriber s behalf. For certificates issued in association with an Affiliated Organization, the revocation request is only accepted from the Affiliated Organization named in the certificate. A Trusted Agent or official in the Subscriber s authorizing organization only requests revocation of a certificate for a Subscriber that is affiliated with the Trusted Agent s or official s organization. Further explanation of Revocation requirements procedures are found in section 4.9. In the case of CA certificates issued to another PKI-domain (such as the CBCA) by the Eid RAPIDPIV-I CA, the CBCA PMA or the EPMA may request revocation of a certificate. For CA certificates, authorized individuals representing the CA Operational Authority may request revocation of certificates Procedure for Revocation Request All revocation requests identify the certificate to be revoked and include the reason for revocation. The certificate to be revoked is uniquely identified with information including: the organization name, the subject name and the address on the certificate or optionally the certificate serial number. This information alone or combined is used to uniquely identify the correct Subject DN of the certificate to be revoked. Optionally, the certificate serial number may be used to correctly discriminate one certificate among a history of certificates issued to the Subject. Only a certificate explicitly identified in the request is revoked. Page 34 of 97

35 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement The revocation requests may be manually or digitally signed and is always authenticated by a RA. If the revocation is being requested for reason of key compromise or suspected fraudulent use, then the Subscriber's and the RA's revocation request so indicates. The processes for revocation are as follows: {Redacted} Any CA may unilaterally revoke a CA certificate it has issued. However, the Operational Authority for the RAPIDPIV-I CA revokes a Subject CA certificate only in the case of an emergency. Generally, the certificate is revoked based on the subject request, authorized representative of subject request, or PMA request. Upon receipt of a revocation request, a RAPIDPIV-I CA authenticates the request and then revokes the certificate. At the medium-hardware and medium-cbp-hardware assurance levels a Subscriber ceasing its relationship with an organization that sponsored the certificate, prior to departure, surrenders to the organization (through an accountable mechanism) all cryptographic hardware tokens that were issued by or on behalf of the sponsoring organization. The certificates are revoked, the token is disposed of in accordance with section promptly upon surrender, and it is protected from malicious use between surrender and such disposition. If a Subscriber leaves an organization and the hardware tokens cannot be obtained from the Subscriber, then all Subscriber certificates associated with the unretrieved tokens are immediately revoked for the reason of key compromise. In cases where the Operational Authority identifies a Subscriber certificate needs to be revoked, the OA will get permission from the EPMA Chair or an Eid Passport RA before revoking it Revocation Request Grace Period There is no revocation grace period. The parties identified in section request revocation upon identifying the need for revocation Time Within Which the CA Must Process the Revocation Request The RAPIDPIV-I CA processes all revocation requests for CA certificates within six (6) hours of receipt of request. The RAPIDPIV-I CA processes all revocation requests for Subscriber certificates before the next CRL is published, excepting those requests validated within two (2) hours of CRL issuance. If at all possible, certificates are revoked before the next CRL is published Revocation Checking Requirement for Relying Parties The RAPIDPIV-I PKI makes CRL data available by HTTP in its repository so that Relying Parties may have timely and up-to-date certificate status information. Use of revoked certificates could have damaging or catastrophic consequences in certain applications. The matter of how often new revocation data should be obtained is a determination to be made by the Relying Party. If it is temporarily infeasible to obtain revocation information, then the Relying Party must either reject use of the certificate, or make an informed decision to accept the risk, responsibility, and consequences for using a certificate whose authenticity or validity cannot be guaranteed to the standards of this policy. Such use may occasionally be necessary to meet urgent operational requirements CRL Issuance Frequency CRLs are issued periodically, even if there are no changes to be made, to ensure timeliness of information. Certificate status information may be issued more frequently than the issuance frequency described below. The offline RAPIDPIV-I PKI Root CA(s) may issue CRLs at least once every 30 days, except when required for reason of key compromise as specified in section Page 35 of 97

36 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted A RAPIDPIV-I CA ensures that superseded certificate status information is removed from the PKI Repository upon publishing of the latest certificate status information. Certificate status information is never published later than the next scheduled update. This facilitates the local caching of certificate status information for offline or remote operation and will help to reduce latency between creation and availability. The following table provides CRL issuance frequency requirements. Medium (all policies) PIV-I (all policies Assurance Level Maximum Interval for Routine CRL Issuance 24 hours 24 hours For off line Root CAs, the nextupdate shall be less than or equal to thisupdate plus 45 days. For all other CAs, the nextupdate shall be less than or equal to thisupdate plus 168 hours Maximum Latency for CRLs The maximum delay between the time a Subscriber certificate revocation request is received by a RAPIDPIV- I CA and the time that this revocation information is available to Relying Parties is no greater than twentyfour (24) hours On-Line Revocation/Status Checking Availability The RAPIDPIV-I PKI provides certificate status information via OCSP. The RAPIDPIV-I Repository systems were issued a certificate by the same CA that issues other eidpiv-i Assurance Level certificates. Location data for the RAPIDPIV-I repository data is placed in the certificate On-Line Revocation Checking Requirements The RAPIDPIV-I PKI Repository contains and publishes a list of all OCSP Responders operated by the Eid RAPIDPIV-I CA Other Forms of Revocation Advertisements Available All revocation advertisment methods are described in sections and Checking Requirements for Other Forms of Revocation Advertisements No stipulation Special Requirements Related to Key Compromise In the case of the RAPIDPIV-I offline Root CA key compromise, the cross-certificate with the CBCA will be revoked and a CRL published at the earliest feasible time. When a Signing CA key is compromised the Root CA will issue an updated CRL at the earliest feasible time. For all other CAs such as Signing CAs when a Subscriber private key is compromised or suspected of compromise, the affected key will be revoked immediately and a CRL will be issued as per the schedule below: Assurance Level Maximum Interval for Emergency CRL Issuance Page 36 of 97

37 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Medium (all policies) PIV-I (all policies) 18 hours after notification 18 hours after notification Circumstances for Suspension Not supported Who can Request Suspension Not supported Procedure for Suspension Request Not supported Limits on Suspension Period Not supported Certificate Status Services The RAPIDPIV-I does not support SCVP Operational Characteristics No stipulation Service Availability Relying Parties are bound to their obligations and the stipulations of this CPS irrespective of the availability of the certificate status service Optional Features No stipulation End of Subscription Revoking certificates that have expired prior to or upon end of subscription is not required. Unexpired CA certificates are always be revoked at the end of subscription Key Escrow and Recovery Key Escrow and Recovery Policy and Practices Under no circumstances does a third party escrow a CA or End-Entity Signature key. The RAPIDPIV-I PKI has a Key Recovery Practices Statement (KRPS) that complies with the CertiPath Key Recovery Policy (KRP) Session Key Encapsulation and Recovery Policy and Practices Session key encapsulation and recovery is not supported. Page 37 of 97

38 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted 5 FACILITY, MANAGEMENT, AND OPERATIONAL CONTROLS 5.1 Physical Controls Site Location and Construction The location and construction of the facility housing CA and CMS equipment is consistent with facilities used to house high value, sensitive information. Sections through describe these controls. The site location and construction, when combined with other physical security protection mechanisms such as guards and intrusion sensors, provides robust protection against unauthorized access to the CA equipment and records Physical Access The CA, CMS and CSA and all other system components of the RAPIDPIV-I PKI are contained within a physically protected environment to deter, detect, and prevent unauthorized use of, access to, or disclosure of sensitive information. Removable cryptographic modules are deactivated before storage. Activation information is stored in locked containers separate from the cryptographic hardware CA Physical Access CA equipment meets the physical access requirements specified for CA equipment by implementing the following policies: {Redacted} A security check of the facility housing the RAPIDPIV-I PKI equipment occurs if the facility is to be left unattended. At a minimum, the check verifies the following: a. The equipment is in a state appropriate to the current mode of operation (i.e., that cryptographic modules are in place when open, and secured when closed ); b. For the off-line eidroot CA, all equipment other than the PKI Repository is shut down; c. Any security containers are properly secured; d. Physical security systems (i.e., door locks, vent covers) are functioning properly; and e. The area is secured against unauthorized access. A person or group of persons are made explicitly responsible for making such checks. When a group of persons is responsible, a log identifying the person performing a check at each instance is maintained. If the facility is not continuously attended, the last person to depart initials a sign-out sheet that indicates the date and time, and asserts that all necessary physical protection mechanisms are in place and activated CMS and RA Equipment Physical Access CMS equipment is handled in the same manner as in section {Redacted} Power and Air Conditioning The RAPIDPIV-I CA, CSA and CMS has backup power and air conditioning sufficient to keep operations running reliably until a backup diesel generator engages and restores temporary power.. Page 38 of 97

39 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Water Exposures The RAPIDPIV-I PKI servers and sensitive equipment are installed on flooring with elevated racks to help alleviate the possibliity of flooding causing interruptions in operations. Water exposure from fire prevention and protection measures (e.g., sprinkler systems) are excluded from this requirement Fire Prevention and Protection Fire prevention and protection systems are installed in all data centers that house the CA, CSA and CMS Media Storage {Redacted} Media that contains audit, archive, or backup information is duplicated and stored in a location separate from the CA location. {Redacted} Waste Disposal {Redacted} Off-Site Backup Full system backups of the RAPIDPIV-I CAs, sufficient to recover from system failure, are made on a periodic schedule,. Backups are performed and stored offsite not less than once every seven (7) days. At least one (1) full backup copy is stored at an offsite location (at a location separate from the CA equipment). Only the latest full backup is retained. The backup data is protected with physical and procedural controls commensurate to that of the operational CA. CMS backups are sent to an off-site location that meets the same physical and logical security requirements as the operational system. See section for details on access controls. 5.2 Procedural Controls Trusted Roles A trusted role is one who performs functions that can introduce security problems if not carried out properly, whether accidentally or maliciously. The people selected to fill these roles in the RAPIDPIV-I PKI must be extraordinarily responsible or the integrity of the CA or CMS is weakened. The functions performed in these roles form the basis of trust for all uses of the CA and CMS. Two approaches are taken to increase the likelihood that these roles can be successfully carried out. The first ensures that the person filling the role is trustworthy and properly trained. The second distributes the functions among more than one person, so that any malicious activity would require collusion. All Eid Passport employees serving in a trusted position qualify and periodically re-qualify (every two years) for trusted status. Eid Passport maintains lists, including names, organizations and contact information, of those who act in trusted roles, and makes them available during compliance audits. There are four roles for each main system in the Eid Passport PKI and they are: a. Administrator authorized to install, configure, and maintain the CA, establish and maintain user accounts, configure profiles and audit parameters, and generate component keys; b. Officer authorized to request or to approve certificates or certificate revocations; c. Audit Administrator authorized to view and maintain audit logs; and Page 39 of 97

40 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted d. Operator authorized to perform system backup and recovery. The following sections define these and other trusted roles CA System Administrator The CA System Administrators are responsible for the following: a. Installation, configuration, and maintenance of the CA; b. Establishing and maintaining CA system accounts; c. Configuring certificate profiles or templates and audit parameters; and d. Generating and backing up CA keys. System Administrators do not issue certificates to Subscribers Officer The Officers are responsible for the following: a. Registering new Subscribers and requesting the issuance of certificates; b. Verifying the accuracy of information included in certificates; c. Approving and executing the issuance of certificates; d. Requesting, approving and executing the revocation of certificates; e. Configuring certificate profiles or templates and audit parameters for the CA software; and f. Generating and backing up CA keys Audit Administrator Audit Administrators are responsible for the following: a. Reviewing, maintaining, and archiving audit logs; and b. Performing or overseeing internal compliance audits to ensure that the CA is operating in accordance with this CPS Operator Operators are responsible for the routine operation of the CA equipment and operations such as system backups and recovery or changing recording media Registration Authority Registration Authorities are responsible for the following: a. Registering new Subscribers and requesting certificate issuance utilizing secure communications as per sections and 6.1.3; b. Verifying the identity of Subscribers in accordance with section 3.2; c. Approving and executing certificate issuance; d. Receiving and distributing Subscriber certificates; and e. Requesting, approving, and executing certificate revocation. {Redacted} Page 40 of 97

41 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement CSA Roles The RAPIDPIV-I CSA has the following roles: a. CSA Administrators who are responsible for the following: i. Installation, configuration, and maintenance of the CSA; ii. iii. iv. Establishing and maintaining CSA system accounts; Configuring CSA application and audit parameters; and Generating and backing up CSA keys. b. CSA Audit Administrators who are responsible for the following: i. Reviewing, maintaining, and archiving audit logs; ii. Performing or overseeing internal compliance audits to ensure that the CSA is operating in accordance with this CPS. c. CSA Operators who are responsible for the the following: i. Routine operation of the CSA equipment; and ii. Operations such as system backups and recovery or changing recording media CMS Roles The RAPIDPIV-I CMS has the following roles: a. CMS Administrators who are responsible for the following: i. Installation, configuration, and maintenance of the CMS; ii. iii. iv. Establishing and maintaining CMS system accounts; Configuring CMS application and audit parameters; and Generating and backing up CMS keys. b. CMS Audit Administrators who are responsible for the following: i. Reviewing, maintaining, and archiving audit logs; and ii. Performing or overseeing internal compliance audits to ensure that the CMS is operating in accordance with this CPS. c. CMS Operators who are responsible for the following: Routine operation of the CMS equipment; and Operations such as system backups and recovery or changing recording media PKI Sponsor A PKI Sponsor is a Subscriber for devices in the RAPIDPIV-I network. Alternatively, a PKI Sponsor may be an authorized official in an affiliated organization who may conduct pre-enrollment activities for authorized Subscribers. The PKI Sponsor follows procedures detailed in this CPS and the RAPIDPIV-I handbooks and SOPs to pre-enroll Subscribers, or to register components (routers, web servers, firewalls, etc.) in accordance with section 3.2.4, and is responsible for meeting the obligations of Subscribers as defined throughout this document. Page 41 of 97

42 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted A PKI Sponsor is not a trusted role, but is issued a credential at an Assurance Level that is equal to or higher than that of the credential that they are sponsoring Trusted Agent A Trusted Agent is a Trusted Role authorized to act as a representative of the RA in providing Subscriber identity verification during the registration process. Trusted Agents do not have automated interfaces with the CA. All persons filling the role of Trusted Agent are US citizens. A Trusted Agent (TA) who performs identification and authentication functions as described in the RAPIDPIV- I RPS complies with the stipulations in this CPS and the CP. A TA who is found to have acted in a manner inconsistent with these obligations is subject to revocation of TA responsibilities. A TA operating under this CPS conforms to the stipulations of this document, including: Performing in-person identify verification of certificate applicants in accordance with Section Including only valid and appropriate information in certificate requests, and maintaining evidence that due diligence was exercised in validating the information contained in the certificate Number of Persons Required Per Task Two or more persons are required to perform the following tasks: a. CA, CSA and eidpiv-i-contentsigning key generation; b. CA, CSA and eidpiv-i-contentsigning key activation; and c. CA, CSA and eidpiv-i-contentsigning key backup. Where multiparty control is required, at least one of the participants is an Administrator. All participants serve in a trusted role as defined in section Audit Administrators do not take part in multiparty control operations Identification and Authentication for Each Role {Redacted} Roles Requiring Separation of Duties Role separation, when required as set forth below, is enforced either by the CA equipment, or procedurally, or by both means. Individual RAPIDPIV-I PKI personnel are specifically designated to the four roles defined in section above. Individuals may assume more than one role, except as follows: a. Individuals who assume a Registration Authority or Security Officer role do not assume a System Administrator role; b. Individuals who assume an Audit Administrator role do not assume any other role on the RAPIDPIV- I PKI component; and c. Under no circumstances does any of the four roles perform its own compliance auditor function. No individual fulfilling any of the roles outlined in section are assigned more than one identity. Page 42 of 97

43 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement 5.3 Personnel Controls Qualifications, Experience, and Clearance Requirements A group of individuals responsible and accountable for the operation of each RAPIDPIV-I CA, CMS, and CSA are identified as such. The trusted roles of these individuals per section are identified. All persons filling trusted roles are selected on the basis of loyalty, trustworthiness, and integrity, and are subject to background investigation. Personnel appointed to RAPIDPIV-I CA trusted roles, CSA trusted roles, and CMS trusted roles: a. Have successfully completed the Eid Passport RAPIDPIV-I Trusted Role training program; b. Have demonstrated the ability to perform their duties; c. Are trustworthy; d. Have no other duties that would interfere or conflict with their duties for the trusted role; e. Have not been previously relieved of duties for reasons of negligence or non-performance of duties; f. Have not been denied a security clearance, or had a security clearance revoked; g. Have not been convicted of a felony offence or other serious crime which affects his/her suitability for the position; and h. Are appointed in writing by an approving authority. 3 Each person filling a trusted role shall satisfy at least one of the following requirements: a. The person is a US citizen; or b. The person has a security clearance equivalent to U.S. Secret or higher issued by a NATO member nation or major non-nato ally as defined by the International Traffic in Arms Regulation (ITAR) 22 CFR Background Check Procedures All persons filling RAPIDPIV-I CA trusted roles, CSA trusted roles, and CMS trusted roles have either a U.S. Secret or higher security clearance or completed a favorable background investigation. The scope of the background check includes the following areas covering the past five (5) years: a. Employment; b. Education (regardless of the date of award, the highest educational degree is verified); c. Place of residence (3 years); d. Law Enforcement; and e. References. Adjudication of the background investigation is performed by a competent adjudication authority using a process consistent with United States Executive Order August 1995, or equivalent. 3 Practice Note: In order to make the determination if a person was denied clearance or had clearance revoked for cause, it is sufficient to rely on the local Facility Security Officer (FSO) database, Joint Personnel Adjudication System (JPAS), and assertions by the person on security clearance forms. Page 43 of 97

44 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted The results of these checks are not released except as required in section 9.3 and section 9.4. The following checks are the minimum conducted on all Trusted Roles in the RAPIDPIV-I PKI: {Redacted} If a formal clearance or other check is the basis for background check, the background refresh is in accordance with the corresponding formal clearance or other check. Otherwise, the background check is refreshed every ten years Training Requirements All personnel performing duties with respect to the operation of the RAPIDPIV-I CA, CMS, CSA, or an RA receive comprehensive training. Training is conducted in the following areas: a. CA/CMS/CSA/RA security principles and mechanisms; b. All PKI software versions in use on the CA system; c. All PKI duties they are expected to perform; and d. Disaster recovery and business continuity procedures Retraining Frequency and Requirements All Trusted Roles and others who support them are aware of changes in the RAPIDPIV-I CA, CMS, CSA, or RA operations, as applicable. A training awareness plan is in place to deal with any significant change to the operations, and the execution of such plan is documented. Examples of such changes are CA software or hardware upgrade, RA software upgrades, changes in automated security systems, and relocation of equipment Job Rotation Frequency and Sequence No stipulation Sanctions for Unauthorized Actions The EPMA takes appropriate administrative and disciplinary actions against personnel who violate this practice statement. This CPS contains important information about procedures and Trusted Role practices, as well as legal requirements, which apply to all Trusted Roles associated with the Eid Passport PKI. Non-compliance by a Trusted Role may lead to disciplinary action, up to and including termination from employment for Eid Passport employees, as per the Eid Passport Employee Handbook. Disciplinary actions for contracted Trusted Roles are governed by the pertinent contracts with Eid Passport. It is each Trusted Roles responsibility to read and understand this CPS. An example of offenses that are punishable in accordance with this practice is when an RA fails to follow the proper procedures for identity vetting new Subscribers. Failure to follow the proper procedures for vetting identity (found in the Eid Passport RPS and RA SOP) may result in legal liability for Eid Passport, and will be grounds for termination of employment or contract with that Trusted Role Independent Contractor Requirements Contractor personnel employed to perform functions pertaining to the RAPIDPIV-I CA, CSA, CMS, or RA operations meets applicable requirements set forth in this CPS (i.e., all requirements of section 5.3) Documentation Supplied to Personnel The RAPIDPIV-I CA, CMS, and CSA makes available to its personnel the RAPIDPIV-I Certificate Policy, this CPS, and any relevant SOPs and Handbooks. These documents are distributed during training as well as kept in private corporate repositories, as appropriate. The Eid Passport RAPIDPIV-I CP is available on the Eid Passport website. Other technical, operations, and administrative documents (i.e., the RPS, SOPs, etc.) are provided in order for the trusted personnel to perform their duties. Page 44 of 97

45 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Documentation is maintained identifying all personnel who received training and the level of training completed. 5.4 Audit Logging Procedures Audit log files are generated for all events relating to the security of the CAs, CMSs, CSAs, and RAs. Where possible, the security audit logs are automatically collected. Where this is not possible, a logbook, paper form, or other physical mechanism are used. All security audit logs, both electronic and non-electronic, are retained and made available during compliance audits. The security audit logs for each auditable event defined in this Section are maintained in accordance with section Audit records are accumulated manually from the servers in the CMS, and the CMS Audit Administrators manage and monitor all Audit data. The RAPIDPIV-I CA and CSA infrastructure uses automated systems with the same security controls Types of Events Recorded All security auditing capabilities of the RAPIDPIV-I CA, CMS, CSA, and RA operating system and the CA, CMS, CSA, and RA applications required by this CPS are enabled. As a result, most of the events identified in the table are automatically recorded. At a minimum, each audit record includes the following (either recorded automatically or manually for each auditable event): a. The type of event; b. The date and time the event occurred; c. Success or failure where appropriate; d. The identity of the entity and/or operator that caused the event; and e. A message from any source requesting an action by a CA is an auditable event. That message must include message date and time, source, destination and contents. The following events are audited: SECURITY AUDIT Auditable Event CA CSA RA CMS Any changes to the Audit parameters, i.e., audit frequency, type of event audited X X X X Any attempt to delete or modify the Audit logs X X X X Obtaining a third-party time-stamp X X X X IDENTITY-PROOFING Successful and unsuccessful attempts to assume a role X X X X The value of maximum number of authentication attempts is changed The number of unsuccessful authentication attempts exceeds the maximum authentication attempts during user login X X X X X X X X Page 45 of 97

46 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted An Administrator unlocks an account that has been locked as a result of unsuccessful authentication attempts An Administrator changes the type of authenticator, i.e., from a password to a biometric X X X X X X X X LOCAL DATA ENTRY All security-relevant data that is entered in the system X X X X REMOTE DATA ENTRY All security-relevant messages that are received by the system X X X X DATA EXPORT AND OUTPUT All successful and unsuccessful requests for confidential and security-relevant information X X X X KEY GENERATION Whenever the Component generates a key (not mandatory for single session or one-time use symmetric keys) X X X X PRIVATE KEY LOAD AND STORAGE The loading of Component Private Keys X X X X All access to Certificate subject Private Keys retained within the CA for key recovery purposes X N/A N/A X Auditable Event CA CSA RA CMS TRUSTED PUBLIC KEY ENTRY, DELETION AND STORAGE All changes to the trusted Component Public Keys, including additions and deletions X X X X SECRET KEY STORAGE The manual entry of secret keys used for authentication X X X X PRIVATE AND SECRET KEY EXPORT The export of private and secret keys (keys used for a single session or message are excluded) X X X X CERTIFICATE REGISTRATION All Certificate Requests X N/A X X CERTIFICATE REVOCATION All Certificate revocation requests X N/A X X CERTIFICATE STATUS CHANGE APPROVAL The approval or rejection of a Certificate status change request X N/A N/A X CA CONFIGURATION Page 46 of 97

47 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Any security-relevant changes to the configuration of the Component X X X X ACCOUNT ADMINISTRATION Roles and users are added or deleted X - - X The access control privileges of a user account or a role are modified X - - X CERTIFICATE PROFILE MANAGEMENT All changes to the Certificate profile X N/A N/A X CERTIFICATE STATUS AUTHORITY MANAGEMENT All changes to the CSA profile (i.e. OCSP profile) N/A X N/A N/A REVOCATION PROFILE MANAGEMENT All changes to the revocation profile X N/A N/A N/A CERTIFICATE REVOCATION LIST PROFILE MANAGEMENT All changes to the Certificate revocation list profile X N/A N/A N/A MISCELLANEOUS Appointment of an individual to a Trusted Role X X X X Designation of personnel for multiparty control X - N/A X Installation of the Operating System X X X X Installation of the PKI Application X X X X Installation of hardware cryptographic modules X X X X Removal of hardware cryptographic modules X X X X Destruction of cryptographic modules X X X X System Startup X X X X Logon attempts to PKI Application X X X X Receipt of hardware / software X X X X Attempts to set passwords X X X X Attempts to modify passwords X X X X Back up of the internal CA database X - - X Restoration from back up of the internal CA database X - - X File manipulation (i.e., creation, renaming, moving) X Posting of any material to a PKI Repository X Auditable Event CA CSA RA CMS Access to the internal CA database X X - - All Certificate compromise notification requests X N/A X X Loading tokens with Certificates X N/A X X Page 47 of 97

48 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Shipment of Tokens X N/A X X Zeroizing and Destroying Tokens X N/A X X Re-key of the Component X X X X CONFIGURATION CHANGES Hardware X X - X Software X X X X Operating System X X X X Patches X X - X Security Profiles X X X X PHYSICAL ACCESS / SITE SECURITY Personnel Access to room housing Component X - - X Access to the Component X X - X Known or suspected violations of physical security X X X X ANOMALIES Software error conditions X X X X Software check integrity failures X X X X Receipt of improper messages X X X X Misrouted messages X X X X Network attacks (suspected or confirmed) X X X X Equipment failure X - - X Electrical power outages X - - X Uninterruptible Power Supply (UPS) failure X - - X Obvious and significant network service or access failures X - - X Violations of Certificate Policy X X X X Violations of Certification Practice Statement X X X X Resetting Operating System clock X X X X Frequency of Processing Audit Logs Audit logs are reviewed at least once every thirty (30) days. All anomalies identified by Trusted Roles are investigated immediately by the Audit Administrator. A statistically significant sample of security audit data generated by the RAPIDPIV-I CA, CMS, CSA, or RA since the last review is examined (where the confidence intervals for each category of security audit data are determined by the security ramifications of the category and the availability of tools to perform such a review), as well as a reasonable search for any evidence of malicious activity. The Audit Administrator explains all significant events in an audit log summary. Such reviews involve verifying that the log has not been tampered with, there is no discontinuity or other loss of audit data, and then briefly inspecting all log entries, with a more thorough investigation of any alerts or irregularities in the logs. Page 48 of 97

49 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Actions taken as a result of these reviews are documented. Audit logs are removed by trusted personnel and monitored periodically to ensure they do not exceed system capacity. Data is backed up regularly, placed into a secure container and labeled with the date Retention Period for Audit Logs RAPIDPIV-I PKI Audit logs are retained onsite for at least sixty (60) days as well as being retained in the manner described in section 5.5. For the CA, CMS, and CSA, an Audit Administrator is the only person responsible for managing the audit log (i.e., review, backup, rotate, delete, etc.). For any logs pertaining to the RA workstation, a System Administrator other than the RA is responsible for managing the audit log Protection of Audit Log System configuration and procedures are implemented together to ensure the following: 1. Only authorized people, per section 5.4.3, have read access to the logs; 2. Only authorized people, per section 5.4.3, may archive audit logs; and 3. Audit logs are not modified. Procedures are in place to protect archived data from destruction prior to the end of the audit log retention period (note that deletion requires modification access). Audit logs are moved to a safe, secure storage location separate from the CA equipment. It is acceptable for the system to over-write audit logs after they have been backed-up and archived Audit Log Backup Procedures Audit logs and audit summaries arebacked up every thirty (30) days. A copy of the audit log is sent off-site in accordance with policy in the CP every thirty (30) days Audit Collection System (Internal vs. External) The audit log collection system may or may not be external to the RAPIDPIV-I CA, CMS, CSA, or RA. {Redacted} Should it become apparent that an automated audit system has failed, and the integrity of the system or confidentiality of the information protected by the system is at risk, then the EPMA determines whether to suspend operation until the problem is remedied Notification to Event-Causing Subject No notice that an event was audited is given to the individual, organization, device, or application that caused the event Vulnerability Assessments No stipulation beyond section Records Archival Types of Records Archived RAPIDPIV-I CA, CMS, CSA, and RA archive records are sufficiently detailed to establish the proper operation of the component or the validity of any certificate (including those revoked or expired) issued by the CA. Data To Be Archived CA CSA RA CMS Certification Practice Statement X X X X Page 49 of 97

50 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Certificate Policy X X X X Contractual obligations X X X X System and equipment configuration X X - X Modifications and updates to system or configuration X X - X Certificate Requests X - - X Revocation requests X - - X Subscriber identity authentication data as per section X N/A X X Documentation of receipt and acceptance of Certificates, including Subscriber Agreements X N/A X X Documentation of receipt of Tokens X N/A X X All Certificates issued or published X N/A N/A X Record of Component CA Re-key X X X X All CRLs and CRLs issued and/or published X N/A N/A N/A All Audit Logs X X X X Other data or applications to verify archive contents X X X X Documentation required by compliance auditors X X X X Compliance Audit Reports X X X X Retention Period for Archive The retention period for archive data is ten (10) years and six (6) months for all certificates. Archive records are collected according to the applicability of the archived system. Paper documents are periodically sent to the off-site location for long-term storage. Electronic records are stored in removable media and sent to the off-site location for long-term storage. See section for details on how records are collected. Applications required to process the archive data is maintained by the RAPIDPIV-I PKI for the minimum retention period specified above Protection of Archive No unauthorized user is permitted to write to, modify, or delete the archive. For the RAPIDPIV-I CA, CMS, and CSA, the authorized individuals are Audit Administrators. The contents of the archive are not released except as determined by the EPMA for the Eid RAPIDPIV-I CA, or as required by law. Records of individual transactions are released upon request of any Subscribers involved in the transaction or their legally recognized agents. Archive media is stored in a safe, secure storage facility separate from the component (CA, CMS, CSA, or RA) with physical and procedural security controls (see section 5.1) Archive Backup Procedures {Redacted} Requirements for Time-Stamping of Records RAPIDPIV-I CA archive records contain time and date information. Timestamping is done as per section Archive Collection System (Internal vs. External) No stipulation. Page 50 of 97

51 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Procedures to Obtain and Verify Archive Information Procedures detailing how to create, verify, package, and transmit archive information is found in section 5.4.2, and Key Changeover When a RAPIDPIV-I CA key expires, a new CA key pair is generated to replace it. The old keys are retained to issue CRLs for Subscriber certificates that the CA issued under it and are still valid. The CA does not issue any more certificates from the expired CA keys and when all Subscriber certificates issued by the expired keys themselves expire, the CA ceases all operations from those keys. The following table provides the maximum life times for private keys and certificates issued under this policy. Key 2048 Bit Keys Private Key Certificate eidrootca 20 years 20 years Eid RAPIDPIV-I Signing CA 5 years 10 years Subscriber Identity or Signature 3 years 3 years Subscriber Encryption 3 years 3 years eidpiv-i Content Signer 4 Years 10 Years OCSP Responder 3 years 1 month Server 3 years 3 years eidpiv-i-hardware and eidpiv-i-cardauth certificate expiration is no later than the expiration date of the hardware token on which the certificates reside. In no case may a RAPIDPIV-I CA issue any certificate whose expiration extends beyond the expiration of the CA certificate. 5.7 Compromise and Disaster Recovery Incident and Compromise Handling Procedures If the RAPIDPIV-I CA, CSA or CMS detects a potential hacking or cracking attempt or other form of compromise, the OA performs an investigation in order to determine the nature and the degree of damage. If the CA, CSA or CMS key is suspected of compromise, the procedures outlined in section are followed. Otherwise, the scope of potential damage is assessed in order to determine if the CA, CSA or CMS needs to be rebuilt, only some certificates need to be revoked, and/or the CA, CSA or CMS key needs to be declared compromised. The RAPIDPIV-I EPMA and the CBCA PMA is notified if any of the following cases occur: a. Suspected or detected compromise of a RAPIDPIV-I CA system; b. Physical or electronic attempts to penetrate a RAPIDPIV-I CA system; c. Denial of service attacks on a RAPIDPIV-I CA component; or d. Any incident preventing a RAPIDPIV-I CA from issuing a CRL within twenty-four (24) hours of the time specified in the next update field of its currently valid CRL. The RAPIDPIV-I EPMA and the CBCA PMA is notified if any of the following cases occur: a. A CA certificate revocation for any reason is planned; or b. Any incident preventing a RAPIDPIV-I CA from issuing a CRL within twenty-four (24) hours of the time specified in the next update field of its currently valid CRL. Page 51 of 97

52 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted These measures allow the RAPIDPIV-I PKI and the CBCA to protect their interests as Relying Parties. The CA Operational Authority re-establishes operational capabilities as quickly as possible in accordance with procedures set forth in this CPS. If the CMS is compromised, all certificates issued to the CMS are revoked. The damage caused by the CMS compromise is assessed and all Subscriber certificates that may have been compromised are revoked, and Subscribers are notified of such revocation. The CMS is re-established Computing Resources, Software, and/or Data are Corrupted If a RAPIDPIV-I CA or CSA equipment is damaged or rendered inoperative, but the signature keys are not destroyed, the operation is re-established as quickly as possible, giving priority to the ability to generate certificate status information and ensuring that the system s security integrity has been restored. A voluntary Delta Audit is suggested in these circumstances to give Relying Parties and the CBCA assurance of system integrity. If a RAPIDPIV-I CA cannot issue a CRL prior to the time specified in the next update field of its currently valid CRL, then the CBCA is securely (with confidentiality, source authentication, and integrity security services applied) notified immediately. This allows the CBCA to protect their cross-certified partners and Subscribers' interests as Relying Parties. The CA re-establishes revocation capabilities as quickly as possible in accordance with procedures set forth in this CPS. If revocation capability can not be established in a reasonable timeframe, the OA determines whether to request revocation of its certificate(s). If the CA is a Root CA, the EPMA notifies the CBCA and determines whether to notify all Subscribers as applicable that use the CA as a trust anchor to delete the trust anchor Private Key Compromise Procedures If a RAPIDPIV-I CA s signature keys are compromised, lost, or are suspected of compromise: {Redacted} a. A new CA key pair is generated by the CA; b. New CA certificates are requested in accordance with the initial registration process set elsewhere in this CPS; c. The CA requests all Subscribers to re-key using the procedures outlined in section 3.3.2; and d. If the CA is the Root CA, it provides the the CBCA and all Subscribers as applicable the new trust anchor using secure means. The EPMA also investigates what caused the compromise or loss, and what measures must be taken to preclude recurrence. If a RAPIDPIV-I CSA key is compromised, all certificates issued to the CSA are revoked, if applicable. The CSA generates a new key pair and request new certificate(s), if applicable. If the CSA is a trust anchor, the relying parties are provided with the new trust anchor in a secure manner (so that the trust anchor integrity is maintained) to replace the compromised trust anchor. If a RAPIDPIV-I CMS key is compromised, all certificates issued to the CMS are revoked. The CMS generates a new key pair and request new certificate(s). If a RAPIDPIV-I RA's signature keys are compromised, lost, or are suspected of compromise: a. The RA certificate is immediately revoked; b. A new RA key pair is generated in accordance with procedures set forth in this CPS; c. A new RA certificate is requested in accordance with the initial registration process set elsewhere in this CPS; Page 52 of 97

53 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement d. All certificate registration requests approved by the RA since the date of the suspected compromise are reviewed to determine which ones are legitimate; and e. For those certificate Requests or approvals that cannot be ascertained as legitimate, the resultant certificates are revoked and their subjects (i.e., Subscribers) are notified of revocation Business Continuity Capabilities after a Disaster In the event that all copies of the RAPIDPIV-I CA Signing Key are destroyed, the OA at the EPMA s request revokes the keys. The CA follows the procedures for CA key loss in section above. 5.8 CA, CMS, CSA, or RA Termination In the event of a RAPIDPIV-I CA, CMS, CSA, or RA termination, the appropriate service requests all certificates issued to it be revoked and the EPMA provides notice to the CBCA prior to the termination. In the case of a RAPIDPIV-I PKI CA termination the CBCA PMA is given as much advance notice as circumstances permit, and attempts to provide alternative sources of interoperation are sought. In addition: a. A CA, CMS, CSA, and RA archives all audit logs and other records prior to termination. b. A CA, CMS, CSA, and RA destroys all its private keys upon termination. c. CA, CMS, CSA, and RA archive records are transferred to the control of the EPMA which will oversee and direct the proper long term storage and security of the records. d. If a Root CA is terminated, the EPMA uses secure means to notify the Subscribers to delete all trust anchors representing the terminated CA. Page 53 of 97

54 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted 6 TECHNICAL SECURITY CONTROLS {Redacted} Figure 2 - Eid Passport PKI Architecture Page 54 of 97

55 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement 6.1 Key Pair Generation and Installation Key Pair Generation The following table provides the requirements for key pair generation in the RAPIDPIV-I PKI: Entity FIPS 140-1/2 Level Hardware or Software Key Storage Restricted to the Module on Which the Key was Generated CA 3 Hardware Same CMS 3 4 Hardware Same RA 2 Hardware Same OCSP Responder 2 Hardware Same Content Signing 2 Hardware Same Card Authentication 2 Hardware Same (section 11 also applies) Subscriber Identity or Signature 2 (For eidpiv-ihardware section 11 also applies) Hardware Same Subscriber Encryption 2 Hardware No Requirement (For eidpiv-ihardware section 11 also applies) Server 2 Hardware Same Subscriber Identity or Signature 1 Software Same Subscriber Encryption 1 Software Same Random numbers for medium-hardware and medium-cbp-hardware assurance level keys are generated in FIPS Level 2-validated hardware cryptographic modules. When private keys are not generated on the token to be used, originally generated private keys are destroyed after they have been transferred to the token. This does not prohibit the key generating modules to further act as the key escrow module. At no time does the private key appear as plain text outside the cryptographic module on which it resides Multiparty control is used for RAPIDPIV-I CA key pair generation, as specified in section The CA key pair generation process creates a verifiable audit trail that the security requirements for procedures were followed. Activation of the RAPIDPIV-I CMS Master Key require strong authentication of Trusted Roles. 4 Although the requirement is for only FIPS Level 2 compliance, the CMS is a de-facto Key Server according to the requirements of the CertiPath KRP. Therefore, since the RAPIDPIV-I CMS operating under this policy is also handling Encryption keys, to prevent confusion, the more stringent requirement of Level 3 imposed by the CertiPath KRP is called out here. Page 55 of 97

56 {Redacted} RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Key diversification operations by the CMS occurs on the CMS hardware cryptographic module. The diversified keys are only stored in hardware cryptographic modules that support eidpiv-i-hardware. CMS Master Key and diversified keys are protected from unauthorized disclosure and distribution. Both physical and logical security procedures in the CMS infrastructure enforces these requirements, as seen in section 5.2 and Private Key Delivery to Subscriber RAPIDPIV-I CAs generate their own key pair and therefore do not need private key delivery. The private key is delivered securely to the Subscriber. Private keys are delivered on a hardware cryptographic module. In all cases, the following requirements are met: a. Anyone who generates a private signing key for a Subscriber does not retain any copy of the key after delivery of the private key to the Subscriber; b. The private key is always protected from activation, compromise, or modification during delivery to the Subscriber by means of the RA handing the credential to the Subscriber; c. The Subscriber acknowledges receipt of the private key(s) by physically receiving the credential and signing the Subscriber Agreement form; and d. Delivery is accomplished in a way that ensures that the correct tokens and activation data are provided to the correct Subscribers: i. For hardware modules, accountability for the location and state of the module is maintained until the Subscriber accepts possession of it; and ii. For electronic delivery of private keys, the key material is encrypted using a cryptographic algorithm and key size at least as strong as the private key. Activation data is delivered using a separate secure channel. The RAPIDPIV-I CA, or CMS or the RA maintains a record of the Subscriber acknowledgement of receipt of the token Public Key Delivery to Certificate Issuer {Redacted} CA Public Key Delivery to Relying Parties The public key of a trust anchor is provided to the Subscribers acting as Relying Parties in a secure manner so that the trust anchor is not vulnerable to modification or substitution. Acceptable methods for delivery of trust anchor include but are not limited to the following: a. At the time of certificate enrollment by the RA, the RA imports the Root CA Certificate and the RAPIDPIV-I CA certificate onto the Subscriber smart card.; b. Comparison of certificate hash (fingerprint) against trust anchor hash made available via authenticated out-of-band sources (note that fingerprints or hashes published in-band along with the certificate are not acceptable as an authentication mechanism); or c. Downloading trust anchor certificates from publicly available web sites secured with a RAPIDPIV-I web server certificate Key Sizes If the EPMA determines that the security of a particular algorithm may be compromised, it may require the CAs to revoke the affected certificates. Page 56 of 97

57 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement All certificates (including self-signed certificates), CRLs, and other protocols used by the PKI (i.e., Transport Layer Security (TLS)) uses the following algorithm suites. Cryptographic Function Expire before 12/31/2030 Expire after 12/31/2030 Public keys in CA, Identity, Authentication, and Digital Signature Certificates; CRL Signatures; and OCSP (FIPS 186-3) Public Keys in Encryption Certificates (PKCS 1 for RSA and NIST SP A for ECDH) 2048 bit RSA, 224 bit ECDSA in prime field, or 233 bit ECDSA in binary field 2048 bit RSA, 224 bit ECDH in prime field, or 233 bit ECDH in binary field 3072 bit RSA, 256 bit ECDSA in prime field, or 283 bit ECDSA in binary field 3072 bit RSA, 256 bit ECDSA in prime field, or 283 bit ECDSA in binary field Symmetric Encryption 3 Key TDES or AES AES Cryptographic Function Issued before 12/31/2030 Issued after 12/31/2030 Hashing Algorithm for Certificates SHA-256 SHA-256 CRLs, OCSP Responder certificates, and OCSP Responses use the same or stronger signature algorithms, key sizes, and hash algorithms as used by the CA to sign the certificate in question. All eidpiv-i-hardware and eidpiv-i-cardauth certificates contain public keys and algorithms that conform to NIST SP Public Key Parameters Generation and Quality Checking RSA keys are generated in accordance with FIPS Prime numbers for RSA are generated or tested for primality in accordance with FIPS ECDSA and ECDH keys are generated in accordance with FIPS Curves from FIPS are used Key Usage Purposes The use of a specific key is determined by the key usage extension in the X.509 certificate. In particular: a. Certificates to be used for Digital Signatures set the digitalsignature and nonrepudiation bits; b. Certificates to be used for encryption set the keyencipherment bit; c. Certificates to be used for key agreement set the keyagreement bit; d. CA certificates include crlsign and CertSign bits; and e. Certificates to be used for authentication set the digitalsignature bit only. Public keys that are bound into certificates are certified for use in signing or encrypting, but not both. This restriction is not intended to prohibit use of protocols (like the Secure Sockets Layer) that provide authenticated connections using Key Management certificates and require setting both digitalsignature and keyencipherment bits to be set. Page 57 of 97

58 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted For Subscriber certificates the Extended Key Usage extension is always present and does not contain anyextendedkeyusage { }. The extended key usage meets the requirements stated in Table Extended Key Usage OIDs are consistent with key usage bits asserted. 6.2 Private Key Protection and Cryptographic Module Engineering Controls Cryptographic Module Standards and Controls The relevant standard for cryptographic modules is FIPS PUB 140-2, Security Requirements for Cryptographic Modules. The EPMA may determine that other comparable validation, certification, or verification standards are sufficient. These standards are published by the EPMA. Cryptographic modules are validated to the FIPS level identified in section 6.1, or validated, certified, or verified to requirements published by the EPMA. The table in section summarizes the minimum requirements for cryptographic modules; higher levels may be used. Private keys do not exist in plaintext form outside of the cryptographic module Private Key Multi-Person Control Use of a RAPIDPIV-I CA or CSA private signing key or an eidpiv-i-contentsigning private key requires action by at least two persons. See section for information regarding separation of duties Private Key Escrow Under no circumstances does a third party escrow any signature key. Recovery of the private encryption key is under dual-person control. The methods, procedures and controls which apply to the storage, request for, extraction and/or retrieval, delivery, protections and destruction of the requested copy of an escrowed subscriber private encryption key are described in the RAPIDPIV-I Key Recovery Practice Statement (KRPS) Private Key Backup Backup of CA Private Signature Key In order to enable disaster recovery of a CA infrastructure, the RAPIDPIV-I CAs and CSA private keys are backed up. {Redacted} Backup of CMS Private Keys Similar to the RAPIDPIV-I CA infrastructure, CMS private signature and authentication keys are backed up and copies stored securely in a backup facility subject to the same security policy and practice requirements for accountability and protection as the main CMS site Backup of Subscriber Private Signature Key Subscriber private signature keys based on medium-hardware or medium-cbp-hardware are not backed up or copied CSA Private Key Backup See section eidpiv-i Content Signing Key Backup The eidpiv-i-contentsigning private keys are backed up under the same multi-person control as the operational Content Signing key. A single backup copy of the key is stored at the Content Signing system location. The eidpiv-i contentsigning private keys are backed up to tokens and stored off site under the same security controls as the RAPIDPIV-I CMS infrastructure is subject to as found in section 5.1. Page 58 of 97

59 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Private Key Archival Private signature keys are not archived Private Key Transfer Into or From a Cryptographic Module CA, CMS, and CSA private keys are generated by and remain in a FIPS approved cryptographic module. The CA, CMS, and CSA private keys may be backed up in accordance with the appropriate sub-part of section Private or symmetric keys used to encrypt other private keys for transport are protected from disclosure using the security controls as appropriate in section Private Key Storage on Cryptographic Module The cryptographic module may store private keys in any form as long as the keys are not accessible without the use of an authentication mechanism that is in compliance with the FIPS rating of the cryptographic module. {Redacted} Method of Activating Private Key The user of a cryptographic module is authenticated to the cryptographic module before the activation of any private key(s). {Redacted} For eidpiv-i-cardauth certificates, user activation of the private key is not required. {Redacted} Method of Deactivating Private Key The cryptographic modules that have been activated are not left unattended or otherwise available to unauthorized access. {Redacted} Method of Destroying Private Key Private signature keys are destroyed when they are no longer needed, or when the certificates to which they correspond expire or are revoked. For hardware cryptographic modules, this is done by executing a hardware security module-specific command to destroy the key. Physical destruction of hardware is not required. For smart cards, the certificates are revoked and the card is shredded, if recovered Cryptographic Module Rating See section Other Aspects of Key Pair Management Public Key Archival The public key is archived as part of the certificate archival Certificate Operational Periods and Key Pair Usage Periods See section 5.6. Page 59 of 97

60 6.4 Activation Data RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Activation Data Generation and Installation RAPIDPIV-I Subscribers are instructed at issuance to select their own PIN as per section 6.2.8, and the RA gives guidance on the required PIN type and length, as well as protection of the private keys. {Redacted} Activation Data Protection {Redacted} Other Aspects of Activation Data RAPIDPIV-I CAs, CSAs, and RAs change the activation data whenever the token is re-keyed or returned from maintenance. For eidpiv-i assurance, the activation data is always reset upon a successful biometric one-to-one match of the applicant by an RA or a Trusted Agent against the biometrics collected during the identity proofing process described in section Computer Security Controls Specific Computer Security Technical Requirements The following computer security functions are provided by the operating system, or through a combination of operating system, software, and physical safeguards. The RAPIDPIV-I CA, CMS, CSA and RA includes the following functionality: a. Require authenticated logins; b. Provide Discretionary Access Control, including managing privileges of users to limit users to their assigned roles; c. Provide a security audit capability (see section 5.4); d. Prohibit object re-use; e. Require use of cryptography for session communication and database security; f. Require a trusted path for identification and authentication; g. Provide self-protection for the operating system; h. Require self-test of security-related CA services (i.e., check the integrity of the audit logs); and, i. Support recovery from key or system failure. The CA, CSA, RA and CMS computer systems are configured with the minimum of the required accounts, network services, and does not permit remote login. They are configured with only those applications and services necessary for operation of the systems. RA credentials are maintained at all times by the RA that credential is assigned to. Whenever the RA leaves the workstation the RA pulls the credential from the workstation. Pulling the credential from the workstation deactivates it. The eidrootca is offline when not in use Computer Security Rating No stipulation. Page 60 of 97

61 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement 6.6 Life-Cycle Technical Controls System Development Controls {Redacted} Security Management Controls The configuration of the C RAPIDPIV-I A, CMS, and CSA system as well as any modifications and upgrades are documented and controlled. There is a mechanism for detecting unauthorized modification to the CA, CMS, and CSA software or configuration. A formal configuration management methodology is used for installation and ongoing maintenance of the CMS system. Software and hardware versions, including updates/upgrades are documented upon installation and tracked through its lifecycle. {Redacted} Life-Cycle Security Controls No stipulation. 6.7 Network Security Controls The eidrootca is operated off-line with no Internet connections. RAPIDPIV-I CAs, CSAs, CMSs, and RAs employ appropriate security measures to ensure they are guarded against denial of service and intrusion attacks. Firewalls and filtering routers are installed. {Redacted} 6.8 Time-Stamping All CA, CSA, and CMS components regularly synchronize with the National Institute of Standards and Technology (NIST) Atomic Clock or the NIST Network Time Protocol (NTP) Service. Time derived from the time service is used for establishing the time: a. Initial validity time of a Subscriber s certificate; b. Revocation of a Subscriber s certificate; c. Publishing of CRL updates; and d. OCSP or other CSA responses. Asserted times areaccurate to within three (3) minutes. Electronic or manual procedures are used to maintain system time. Clock adjustments are auditable events as listed in section Page 61 of 97

62 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted 7 CERTIFICATE, CRL, AND OCSP PROFILES 7.1 Certificate Profile Version Numbers The RAPIDPIV-I CAs issue X.509 v3 certificates (populate version field with integer "2") Certificate Extensions Critical private extensions in certificates are interoperable in their intended community of use. Issuer CA and Subscriber certificates include any extensions as specified by RFC 5280 in a certificate, but always include those extensions required by this CPS. Any optional or additional extensions are non-critical and do not conflict with the certificate and CRL profiles defined in this CPS. Section 10 contains the certificate formats Algorithm Object Identifiers Certificates issued under the Eid Passport RAPIDPIV-I CP uses the following OIDs for signatures: sha256withrsaencryption {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 11} ecdsa-with-sha256 {iso(1) member-body(2) us(840) ansi-x9-62(10045) signatures(4) specified(3) sha256(2)} Certificates issued under this CPS use the following OIDs for identifying the subject public key information: rsaencryption {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1} id-ecpublickey {iso(1) member-body(2) us(840) ansi-x9-62(10045) public-keytype(2) 1} Name Forms The subject and issuer fields of the certificate are populated with a unique Distinguished Name in accordance with one or more of the X.500 series standards, with the attribute type as further constrained by RFC Subject and issuer fields include attributes as detailed in the tables below Issuer and Subject Name Form for RAPIDPIV-I CAs USAGE ATTRIBUTE REQUIRED COUNT CONTENT Recommended CN 0 1 Descriptive name for CA, i.e., CN=eidRootCA Optional OU 0 N As needed Recommended OU 0 1 Certificate Authorities or similar text Required O 1 Issuer name, i.e., O=Eid Passport Required C 1 Country name, i.e., C=US Subject Name Form for non-cas USAGE ATTRIBUTE REQUIRED COUNT CONTENT Page 62 of 97

63 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Required See right 1 N Additional naming attributes for uniquely identifying the subject including common name, serialnumber, , etc. Optional OU 0 N As needed, i.e., The name of the Affiliated organization or Unaffiliated as per 3.1 Required O 1 Issuer name, i.e., O=Eid Passport exactly as it appears in the CA certificate(s) Required C 1 Country name, i.e., C=US exactly as it appears in the CA certificate(s) When multiple values exist for an attribute in a DN, the DN is encoded so that each attribute value is encoded in a separate relative distinguished name Name Constraints RAPIDPIV-I Root CAs may assert critical or non-critical name constraints beyond those specified in the certificate Formats in section 10 subject to the requirements above. The RAPIDPIV-I Signing CA establishes a pseudonymous Subscriber Subject name to meet local privacy regulations as long as such name is unique and traceable to a corresponding Subscriber. Issuer names are not obscured Certificate Policy Object Identifier CA and Subscriber certificates issued under the RAPIDPIV-I CP asserts one or more of the certificate Policy OIDs listed in section 1.2. When a RAPIDPIV-I CA asserts a policy OID, it asserts all lower assurance policy OIDs Usage of Policy Constraints Extension RAPIDPIV-I Root CAs adhere to the policy constraints identified in the certificate formats described in the RAPIDPIV-I CP, since inhibiting policy mapping may limit interoperability Policy Qualifiers Syntax and Semantics Certificates issued under the RAPIDPIV-I CP contain policy qualifiers as follows: Policy name and CP pointers Processing Semantics for the Critical Certificate Policies Extension Processing semantics for the critical certificate policies extension conform to the RFC 5280 certification path processing rules. 7.2 CRL Profile Version Numbers CAs issue X.509 version two (v2) CRLs (populate version field with integer "1") CRL and CRL Entry Extensions Critical private extensions areinteroperable in their intended community of use. Section 10 contains the CRL formats. Page 63 of 97

64 7.3 OCSP Profile RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted OCSP requests and responses arein accordance with RFC Section 10 contains the OCSP request and response formats Version Numbers The OCSP version number for request and responses is v OCSP Extensions Responses support the nonce extension. Page 64 of 97

65 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement 8 COMPLIANCE AUDIT AND OTHER ASSESSMENTS 8.1 Frequency or Circumstances of Assessments The RAPIDPIV-I CAs, CMS, CSA, and RAs are subject to annual compliance audits. 8.2 Identity and Qualifications of Assessor The compliance auditor chosen by the RAPIDPIV-I PKI is under a contractual relationship with Eid Passport, and is in no way employed by or affiliated with Eid Passport. {Redacted} 8.3 Assessor's Relationship to Assessed Entity The RAPIDPIV-I compliance auditor as mentioned earlier is in no way affiliated with Eid Passport. The compliance auditor has more than five (5) years of experience auditing PKI services and meets all RAPIDPIV- I CP requirements for experience in all PKI disciplines including engineering and design, cryptography and security. 8.4 Topics Covered by Assessment The purpose of a compliance audit is to verify that the RAPIDPIV-I PKI operates in accordance with the CP, and this CPS. The compliance audit includes an assessment of this CPS against the RAPIDPIV-I CP, to determine that this CPS adequately addresses and implements the requirements of the CP. 8.5 Actions Taken as a Result of Deficiency The EPMA may determine that a RAPIDPIV-I CA is not complying with its obligations as set forth in the CP, or this CPS. When such a determination is made, the EPMA may suspend operation, may revoke the CA, or take other actions as appropriate. When the compliance auditor finds a discrepancy between how the CA is designed or is being operated or maintained, and the requirements of the CP, or this CPS, the following actions is performed: a. The compliance auditor notes the discrepancy; b. The compliance auditor notifies the EPMA of the discrepancy; c. The EPMA notifies the CBCA PMA promptly; and d. The party responsible for correcting the discrepancy determines what further notifications or actions are necessary pursuant to the requirements of this CPS, and then proceed to make such notifications and take such actions without delay. Depending upon the nature and severity of the discrepancy, and how quickly it can be corrected, the EPMA may decide to temporarily halt operation of the RAPIDPIV-I CA, to revoke a certificate issued by the CA, or take other actions it deems appropriate. 8.6 Communication of Results An Audit Compliance Report, including identification of corrective measures taken or being taken is provided to the EPMA as set forth in section 8.1. The report identifies the versions of the CP and CPS used in the assessment. Additionally, where necessary, the results arecommunicated as set forth in 8.5 above. Page 65 of 97

66 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted 9 OTHER BUSINESS AND LEGAL MATTERS 9.1 Fees Certificate Issuance or Renewal Fees Eid Passport in its sole discretion may charge end-user Subscribers for the issuance, management, and renewal of Certificates provided by the RAPIDPIV-I PKI Certificate Access Fee Eid Passport in its sole discretion may charge fees related to the RAPIDPIV-I PKI services. Eid Passport does not charge Relying Parties for access to certificates or certificate information published in the RAPIDPIV-I PKI Repository Revocation or Status Information Access Fees Eid Passport in its sole discretion may charge fees related to enhanced revocation information or certificate status services. Eid Passport does not charge Relying Parties for access to basic certificate revocation or status information published in the RAPIDPIV-I PKI Repository Fees for Other Services Eid Passport in its sole discretion may charge fees for other RAPIDPIV-I PKI services Refund Policy Refunds are not provided. 9.2 Financial Responsibility Insurance Coverage Eid Passport maintains reasonable levels of insurance coverage for its foreseeable liabilities to participants in connection with the RAPIDPIV-I PKI services. RAs and other RAPIDPIV-I PKI participants that provide certification services to support performance of their operational PKI responsibilities are required to maintain reasonable levels of such insurance coverage to address all foreseeable liability obligations to Eid Passport and other RAPIDPIV-I PKI participants Other Assets Eid Passport maintains sufficient financial resources to reasonably maintain operations and fulfill duties in connection with the RAPIDPIV-I PKI services. RAs and other RAPIDPIV-I PKI participants that provide certification services to support performance of their operational PKI responsibilities are required to maintain sufficient financial resources to reasonably maintain operations, fulfill duties, and address commercially reasonable liability obligations to Eid Passport and other RAPIDPIV-I PKI participants Insurance or Warranty Coverage for End-Entities Eid Passport does not provide insurance or warranty protection to end entities except as may be expressly described in this CPS. 9.3 Confidentiality of Business Information The treatment of confidential business information exchanged with external PKIs in the context of submitting an application for cross certification isin accordance with the terms of such agreements as may be entered into between the applicable entity and Eid Passport. Page 66 of 97

67 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement 9.4 Privacy of Personal Information For the purposes of the RAPIDPIV-I PKI-related services, the RAPIDPIV-I PKI collects, stores, processes, and may disclose personally identifiable information in accordance with applicable laws and regulations and the Eid Passport Privacy Policy, located at the URL cited on the cover page of this CPS. RAs and other RAPIDPIV-I PKI participants that provide certification services to support performance of their operational PKI responsibilities arerequired to comply with applicable laws, regulations and privacy policies in connection with their storing, processing and disclosure of personally identifiable information. 9.5 Intellectual Property Rights Eid Passport owns and reserves all rights, title and interest in all intellectual property and other rights associated with all products and services in connection with the RAPIDPIV-I PKI services. Neither this CPS, the RAPIDPIV-I CA nor the RAPIDPIV-I OA knowingly violates intellectual property rights held by others Property Rights in Certificates and Revocation Information Eid Passport owns and reserves all rights, title and interest in all intellectual property and other rights in and to all RAPIDPIV-I PKI certificates and revocation information. For any certificates issued under the RAPIDPIV- I PKI, Eid Passport permits reproduction and distribution of certificates, provided that the certificates are reproduced in full and use of certificates is subject to a Memorandum of Agreement (or equivalent contractual agreement) with the relevant CA. Eid Passport permits Relying Parties to use revocation information to perform Relying Party functions, subject to Eid Passport s applicable terms and conditions Property Rights in the CP and this CPS Eid Passport owns and reserves all rights, title and interest in all intellectual property and other rights to the CP and this CPS Property Rights in Names Eid Passport owns and reserves all rights, title and interest in all intellectual property and other rights in the RAPIDPIV-I PKI name and all associated names. As between Eid Passport and a certificate Applicant, the certificate Applicant retains all rights, if any, in any trademark, service mark, or trade name of the certificate Applicant contained in any Customer Application Property Rights in Keys Key pairs corresponding to certificates of cross-certified CAs and Subscribers are the property of the crosscertified CAs and Subscribers that are the respective subjects of these certificates, subject to the rights of Subscribers regardless of the physical medium within which the certificates are stored and protected. Such persons retain all intellectual property rights in and to these key pairs. Notwithstanding the foregoing, eidrootca s root public keys and the root certificates containing them, including all RAPIDPIV-I CA public keys and self-signed certificates, are the sole and exclusive property of Eid Passport. 9.6 Representations and Warranties The RAPIDPIV-I PKI services are performed in conformance with applicable industry and government standards. Any express representations and warranties of the RAPIDPIV-I PKI and contractual partners iscontained in such written contractual agreements as may be entered into by such parties The RAPIDPIV-I CA Representations and Warranties The RAPIDPIV-I CA represents and warrants in applicable contractual agreements that, to its knowledge and to the extent within its control: a. Its signing private key is protected and no unauthorized person has had acces to that private key; b. Its representations made in any applicable agreements are true and accurate; Page 67 of 97

68 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted c. Each Subscriber has been required to represent and warrant that all information supplied by the Subscriber in connection with, and/or contained in the certificate is true; d. If applicable, Affiliated Organizations arerequired to contractually agree to conform to the provisions of this CPS; and e. The certificate is to be used by the Subsciber exclusively for authorized and legal purposes, consistent with this CPS or CP Subscribers A Subscriber isrequired to sign a document (i.e., a subscriber agreement) containing the requirements the Subscriber must meet respecting protection of the private key and use of the certificate before being issued the certificate. In signing the document described above, each Subscriber isrequired to agree to the following: a. Subscriber accurately represents itself in all communications with the PKI authorities; and b. Subscriber promptly notifies the appropriate CA upon suspicion of loss or compromise of its private keys. Such notification is made directly or indirectly through mechanisms consistent with this CPS. In signing the document described above, each Subscriber isrequired to represent and warrant, at a minimum, that: a. The data contained in any certificates issued to Subscriber is accurate; b. The Subscriber lawfully holds the private key corresponding to public key identified in the Subscriber's certificate; c. The Subscriber protects its private keys at all times, in accordance with this CPS, as stipulated in its certificate acceptance agreements, and local procedures; and d. The Subscriber abides by all the terms, conditions, and restrictions levied on the use of its private keys and certificates Relying Parties Parties that rely upon the certificates issued under a policy defined in this document arerequired to agree, at a minimum, to: a. Use the certificate solely for the purpose for which it was issued, as indicated in the certificate information (i.e., the key usage extension); b. Check each certificate for validity, using procedures described in the X.509 standard [ISO ] or successor standard, prior to reliance; c. Check each certificate for validity, using procedures described in the X.509 standard [ISO ] or successor standard, prior to reliance; d. Establish trust in the CA who issued a certificate by verifying the certificate path in accordance with the guidelines set by the X.509 Version 3 Amendment or its successor; and e. Preserve original signed data, the applications necessary to read and process that data, and the cryptographic applications needed to verify the Digital Signatures on that data for as long as necessary to verify the signature on that data Affiliated Organizations Affiliated Organizations arerequired to authorize the affiliation of Subscribers with the organization, and are required to inform the RAPIDPIV-I PKI CA in writing of any severance of affiliation with any current Subscriber. Page 68 of 97

69 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Other Participants No stipulation. 9.7 Disclaimers of Warranties To the extent permitted by applicable law, Policy Mapping Agreements, Cross-certificate Agreements, Memoranda of Understanding, and any other related contractual agreements may contain disclaimers of all warranties (other than any express warranties contained in such agreements). EXCEPT AS EXPRESSLY PROVIDED HEREIN OR IN A WRITTEN CONTRACTUAL AGREEMENT WITH EID PASSPORT, (A) CERTIFICATES ISSUED BY EID PASSPORT AND THE RAPIDPIV-I PKI ARE PROVIDED "AS IS", AND EID PASSPORT, ITS EMPLOYEES, OFFICERS, DIRECTORS, AGENTS, CONTRACTORS, ASSIGNS, REPRESENTATIVES, AND AFFILIATES DISCLAIM ALL OTHER WARRANTIES, CONDITIONS AND OBLIGATIONS OF EVERY TYPE, EXPRESS OR IMPLIED (INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, NON- INFRINGEMENT, TITLE, SECURITY, SATISFACTORY QUALITY, OR FITNESS FOR A PARTICULAR PURPOSE, OR ACCURACY OF INFORMATION PROVIDED), AND FURTHER DISCLAIM ANY AND ALL LIABILITY FOR NEGLIGENCE, FAILURE TO WARN, OR LACK OF REASONABLE CARE, AND (B) THE ENTIRE RISK OF THE USE OF ANY RAPIDPIV-I PKI CERTIFICATES, ANY RAPIDPIV-I PKI SERVICES, OR THE VALIDATION OF ANY DIGITAL SIGNATURES LIES WITH THE APPLICABLE END-USER SUBSCRIBER, CROSS- CERTIFIED CA, RELYING PARTY, AFFILIATED ORGANIZATION OR OTHER PARTICIPANT. 9.8 Limitations of Liabilities TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EID PASSPORT, INC. OR THE RAPIDPIV-I CA BE LIABLE FOR ANY INDIRECT DAMAGES OF ANY KIND, INCLUDING CONSEQUENTIAL, INCIDENTAL, SPECIAL, PUNITIVE, ANY COSTS, EXPENSES, OR LOSS OF PROFITS, OR OTHER DAMAGES WHATSOEVER ARISING OUT OF OR RELATED TO THIS CPS OR THE RAPIDPIV-I PKI SERVICES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL EID PASSPORT INC. OR THE RAPIDPIV-I CA BE LIABLE FOR ANY USAGE OF CERTIFICATE THAT FAILS TO CONFORM TO THE LIMITATIONS OF USAGE STATED UNDER THIS CPS OR THAT IS NOT IN COMPLIANCE WITH the CP AND THIS CPS. NEITHER EID PASSPORT, INC. NOR THE RAPIDPIV-I CA SHALL BE LIABLE FOR ANY DAMAGE ARISING FROM THE COMPROMISE OF A SUBSCRIBER S PRIVATE KEY OR ANY LOSS OF DATA. SUBJECT TO THE FOREGOING, THE TOTAL, AGGREGATE LIABILITY OF THE RAPIDPIV-I CA IS LIABILITY ARISING OUT OF OR RELATED TO IMPROPER ACTIONS BY THE RAPIDPIV-I CA AND SHALL BE LIMITED TO ONE THOUSAND DOLLARS ($1,000 USD) PER TRANSACTION AND ONE MILLION DOLLARS ($1 MILLION USD) PER INCIDENT. FOR PURPOSES OF THIS SECTION 9.8, (A) IMPROPER ACTIONS MEANS A DELIBERATE FAILURE TO COMPLY WITH A MATERIAL TERM OF THIS CPS, (B) TRANSACTION MEANS WHEN A RELYING PARTY RELIES UPON A CERTIFICATE ISSUED WITHIN A SINGLE CREDENTIAL BY THE RAPIDPIV-I CA AND TAKES OR ALLOWS AN ACTION OR SERIES OF ACTIONS AS A CONSEQUENCE OF SUCH RELIANCE, AND (C) INCIDENT MEANS THE AGGREGATE OF ALL TRANSACTIONS PERTAINING TO A SINGLE CREDENTIAL. 9.9 Indemnities Indemnification by Relying Parties and Subscribers To the extent permitted by applicable law, each Relying Party and Subscriber shall be required to defend, indemnify and hold harmless Eid Passport and its employees, officers, directors, contractors, agents, assigns, representatives and affiliates from and against any third party claims, liabilities, damages, costs, fines, penalties and expenses (including reasonable attorney s fees), relating to or arising out of use of or reliance by Relying Party or Subscriber of any certificates issued by Eid Passport, including, without limitation, for: a. The Relying Party s or Subscriber s improper, illegal, or unauthorized use of a certificate (including use of any expired, revoked, or unvalidated certificate); Page 69 of 97

70 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted b. The Relying Party s or Subscriber s unreasonable reliance on a certificate; or c. The Relying Party s failure to check the status of a certificate on which it relies to determine if the certificate is expired or revoked. Any applicable contractual agreement with Eid Passport may include additional indemnity obligations Term and Termination Term This CPS is effective upon its approval by the EPMA and publication in the appropriate location. Amendments to this CPS are effective upon approval by the EPMA and publication in the appropriate location. There is no specified term for this CPS. This CPS remains in force until terminated by Eid Passport. Eid Passport may amend this CPS from time to time in its sole discretion. For purposes of clarification, termination of any written contractual agreement entered into in connection with this CPS does not operate as a termination of this CPS Termination Eid Passport may terminate this CPS at any time. Eid Passport provides reasonable notice of termination prior to the effective date of such termination Effect of Termination and Survival Upon termination of this CPS, CAs cross-certified with or subordinate to the RAPIDPIV-I CA remain bound by the terms of this CPS for all certificates issued thereunder for the remainder of the validity periods of such certificates. The following sections of this CPS survive any termination or expiration of this CPS: section 2.1, section 2.2, section 5.4, section 5.5, section , section 6.8, section , section , section Individual Notices and Communications with Participants Unless otherwise specified by written contractual agreement between the parties, the RAPIDPIV-I PKI uses commercially reasonable methods to communicate with participants, taking into account the criticality and subject matter of the communication Amendments Procedure for Amendment The EPMA reviews the CP and this CPS at least annually. Additional reviews may be performed at any time in the sole discretion of the EPMA. If the EPMA wishes to amend the CP or CPS, it circulates such amendments for review to appropriate parties identified by the EPMA. Comments from such parties are collected and considered by the EPMA. Notwithstanding the foregoing, if the EPMA believes that amendments to the CPS are necessary immediately to stop or prevent a breach of the security of Eid Passport, the EPMA in its sole discretion may make such amendments, which amendments become effective immediately upon publication in the Repository Notification Mechanism and Period Errata, amendments (including a description of such amendments) and the most up-to-date copy of the CPS are archived according to the procedures in Section 5.5. In addition, notice of material changes to the CP, or this CPS is provided to affected entities via a designated point of contact. This CPS and any subsequent changes are made available within seven (7) days of approval by the EPMA Circumstances Under Which OIDs Are Subject to Change Page 70 of 97

71 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Certificate Policy OIDs are subject to change if the EPMA determines that a change in the CPS materially reduces the level of assurance provided Dispute Resolution Provisions Disputes between Eid Passport and Third Parties Provisions for resolving disputes with Eid Passport in connection with this CPS or the RAPIDPIV-I PKI services are set forth in the applicable written contractual agreements between the parties Alternate Dispute Resolution Provisions Except as otherwise agreed (i.e., under a written contractual agreement under section above), any dispute under this CPS or in connection with the RAPIDPIV-I PKI services isresolved by binding arbitration in accordance with the commercial rules (or international rules, if the other party to the dispute is a non-us entity) of the American Arbitration Association then in effect. The arbitration panel consists of one (1) neutral arbitrator if the amount in controversy is less than $500,000, otherwise the panel consists of three (3) neutral arbitrators, each an attorney with five (5) or more years of relevant experience The arbitrator(s) never have been employed or engaged (either as an employee or as an independent consultant) by either of the parties, or any parent, subsidiary or other affiliate thereof. The parties have the right to take discovery of the other party by any or all methods provided in the Federal Rules of Civil Procedure. The arbitrator(s) may upon request exclude from being used in the arbitration proceeding any evidence not made available to the other Party pursuant to a proper discovery request. The arbitrator(s) apply the federal law of the United States and/or the laws of the State of Oregon, as applicable, and the arbitration proceeding shall be held in Multnomah County or Washington County, Oregon, USA or in such other location as is mutually agreed upon by the parties. The cost of the arbitration is borne equally by the parties. Notwithstanding the choice of law provision in this CPS, the Federal Arbitration Act, except as otherwise provided herein, shall govern the interpretation and enforcement of this provision. All arbitration proceedings isconducted in English. A party s claim, dispute and controversy isarbitrated on an individual basis and not aggregated with the claims of any other party. Class action arbitration is prohibited. The arbitrator(s) have no discretion to award punitive damages. Notwithstanding the foregoing dispute resolution procedures, either party may apply to any court having jurisdiction to: a. Enforce this arbitration provision; or b. Seek provisional injunctive relief so as to maintain the status quo until the arbitration award is rendered or the dispute in otherwise resolved, or to otherwise prevent irreparable harm Governing Law Subject to any limits appearing in applicable law, and subject to any written contractual agreements with Eid Passport expressly to the contrary, the federal laws of the United States and/or the laws of the State of Oregon, USA, govern the enforceability, construction, interpretation, and validity of this CPS, irrespective of contract or other choice of law provisions and without the requirement to establish a commercial nexus in the State of Oregon Compliance with Applicable Law This CPS is subject to applicable national, state, local and foreign laws, rules, regulations, ordinances, decrees, and orders including, but not limited to, restrictions, if any, on exporting or importing software, hardware, or technical information Miscellaneous Provisions Entire Agreement No stipluation. Page 71 of 97

72 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Assignment Except as may be otherwise agreed by Eid Passport under written contractual agreements entered into under this CPS or in connection with the RAPIDPIV-I PKI services, no party except Eid Passport may assign or delegate this CPS, or any of its rights or duties under written contractual agreements entered into under this CPS or in connection with the RAPIDPIV-I PKI services, without the prior written consent of Eid Passport Severability If this CPS is incorporated by reference into a written contractual agreement with Eid Passport, and if any provision of this CPS is held to be invalid or unenforceable by a court of competent jurisdiction, then the CPS isenforced to the maximum extent permissable and the legality and enforceability of the provisions of this CPS is not affected Waiver of Rights In any written contractual agreements entered into with Eid Passport under this CPS or in connection with the RAPIDPIV-I PKI services, the parties to such agreement may agree that no waiver of any breach or default or any failure to exercise any right under such agreement shall be construed as a waiver of any subsequent breach or default or relinquishment of any future right to exercise such right. The headings in this CPS are for convenience only and cannot be used in interpreting this CPS Force Majeure Eid Passport is not liable for any failure or delay in its performance under this CPS or in connection with the RAPIDPIV-I PKI services due to causes that are beyond its reasonable control, including, but not limited to, an act of God, act of civil or military authority, natural disasters, fire, epidemic, flood, earthquake, riot, war, failure of equipment, failure of telecomsmunications lines, lack of Internet access, sabotage, changes in the law, and governmental action or any unforeseeable events or situations. EID PASSPORT HAS NO LIABILITY FOR ANY DELAYS, NON-DELIVERIES, NON-PAYMENTS, MIS-DELIVERIES OR SERVICE INTERRUPTIONS CAUSED BY ANY THIRD PARTY ACTS OR THE INTERNET INFRASTRUCTURE OR ANY NETWORK EXTERNAL TO EID PASSPORT INC Other Provisions No further provisions are set forth in this Section 9 of the CPS. Page 72 of 97

73 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement 10 CERTIFICATE, CRL, AND OCSP FORMATS This Section contains the formats for the various PKI objects such as certificates, CRLs, and OCSP requests and responses. The Section contains only certificate profiles based on RSA. For algorithm identifiers, parameter encoding, public key encoding, and signature encoding for ECDSA and ECDH, RFC 3279 are used. Certificates and CRLs issued under a policy OID of the RAPIDPIV-I CP do not contain any critical extensions not listed in the profiles in this section. Certificates and CRLs issued under a policy OID of the RAPIDPIV-I CP may contain non-critical extensions not listed in the profiles in this section only upon EPMA approval. First entries in the caissuers field of the authorityinfoaccess and crldistributionpoints extensions point to a resource that is publicly available using HTTP. If LDAP pointers are used, they appear only after the HTTP pointers. For attribute values other than addresses all CA Distinguished Names (in various fields such as Issuer, Subject, Subject Alternative Name, Name constraints, etc.) are encoded as printable string. All Subscriber DN portions to which name constraints apply, are encoded as printable string. Other portions of the Subscriber DN are encoded as printable string if possible. If a portion cannot be encoded as printable string, then and only then is it encoded using UTF8. All dc attribute values areencoded as an IA5 string for dc and address values. RAPIDPIV-I CAs may issue partitioned CRL as long as the CRLs are not indirect CRL, are not partitioned by reason code, and crldistributionpoints and issuingdistributionpoint do not assert name relative to issuer. The RAPIDPIV-I PKI provides OCSP services for the RAPIDPIV-I CAs, and issues a full and complete CRL for each CA (i.e., a CRL without issuingdistributionpoint extension) for the use by the OCSP Responder. Global Unique Identifier (GUID) used in certificates conforms to RFC 4122 requirements. Since GUID is associated with a card, the same GUID is asserted as UUID in all applicable certificates and in all applicable other signed objects on the card eidrootca Certificate (Trust Anchor) Field Value Version V3 (2) Serial Number Must be unique Issuer Signature Algorithm per section Issuer Distinguished Name C=US, O=Eid Passport, OU=Certificate Authorities, CN=EidRootCA Validity Period Expressed in UTCTime until 2049 Subject Distinguished Name C=US, O=Eid Passport, OU=Certificate Authorities, CN=EidRootCA Subject Public Key Information 2048 bit modulus, rsaencryption { } Issuer s Signature per section Extension Criticality Value Subject Key Identifier No Octet String Key Usage Yes keycertsign, crlsign, digitalsignature, nonrepudiation Basic Constraints Yes ca=true; path length constraint absent Page 73 of 97

74 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted 10.2 RAPIDPIV-I CA Certificate Field Value Version V3 (2) Serial Number Must be unique Issuer Signature Algorithm per section Issuer Distinguished Name C=US, O=Eid Passport, OU=Certificate Authorities, CN=EidRootCA Validity Period Expressed in UTCTime until 2049 Subject Distinguished Name C=US, O=Eid Passport, OU=Certificate Authorities, CN=RAPIDPIV-I CA Subject Public Key Information 2048 bit modulus, rsaencryption { } Issuer s Signature per section Extension Criticality Value Authority Key Identifier No Octet String (same as subject key identifier in Root CA Certificate) Subject Key Identifier No Octet String (same as in PKCS#10 request from the Signing CA) Key Usage Yes keycertsign, crlsign, digitalsignature, nonrepudiation Certificate Policies No Applicable policies as per section Basic Constraints Yes ca=true; pathlength= 0 Authority Information Access No id-ad-caissuers access method entry contains HTTP URL for.p7c file containing Certificates issued to Issuing CA CRL Distribution Points No Per section RAPIDPIV-I Principle CA to CBCA Certificate Field Value Version V3 (2) Serial Number Must be unique Issuer Signature Algorithm per section Issuer Distinguished Name C=US, O=Eid Passport, OU=Certificate Authorities, CN=EidRootCA Validity Period Expressed in UTCTime until 2049 Subject Distinguished Name C=US, O=CertiPath LLC, OU=Certification Authorities, CN=CertiPath Bridge CA - G2 Subject Public Key Information 2048 bit modulus, rsaencryption { } Issuer s Signature per section Extension Criticality Value Authority Key Identifier No Octet String (same as in PCA PKCS#10 request to the CBCA) Subject Key Identifier No Octet String (same as in PKCS#10 request from the CBCA) Key Usage Yes keycertsign, crlsign, digitalsignature, nonrepudiation Certificate Policies No Applicable Certificate Policies as per section Policy Mapping No Applicable policy mappings as described in the MoU Basic Constraints Yes ca=true; path length constraint absent Name Constraints Yes optional; excluded subtrees: Name forms as determined by the EPMA Authority Information Access No id-ad-caissuers access method entry containing HTTP URL for.p7c file containing certificates issued to RAPIDPIV-I CA Page 74 of 97

75 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement CRL Distribution Points No Per section 10 Inhibit anypolicy No skipcerts = Subscriber Identity Certificate Field Value Version V3 (2) Serial Number Must be unique Issuer Signature Algorithm per section Issuer Distinguished Name Validity Period Subject Distinguished Name Unique X.500 Issuing CA DN as specified in section of the RAPIDPIV-I CP No longer than 3 years from date of issue expressed in UTCTime until 2049 Unique X.500 subject DN as specified in section of this CPS Subject Public Key Information 2048 bit modulus, rsaencryption { } Issuer s Signature per section Extension Criticality Value Authority Key Identifier No Octet String (same as subject key identifier in Issuing CA Certificate) Subject Key Identifier No Octet String (same as in PKCS-10 request or calculated by the Issuing CA per RFC 5280 method 1 or other method) Key Usage Yes digitalsignature Extended Key Usage No Per section Certificate Policies No Applicable Certificate Policies as per section Subject Alternative Name No URI (mandatory for eidpiv-i-hardware), othername::principalname (if id-kp-smartcardlogon is included in EKU), RFC 822 address of Subscriber if available, other name forms optional Authority Information Access No id-ad-caissuers access method entry contains HTTP URL for.p7c file containing Certificates issued to Issuing CA id-ad-ocsp access method entry contains HTTP URL for the Issuing CA OCSP Responder CRL Distribution Points No Per section Subscriber Signature Certificate Field Value Version V3 (2) Serial Number Must be unique Issuer Signature Algorithm per section Issuer Distinguished Name Validity Period Subject Distinguished Name Unique X.500 Issuing CA DN as specified in section of the RAPIDPIV-I CP No longer than 3 years from date of issue expressed in UTCTime until 2049 Unique X.500 subject DN as specified in section of this CPS Subject Public Key Information 2048 bit modulus, rsaencryption { } Issuer s Signature per section Extension Criticality Value Authority Key Identifier No Octet String (same as subject key identifier in Issuing CA Certificate) Page 75 of 97

76 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Subject Key Identifier No Octet String (same as in PKCS-10 request or calculated by the Issuing CA per RFC 5280 method 1 or other method) Key Usage Yes digitalsignature, nonrepudiation Extended Key Usage No Per section Certificate Policies No Applicable Certificate Policies as per section Subject Alternative Name No RFC 822 address (required), URI (optional), others optional Authority Information Access No id-ad-caissuers access method entry contains HTTP URL for.p7c file containing Certificates issued to Issuing CA id-ad-ocsp access method entry contains HTTP URL for the Issuing CA OCSP Responder CRL Distribution Points No Per section Subscriber Encryption Certificate Field Value Version V3 (2) Serial Number Must be unique Issuer Signature Algorithm per section Issuer Distinguished Name Validity Period Subject Distinguished Name Unique X.500 Issuing CA DN as specified in section of the RAPIDPIV-I CP No longer than 3 years from date of issue expressed in UTCTime until 2049 Unique X.500 subject DN as specified in section of this CPS Subject Public Key Information 2048 bit modulus, rsaencryption { } Issuer s Signature Per section Extension Criticality Value Authority Key Identifier No Octet String (same as subject key identifier in Issuing CA Certificate) Subject Key Identifier No Octet String (same as in PKCS-10 request or calculated by the Issuing CA per RFC 5280 method 1 or other method) Key Usage Yes keyencipherment (required), dataencipherment (optional) Extended Key Usage No Per section Certificate Policies No Applicable Certificate Policies as per section Subject Alternative Name No RFC 822 address (required), URI (optional), others optional Authority Information Access No id-ad-caissuers access method entry contains HTTP URL for.p7c file containing Certificates issued to Issuing CA id-ad-ocsp access method entry contains HTTP URL for the Issuing CA OCSP Responder CRL Distribution Points No Per section eidpiv-i Card Authentication Certificate Field Value Version V3 (2) Serial Number Must be unique Issuer Signature Algorithm per section Issuer Distinguished Name Validity Period Page 76 of 97 Unique X.500 Issuing CA DN as specified in section of the RAPIDPIV-I CP No longer than 3 years from date of issue expressed in UTCTime until 2049

77 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Subject Distinguished Name C=US, O=Eid Passport, OU=CardAuth, OU=<AffiliatedOrg>, serialnumber=<guid> Subject Public Key Information 2048 bit modulus, rsaencryption { } Issuer s Signature per section Extension Criticality Value Authority Key Identifier No Octet String (same as subject key identifier in Issuing CA Certificate) Subject Key Identifier No Octet String (same as in PKCS-10 request or calculated by the Issuing CA per RFC 5280 method 1 or other method) Key Usage Yes digitalsignature Extended Key Usage Yes id-piv-cardauth { } Certificate Policies No id-eidpiv-i-cardauth Subject Alternative Name No URI (mandatory) Authority Information Access No id-ad-caissuers access method entry contains HTTP URL for.p7c file containing Certificates issued to Issuing CA id-ad-ocsp access method entry contains HTTP URL for the Issuing CA OCSP Responder CRL Distribution Points No Per section eidpiv-i Content Signer Certificate Field Value Version V3 (2) Serial Number Must be unique Issuer Signature Algorithm per section Issuer Distinguished Name Unique X.500 Issuing CA DN as specified in section of the RAPIDPIV-I CP Validity Period 10 years from date of issue expressed in UTCTime until 2049 Subject Distinguished Name Unique X.500 Subject DN as specified in section of the RAPIDPIV-I CP Subject Public Key Information 2048 bit modulus, rsaencryption { } Issuer Unique Identifier Subject Unique Identifier Not Present Not Present Issuer s Signature per section Extension Criticality Value Authority Key Identifier No Octet String (same as subject key identifier in Issuing CA Certificate) Subject Key Identifier No Octet String (same as in PKCS-10 request or calculated by the Issuing CA per RFC 5280 method 1 or other method) Key Usage Yes digitalsignature Extended Key Usage Yes id-fpki-pivi-content-signing { } Certificate Policies No id-eidpiv-i-contentsigning Subject Alternative Name No Optional Authority Information Access No id-ad-caissuers access method entry contains HTTP URL for.p7c file containing Certificates issued to Issuing CA id-ad-ocsp access method entry contains HTTP URL for the Issuing CA OCSP Responder CRL Distribution Points No Per section 10 Page 77 of 97

78 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted 10.9 Device or Server Certificate Field Value Version V3 (2) Serial Number Must be unique Issuer Signature Algorithm per section Issuer Distinguished Name Unique X.500 Issuing CA DN as specified in section of the RAPIDPIV-I CP Validity Period 3 years from date of issue expressed in UTCTime until 2049 Subject Distinguished Name Unique X.500 subject DN as specified in section of the RAPIDPIV-I CPcn={ Host URL Host IP Address Host Name } Subject Public Key Information 2048 bit modulus, rsaencryption { } Issuer Unique Identifier Subject Unique Identifier Not Present Not Present Issuer s Signature per section Extension Criticality Value Authority Key Identifier No Octet String (same as subject key identifier in Issuing CA Certificate ) Subject Key Identifier No Octet String (same as in PKCS-10 request or calculated by the Issuing CA per RFC 5280 method 1 or other method) Key Usage Yes keyencipherment, digitalsignature Extended Key Usage No Per section10.14 Certificate Policies No Applicable Certificate Policies as per section Subject Alternative Name No always present, one or more Host URL IP Address Host Name Authority Information Access No id-ad-caissuers access method entry contains HTTP URL for.p7c file containing Certificates issued to Issuing CA id-ad-ocsp access method entry contains HTTP URL for the Issuing CA OCSP Responder when provided by Entity CA CRL Distribution Points No Per section OCSP Responder Certificate The following is the OCSP Responder Certificate profile which must be used. This profile assumes that the OCSP Responder Certificate is issued by the same CA using the same key as that which is used to sign the Subscriber Certificate. For compatibility, no other trust model may be used. Field Value Version V3 (2) Serial Number Must be unique Issuer Signature Algorithm per section Issuer Distinguished Name Validity Period Subject Distinguished Name Unique X.500 Issuing CA DN as specified in section of the RAPIDPIV-I CP No longer than one month from date of issue expressed in UTCTime until 2049 Unique X.500 OCSP Responder (subject) DN as specified in section of the RAPIDPIV-I CP Subject Public Key Information 2048 bit modulus, rsaencryption { } Issuer s Signature per section Extension Criticality Value Page 78 of 97

79 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Authority Key Identifier No Octet String (same as subject key identifier in Issuing CA Certificate ) Subject Key Identifier No Octet String (same as in PKCS-10 request or calculated by the Issuing CA per RFC5280 method 1 or other method) Key Usage Yes nonrepudiation, digitalsignature Extended key usage Yes id-kp-ocspsigning { } Certificate Policies No Applicable Certificate Policies as per the values listed in the RAPIDPIV-I CA Certificate. Subject Alternative Name No HTTP URL for the OCSP Responder No Check id-pkix-ocsp-nocheck; { } No Null Authority Information Access No id-ad-caissuers access method entry contains HTTP URL for.p7c file containing Certificates issued to issuing CA CRL Format Full and Complete CRL Field Value Version V2 (1) Issuer Signature Algorithm per section Issuer Distinguished Name Unique X.500 Issuing CA DN as specified in section of the RAPIDPIV-I CP thisupdate expressed in UTCTime until 2049 nextupdate Revoked Certificates list Issuer s Signature per section CRL Extension Criticality Value expressed in UTCTime until 2049 (>= thisupdate + CRL issuance frequency) 0 or more 2-tuple of Certificate serial number and revocation date (expressed in UTCTime until 2049) CRL Number No monotonically increasing integer (never repeated) Authority Key Identifier No Octet String (same as in Authority Key Identifier field in Certificates issued by the CA) CRL Entry Extension Criticality Value Reason Code No optional, must be included when reason code = key compromise or CA compromise Distribution Point Based Partitioned CRL Partitioned CRLs are not used OCSP Request Format Field Value Version V1 (0) Requester Name DN of the requestor (required) Request List List of Certificates as specified in RFC 2560 Request Extension None Request Entry Extension None Value None Value None Page 79 of 97

80 10.13 OCSP Response Format Field RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Value Response Status As specified in RFC 2560 Response Type id-pkix-ocsp-basic { } Version V1 (0) Responder ID Produced At List of Responses Octet String (same as subject key identifier in Responder Certificate) Generalized Time Responder Signature per section Certificates Response Extension Criticality Value Each response contain Certificate id; Certificate status (including revocation time and reason from CRL entry and CRL entry extension, if the Certificate is revoked), thisupdate (from current CA CRL), nextupdate (from current CA CRL). Applicable Certificates issued to the OCSP Responder Nonce No Value in the nonce field of request (required, if present in request) Response Entry Extension None Value None Extended Key Usage Certificate Type Required EKU Optional EKU Prohibited EKU CA 5 None None All Code Signing id-kp-codesigning { } Life-time Signing { } 6 All Others Domain Controller id-kp-serverauth { }; None All Others id-kp-clientauth { }; id-pkinit-kpkdc { }; smartcardlogon { } 5 CA certificate includes self-signed Root, cross certificates, subordinate CA certificates, and self-issued key rollover certificates. 6 It is recommended that this EKU be included so that MSFT platforms will not verify signed code using an expired certificate. Page 80 of 97

81 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Certificate Type Required EKU Optional EKU Prohibited EKU Trusted Role Authentication and Signature Certificate id-kp-clientauth { }; smartcardlogon { }; id-pkinit-kpclientauth { } 7 ; Any EKU that is consistent with Key Usage Any EKU that is not consistent with Key Usage anyextendedkeyusage { id-kp- protection { } Trusted Role Encryption Certificate See Subscriber Group, Role, Encryption Certificate See Subscriber Group, Role, Encryption Certificate See Subscriber Group, Role, Encryption Certificate OCSP Responder id-kp-ocspsigning { } None All Others PIV-I, Authentication Certificate Card id-piv-cardauth { } None All Others PIV-I Content Signing Certificate id-fpki-pivi-content-signing { } None All Others Subscriber, Group, Role, PIV-I, Authentication Certificate id-kp-clientauth { }; smartcardlogon { }; id-pkinit-kpclientauth { } 8 Any EKU that is consistent with Key Usage Any EKU that is not consistent with Key Usage anyextendedkeyusage { Subscriber Group, Role, Encryption Certificate 9 id-kp- protection { } Any EKU that is consistent with Key Usage, i.e., Encrypting File System { } Any EKU that is not consistent with Key Usage anyextendedkeyusage { The last two only if the private key is in hardware. 8 The last two only if the private key is in hardware. 9 This certificate is defined as the one that has only the key encipherment or key agreement bit set and optionally data encipherment bit set. Page 81 of 97

82 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Certificate Type Required EKU Optional EKU Prohibited EKU Subscriber, Group, Role, Signature Certificate Subscriber, Group, Role Authentication and Signature Certificate (Two Certificate Solution) Time Stamp Authority id-kp- protection { }; MSFT Document Signing { }; Adobe Certified Document Signing { } id-kp-clientauth { }; smartcardlogon { }; id-pkinit-kpclientauth { } 10 ; id-kp- protection { }; MSFT Document Signing { }; Adobe Certified Document Signing { } id-kp-timestamping { } Any EKU that is consistent with Key Usage Any EKU that is consistent with Key Usage None Any EKU that is not consistent with Key Usage anyextendedkeyusage { Any EKU that is not consistent with Key Usage anyextendedkeyusage { } All Others VPN Client id-kp-clientauth { }; ikeintermediate { }; id-kp-ipsecike { } None All Others VPN Server id-kp-serverauth { }; id-kp-clientauth { }; ikeintermediate { }; id-kp-ipsecike { } None All Others Web Client id-kp-clientauth { } None All Others Web Server id-kp-serverauth { } id-kp-clientauth { } None All Others 10 The last two only if the private key is in hardware. Page 82 of 97

83 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Certificate Type Required EKU Optional EKU Prohibited EKU Workstation id-kp-clientauth { }; None All Others ikeintermediate { }; id-kp-ipsecike { } Page 83 of 97

84 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted 11 PIV-I CMS REQUIREMENTS RAPIDPIV-I PIV-I Cards are issued and managed only through an authorized CMS. Eid Passport has a responsibility to ensure a certain level of security from its CMS that manages the token on which their certificates reside, and to which they issue certificates for the purpose of signing RAPIDPIV-I PIV-I Cards. This appendix provides requirements in addition to those found elsewhere in the RAPIDPIV-I CPS. {Redacted} The PIV-I identity proofing, registration and issuance process adhere to the principle of separation of duties to ensure that no single individual has the capability to issue a PIV-I credential without the cooperation of another authorized person. All personnel who perform duties with respect to the operation of the CMS receive comprehensive training. Any significant change to CMS operations have a training (awareness) plan, and the execution of such plan is documented. Audit log files are generated for all events relating to the security of the CMS are treated the same as those generated by the CA (see Sections 5.4 and 5.5). A formal configuration management methodology issued for installation and ongoing maintenance of the CMS. Any modifications and upgrades to the CMS is documented and controlled. There is a mechanism for detecting unauthorized modification to the CMS. The CMS has document incident handling procedures that are approved by the head of the RAPIDPIV-I EPMA. If the CMS is compromised, all certificates issued to the CMS are revoked, if applicable. The damage caused by the CMS compromise is assessed and all Subscriber certificates that may have been compromised are revoked, and Subscribers are notified of such revocation. The CMS is then re-established. All Trusted Roles who operate a CMS are allowed access to the CMS only when authenticated using a method commensurate with PIV-I Hardware. The computer security functions listed below are required for the CMS: Authenticate the identity of users before permitting access to the system or applications Manage privileges of users to limit users to their assigned roles Generate and archive audit records for all transactions (see Section 5.4) Enforce domain integrity boundaries for security critical processes Support recovery from key or system failure Page 84 of 97

85 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement 12 INTEROPERABLE SMART CARD DEFINITION eidpiv-i enables the issuance of smart cards that are technically interoperable with Federal Personal Identity Verification (PIV) Card readers and applications as well as PIV- Interoperable (PIV-I) card readers and applications. eidpiv-i fully maps to PIV-I specification as defined by the U.S. Federal Government. This section defines the specific requirements of an eidpiv-i Card. It relies heavily on relevant specifications from the National Institute of Standards and Technology (NIST). a. Smart card platform is from the GSA s FIPS 201 Evaluation Program Approved Product List (APL) and use the PIV application identifier (AID); b. Smart card contains a private key and associated Identity certificate asserting a US Federal PKI, eidpiv-i-hardware or an eidpiv-i-hardware mapped certificate Policy OID; c. Smart card contains a private key and associated Card Authentication certificate asserting eidpiv-icardauth or an eidpiv-i-cardauth mapped certificate Policy OID; d. Smart card may contain private key and associated Digital Signature certificate asserting eidpiv-ihardware or an eidpiv-i-hardware mapped certificate Policy OID; e. Smart card may contain private key and associated Encryption certificate asserting eidpiv-i-hardware or an eidpiv-i-hardware mapped certificate Policy OID; f. Smart card contains an electronic representation (as specified in SP and SP ) of the Cardholder Facial Image printed on the card; g. Smart card issued under eidpiv-i policies and all data objects on it are in accordance with SP as specified for PIV-Interoperable (PIV-I); h. Biometrics on the smart card also complies with section 4.4 of FIPS and SP ; i. Cardholder Unique Identifier (CHUID) also complies with section 4.2 of FIPS The Federal Agency Smart Credential Number (FASC-N) ismodified as defined in section 3.3 of SP FASC- N isconstructed using Agency Code equal to 9999, System Code equal to 9999, and Credential Number equal to CHUID contains a 16 byte Global Unique Identifier (GUID); j. The CMS-Signed objects such as fingerprint and photograph contain GUID as entryuuid attribute in place of FASC-N as pivfasc-n attribute; k. Smart cards are visually distinct from the US Federal PIV Card. At a minimum, images or logos on an eidpiv-i Card are not be placed entirely within Zone 11, Agency Seal, as defined by FIPS 201; l. The smart card physical topography includes, at a minimum, the following items on the front of the card: i. Cardholder facial image; ii. iii. iv. Cardholder full name; Organizational Affiliation, if it exists; otherwise the issuer of the card; and Card expiration date. m. Smart cards have an expiration date not to exceed 5 years of issuance; n. Smart card expiration arenot later than the expiration of the eidpiv-i Content Signing certificate on the card, which conforms to the Content Signing certificate profile specified in section 10.8; o. The eidpiv-i Content Signing certificate and corresponding private key are managed within a trusted CMS in accordance with the requirements specified in this document; Page 85 of 97

86 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted p. At issuance, the RA activates and releases the smart card to the Subscriber only after a successful one-to-one biometric match of the Applicant against the biometrics collected during initial identityproofing (See section 3.2.3); q. Smart card may support card activation by the CMS to support card personalization and postissuance card update. To activate the card for personalization or update, the CMS performs a challenge response protocol using cryptographic keys stored on the card in accordance with SP When cards are personalized, card management keys are set to be specific to each smart card. That is, each smart card contains a unique card management key. Card management keys meet the algorithm and key size requirements stated in SP Page 86 of 97

87 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement 13 BIBLIOGRAPHY The following documents were used to develop this CPS to ensure conformity to the appropriate Standards: CHARTER CP FBCA CPS FIPS FIPS FIPS RFC 3647 RFC 5280 PIV-I M Eid Passport PMA Charter Eid Passport Certificate Policy Federal Bridge Certificate Policy v2.25, December pdf Security Requirements for Cryptographic Modules, Digital Signature Standard, Personal Identity Verification (PIV) of Federal Employees and Contractors, March Certificate Policy and Certificate Practices Framework, Chokhani, Ford, Sabett, Merrill, and Wu. November Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, Cooper et. al., May Personal Identity Verification Interoperability For Non-Federal Issuers, May Implementation of HSPD-12 Page 87 of 97

88 14 ACRONYMS RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted AES ANSI C CA CHUID CN CPS CPSS CRL CSA DC DN DNS ECDH ECDSA EE FASC-N FIPS FIPS PUB GUID HR HTTP ID IETF ISO KRP KRPS LDAP MOU NIST NTP O OA OCSP OID Page 88 of 97 Advanced Encryption Standard American National Standards Institute Country Certification Authority Cardholder Unique Identifier Common Name Certificate Policy Certification Practice Statement Certificate Revocation List Certificate Status Authority Domain Component Distinguished Name Domain Name Service Elliptic Curve Diffie Hellman Elliptic Curve Digital Signature Algorithm End Entity Federal Agency Smart Credential Number (US) Federal Information Processing Standard (US) Federal Information Processing Standard Publication Globally Unique Identifier Human Resources Hypertext Transfer Protocol Identifier Internet Engineering Task Force International Organization for Standardization Key Recovery Policy Key Recovery Practices Statement Lightweight Directory Access Protocol Memorandum of Understanding (as used in the context of this CPS, between an Entity and Eid Passport Inc. allowing interoperation between the Eid RAPIDPIV-I CA and the Entity s PIV-I CA or Bridge CA). Eid Passport Inc. takes guidance from the EPMA, through the EPMA Chairman, as to the acceptability and suitability of the MOU. National Institute of Standards and Technology Network Time Protocol Organization Operational Authority Online Certificate Status Protocol Object Identifier

89 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement OU Organizational Unit PCA Principal Certification Authority PIN Personal Identification Number PIV Personal Identity Verification PIV-I PKCS Personal Identity Verification - Interoperable Public Key Certificate Standard PKI Public Key Infrastructure PKIX Public Key Infrastructure X.509 PMA Policy Management Authority RA Registration Authority RFC Request For Comments RSA Rivest-Shamir-Adleman (encryption algorithm) SCVP Simple Certificate Validation Protocol SHA-1 Secure Hash Algorithm, Version 1 SSL Secure Sockets Layer TDES Triple Data Encryption Standard TLS Transport Layer Security UPN User Principal Name UPS Uninterrupted Power Supply URI Uniform Resource Identifier URL Uniform Resource Locator UUID Universally Unique Identifier Page 89 of 97

90 15 GLOSSARY RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Access Access Control Accreditation Activation Data Affiliated Organization Applicant Archive Audit Audit Data Authenticate Authentication Backup Binding Biometric CA Facility Certificate Ability to make use of any information system (IS) resource. Process of granting access to information system resources only to authorized users, programs, processes, or other systems. Formal declaration by a Designated Approving Authority that an Information System is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk. Private data, other than keys, that are required to access cryptographic modules (i.e., unlock private keys for signing or decryption events). Organizations that authorize affiliation with Subscribers of eidpiv-i certificates The subscriber is sometimes also called an "applicant" after applying to a certification authority for a certificate, but before the certificate issuance procedure is completed. Long-term, physically separate storage. Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event. To confirm the identity of an entity when that identity is presented Security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual's authorization to receive specific categories of information. Copy of files and programs made to facilitate recovery if necessary. Process of associating two related elements of information. A physical or behavioral characteristic of a human being. The collection of equipment, personnel, procedures and structures that are used by a Certification Authority to perform certificate issuance and revocation. A digital representation of information which at least (1) identifies the certification authority issuing it, (2) names or identifies its subscriber, (3) contains the subscriber's public key, (4) identifies its operational period, and (5) is digitally signed by the certification authority issuing it. As used in this CPS, the term Certificate refers to certificates that expressly reference an OID of this CPS in the Certificate Policies field of an X.509 v.3 certificate. Page 90 of 97

91 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Certificate Management Authority (CMA) Certificate Policy (CPS) Certificate Revocation List (CRL) Certificate Status Authority Certificate-Related Information Certification Authority (CA) Certification Authority Software Certification Practice Statement (CPSS) Client (application) Common Criteria Compromise Computer Security Objects Registry (CSOR) A Certification Authority or a Registration Authority. A Certificate Policy is a specialized form of administrative policy tuned to electronic transactions performed during certificate management. A Certificate Policy addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery and administration of digital certificates. Indirectly, a certificate policy can also govern the transactions conducted using a communications system protected by a certificate-based security system. By controlling critical certificate extensions, such policies and associated enforcement technology can support provision of the security services required by particular applications. A list maintained by a Certification Authority of the certificates which it has issued that is revoked prior to their stated expiration date. A trusted entity that provides on-line verification to a Relying Party of a subject certificate's trustworthiness, and may also provide additional attribute information for the subject certificate. Information, such as a subscriber's postal address, that is not included in a certificate. May be used by a CA managing certificates. An authority trusted by one or more users to issue and manage X.509 Public Key Certificates and CRLs. Key Management and cryptographic software used to manage certificates issued to subscribers. A statement of the practices that a CA employs in issuing, suspending, revoking and renewing certificates and providing access to them, in accordance with specific requirements (i.e., requirements specified in this CPS, or requirements specified in a contract for services). A system entity, usually a computer process acting on behalf of a human user, that makes use of a service provided by a server. A set of internationally accepted semantic tools and constructs for describing the security needs of customers and the security attributes of products. Disclosure of information to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred. Computer Security Objects Registry operated by NIST. Page 91 of 97

92 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Confidentiality Cross-Certificate Cryptographic Module Cryptoperiod Customer Data Integrity Digital Signature Dual Use Certificate Duration E-commerce Employee Encryption Certificate End Entity Entity Entity CA Firewall Inside threat Assurance that information is not disclosed to unauthorized entities or processes. A certificate used to establish a trust relationship between two Certification Authorities. The set of hardware, software, firmware, or some combination thereof that implements cryptographic logic or processes, including cryptographic algorithms, and is contained within the cryptographic boundary of the module. [FIPS 140-2] Time span during which each key setting remains in effect. Any commercial organization that is a paying Subscriber or Subscriber s Employer of Eid Passport s RAPIDPIV-I PKI. Assurance that the data are unchanged from creation to reception. The result of a transformation of a message by means of a cryptographic system using keys such that a Relying Party can determine: (1) whether the transformation was created using the private key that corresponds to the public key in the signer s digital certificate; and (2) whether the message has been altered since the transformation was made. A certificate that is intended for use with both digital signature and data encryption services. A field within a certificate which is composed of two subfields; date of issue and date of next issue. The use of network technology (especially the internet) to buy or sell goods and services. Any person employed by an Entity as defined above. A certificate containing a public key that is used to encrypt electronic messages, files, documents, or data transmissions, or to establish or exchange a session key for these same purposes. Relying Parties and Subscribers. An organization with operational control of a CA that interoperates with an Eid RAPIDPIV-I CA. A CA that acts on behalf of an Entity, and is under the operational control of an Entity Gateway that limits access between networks in accordance with local security policy. An entity with authorized access that has the potential to harm an information system through destruction, disclosure, modification of data, and/or denial of service. Page 92 of 97

93 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Integrity Intellectual Property Intermediate CA Key Escrow Key Exchange Key Generation Material Key Pair Local Registration Authority (LRA) Memorandum of Understanding (MoU) Mission Support Information Mutual Authentication Naming Authority Protection against unauthorized modification or destruction of information. A state in which information has remained unaltered from the point it was produced by a source, during transmission, storage, and eventual receipt by the destination. Useful artistic, technical, and/or industrial information, knowledge or ideas that convey ownership and control of tangible or virtual usage and/or representation. A CA that is subordinate to another CA, and has a CA subordinate to itself. A deposit of the private key of a subscriber and other pertinent information pursuant to an escrow agreement or similar contract binding upon the subscriber, the terms of which require one or more agents to hold the subscriber's private key for the benefit of the subscriber, an employer, or other party, upon provisions set forth in the agreement. The process of exchanging public keys in order to establish secure communications. Random numbers, pseudo-random numbers, and cryptographic parameters used in generating cryptographic keys. Two mathematically related keys having the properties that (1) one key can be used to encrypt a message that can only be decrypted using the other key, and (ii) even knowing one key, it is computationally infeasible to discover the other key. A Registration Authority with responsibility for a local community. Understanding reached between the EPMA and an Entity allowing interoperability between the Entity RAPIDPIV-I CA or Bridge CA and the Eid RAPIDPIV-I CA. Information that is important to the support of deployed and contingency forces. Occurs when parties at both ends of a communication activity authenticate each other (see authentication). An organizational entity responsible for assigning distinguished names (DNs) and for assuring that each DN is meaningful and unique within its domain. Page 93 of 97

94 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Non-Repudiation Object Identifier (OID) Out-of-Band Outside Threat Physically Isolated Network PKI Repository PKI Sponsor Policy Management Authority (PMA) Principal CA Privacy Private Key Assurance that the sender is provided with proof of delivery and that the recipient is provided with proof of the sender's identity so that neither can later deny having processed the data. Technical non-repudiation refers to the assurance a Relying Party has that if a public key is used to validate a digital signature, that signature had to have been made by the corresponding private signature key. Legal non- repudiation refers to how well possession or control of the private signature key can be established. A specialized formatted number that is registered with an internationally recognized standards organization. The unique alphanumeric/numeric identifier registered under the ISO registration standard to reference a specific object or object class. Communication between parties utilizing a means or method that differs from the current method of communication (i.e., one party uses U.S. Postal Service mail to communicate with the party where current communication is occurring online). An unauthorized entity from outside the domain perimeter that has the potential to harm an Information System through destruction, disclosure, modification of data, and/or denial of service. A network that is not connected to entities or systems outside a physically controlled space. See Repository Fills the role of a Subscriber for non-human system components that are named as public key certificate subjects, and is responsible for meeting the obligations of Subscribers as defined throughout this CPS. Body established to oversee the creation and update of Certificate Policies, review Certification Practice Statements, review the results of CA audits for policy compliance, evaluate non-domain policies for acceptance within the domain, and generally oversee and manage the PKI certificate policies. The Principal CA is a CA designated by an Entity to interoperate with the Eid Principal CA. An Entity may designate multiple Principal CAs to interoperate with the Eid Principal CA. Restricting access to subscriber or Relying Party information in accordance with Federal law and Entity policy. (1) The key of a signature key pair used to create a digital signature. (2) The key of an encryption key pair that is used to decrypt confidential information. In both cases, this key must be kept secret. Page 94 of 97

95 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement (1) The key of a signature key pair used to validate a digital signature. Public Key Public Key Infrastructure (PKI) Re-key (a certificate) RAPIDPIV-I PKI Registration Authority (RA) Relying Party Renew (a certificate) Repository Responsible Individual Revoke a Certificate Risk Risk Tolerance Root CA Server (2) The key of an encryption key pair that is used to encrypt confidential information. In both cases, this key is made publicly available normally in the form of a digital certificate. A set of policies, processes, server platforms, software and workstations used for the purpose of administering certificates and To change the value of a cryptographic key that is being used in a cryptographic system application; this normally entails issuing a new certificate on the new public key. A term used throughout this CP to generally denote the entire Eid Passport PKI including the CA(s), CSA and CMS. An entity that is responsible for identification and authentication of certificate subjects, but that does not sign or issue certificates (i.e., a Registration Authority is delegated certain tasks on behalf of an authorized CA). A person or Entity who has received information that includes a certificate and a digital signature verifiable with reference to a public key listed in the The act or process of extending the validity of the data binding asserted by a public key certificate by issuing a new certificate. A database containing information and data relating to certificates as specified in this CPS; may also be referred to as a directory. In this CPS, Repository refers to PKI Repository. A trustworthy person designated by a sponsoring organization to authenticate individual applicants seeking certificates on the basis of their affiliation with the sponsor. To prematurely end the operational period of a certificate effective at a specific date and time. An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. The level of risk an entity is willing to assume in order to achieve a potential desired result. In a hierarchical PKI, the CA whose public key serves as the most trusted datum (i.e., the beginning of trust paths) for a security domain. A system entity that provides a service in response to requests from clients. Page 95 of 97

96 RAPIDPIV-I Credential Service X.509 Certification Practice Statement Version: Redacted Signature Certificate Subordinate CA Subject Subscriber Superior CA System Equipment Configuration Technical nonrepudiation Threat Trust List Trusted Agent Trusted Certificate Trusted Timestamp Trustworthy System A public key certificate that contains a public key intended for verifying digital signatures rather than encrypting data or performing any other cryptographic functions. In a hierarchical PKI, a CA whose certificate signature key is certified by another CA, and whose activities are constrained by that other CA. (See superior CA). An entity that (1) is named or identified in a certificate issued to that entity, (2) holds a private key that corresponds to the public key listed in the certificate, and (3) does not itself issue certificates to another party. An entity subscribing with a Certification Authority on behalf of one or more subjects [TS102042]. In a hierarchical PKI, a CA who has certified the certificate signature key of another CA, and who constrains the activities of that CA. (See subordinate CA). A comprehensive accounting of all system hardware and software types and settings. The contribution public key mechanisms to the provision of technical evidence supporting a non-repudiation security service. Any circumstance or event with the potential to cause harm to an information system in the form of destruction, disclosure, adverse modification of data, and/or denial of service. Collection of trusted certificates used by Relying Parties to authenticate other certificates. Entity authorized to act as a representative of an Entity in confirming Subscriber identification during the registration process. Trusted Agents do not have automated interfaces with Certification Authorities. A certificate that is trusted by the Relying Party on the basis of secure and authenticated delivery. The public keys included in trusted certificates are used to start certification paths. Also known as a "trust anchor". A digitally signed assertion by a trusted authority that a specific digital object existed at a particular time. Computer hardware, software and procedures that: (1) are reasonably secure from intrusion and misuse; (2) provide a reasonable level of availability, reliability, and correct operation; (3) are reasonably suited to performing their intended functions; and (4) adhere to generally accepted security procedures. Page 96 of 97

97 Version: Redacted RAPIDPIV-I Credential Service X.509 Certification Practice Statement Two-Person Control Update (a certificate) Update (in reference to significant change) Upgrade (in reference to significant change) Zeroize Continuous surveillance and control of positive control material at all times by a minimum of two authorized individuals, each capable of detecting incorrect and/or unauthorized procedures with respect to the task being performed, and each familiar with established security and safety requirements. The act or process by which data items bound in an existing public key certificate, especially authorizations granted to the subject, are changed by issuing a new certificate. Alterations to Licensed Software, including code and/or error corrections and minor code enhancements or modifications, that may be developed and generally released from time to time by the Software Vendor and made available to the customer (licensee). Software Updates do not include: (i) Software Upgrades of the Licensed Software that may be developed and generally released from time to time by the software vendor Enhancements to the Licensed Software providing a new program feature or function that may be developed and generally released from time to time by the software vendor and made available to customer (licensee). Software Upgrades do not include: (i) Software Updates of the Licensed Software that may be developed and generally released from time to time by the software updates A method of erasing electronically stored data by altering the contents of the data storage so as to prevent the recovery of the data. [FIPS 140-2] Page 97 of 97