Eskom Registration Authority Charter



Similar documents
Class 3 Registration Authority Charter

Transnet Registration Authority Charter

TELSTRA RSS CA Subscriber Agreement (SA)

ING Public Key Infrastructure Technical Certificate Policy

Certification Practice Statement

Neutralus Certification Practices Statement

Certification Practice Statement (ANZ PKI)

Danske Bank Group Certificate Policy

Ford Motor Company CA Certification Practice Statement

Vodafone Group CA Web Server Certificate Policy

Equens Certificate Policy

Ericsson Group Certificate Value Statement

HKUST CA. Certification Practice Statement

Comodo Certification Practice Statement

STATUTORY INSTRUMENTS 2012 No. _

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT

StartCom Certification Authority

GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS)

GlobalSign CA Certificate Policy

CERTIMETIERSARTISANAT and ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Gandi CA Certification Practice Statement

Certification Practice Statement

ARTL PKI. Certificate Policy PKI Disclosure Statement

QUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT. OIDs:

Land Registry. Version /09/2009. Certificate Policy

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.

Symantec Managed PKI Service for Windows Service Description

Certification services for electronic security certificates

APPLICATION FOR DIGITAL CERTIFICATE

Telia hardware based e-legitimation v2. Certification Practice Statement. Revision Date: 10 th June Version: 1.0

Symantec Trust Network (STN) Certificate Policy

VeriSign Trust Network Certificate Policies

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright , The Walt Disney Company

Rules for the certification of event sustainability management system

Vodafone Group Certification Authority Test House Subscriber Agreement

LET S ENCRYPT SUBSCRIBER AGREEMENT

Rules for the certification of asset management systems

Citizen CA Certification Practice statement

CMS Illinois Department of Central Management Services

Government CA Government AA. Certification Practice Statement

Certificate Policy. SWIFT Qualified Certificates SWIFT

ENTRUST CERTIFICATE SERVICES

IF YOU CHOOSE NOT TO ACCEPT THIS AGREEMENT, WHICH INCLUDES THE CERTIFICATE POLICY, THEN CLICK THE "DECLINE" BUTTON BELOW.

CERTIFICATION POLICY OF KIR for TRUSTED NON-QUALIFIED CERTIFICATES

No. S ELECTRONIC TRANSACTIONS ACT 2010 (ACT 16 OF 2010) ELECTRONIC TRANSACTIONS (CERTIFICATION AUTHORITY) REGULATIONS 2010

KIBS Certification Practice Statement for non-qualified Certificates

Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS)

ETSI TR V1.1.1 ( )

CERTIFICATION PRACTICE STATEMENT UPDATE

Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States

TeliaSonera Public Root CA. Certification Practice Statement. Revision Date: Version: Rev A. Published by: TeliaSonera Sverige AB

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY

Trustis FPS PKI Glossary of Terms

EuropeanSSL Secure Certification Practice Statement

Internet Banking Internal Control Questionnaire

EBIZID CPS Certification Practice Statement

PKI NBP Certification Policy for ESCB Signature Certificates. OID: version 1.5

Statoil Policy Disclosure Statement

Policies of the University of North Texas Health Science Center. Chapter 14 UNT Health Credentialing and Privileging Licensed Practitioners

epki Root Certification Authority Certification Practice Statement Version 1.2

Advantage Security Certification Practice Statement

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0

Trusted Certificate Service

General Rules for the certification of Management Systems

PKI NBP Certification Policy for ESCB Encryption Certificates. OID: version 1.2

SSL.com Certification Practice Statement

TC TrustCenter GmbH Certification Practice Statement and Certificate Policy for Qualified Certificates

Post.Trust Certificate Authority

SMKI Recovery Procedure

PEXA Public Key Infrastructure (PKI) Certification Authority Certificate Policy

GlobalSign Subscriber Agreement for PersonalSign and DocumentSign for Adobe CDS Certificates Combined Agreement for epki (US)

TG TRANSITIONAL GUIDELINES FOR ISO/IEC :2015, ISO 9001:2015 and ISO 14001:2015 CERTIFICATION BODIES

Committee on National Security Systems

Certum QCA PKI Disclosure Statement

LET S ENCRYPT SUBSCRIBER AGREEMENT

Lecture VII : Public Key Infrastructure (PKI)

PEXA Public Key Infrastructure (PKI) PEXA Digital Signing Certificate Policy

THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc.

CHAPTER 267. BE IT ENACTED by the Senate and General Assembly of the State of New Jersey:

KINGDOM OF SAUDI ARABIA. Capital Market Authority CREDIT RATING AGENCIES REGULATIONS

SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates

CHARTERED PROFESSIONAL ACCOUNTANTS OF ONTARIO

Fraunhofer Corporate PKI. Certification Practice Statement

PKD Board ICAO PKD unclassified B-Tec/37. Procedures for the ICAO Public Key Directory

Controller of Certification Authorities of Mauritius

QUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT. OIDs:

Transcription:

REGISTRATION WWW..CO.ZA Eskom Registration Authority Charter Version 2.0 applicable from 20 November 2009 Megawatt Park Maxwell Drive Sunninghill, SOUTH AFRICA, 2157 Phone +27 (0)11 800 8111 Fax +27 (0)11 507 5756 Website: http://www.eskom.co.za/ X Page 1 of 11

REGISTRATION WWW..CO.ZA Page 2 of 11

REGISTRATION WWW..CO.ZA Table of Contents 1. Introduction... 4 2. Scope... 4 3. Appointment... 4 4. Document Name and Publication... 5 5. Applicant and Subscriber... 5 6. Domain of Use (Eligibility for Certification)... 5 7. Purpose of Certification... 5 8. Ownership of Charter... 6 9. Private Key Infrastructure Hierarchy... 6 10. Certificate Content... 6 11. Application for an Eskom Certificate... 7 12. Advising on the Outcome of the Application... 7 13. Process of Request Verification... 8 14. Process of Enrolment... 8 15. Certificate Use Verification... 9 16. Acceptance of Certificate... 9 17. Revocation of Certificates... 9 18. Revocation Processes... 10 19. Eskom Certificate Suspension... 10 20. Eskom Certificate Annual Renewal... 10 21. -RA Annual Audit... 11 22. References... 11 Page 3 of 11

REGISTRATION WWW..CO.ZA 1. Introduction Eskom Holdings Limited (Eskom) has a responsibility to the country to ensure that sustainable development becomes a reality. Eskom therefore plays a major role in accelerating growth in the South African economy by providing a high-quality supply of electricity to satisfy the needs of the country. In order to deliver on their strategic objectives, including quality and continuity of electricity supply, capacity expansion and funding and financial resourcing, Eskom will make use of technology solutions in the electronic environment including the Internet and Information Systems. Eskom needs to provide their employees, contractors, suppliers and clients with a secure electronic environment to facilitate the exchange of information and documents, electronic communications, and a secure user community. Eskom will preserve high levels of confidentiality and integrity in this public medium, and align with the regulations and provisions of the Electronic Communications and Transactions Act, by choosing to use an internationally established standard in secure communication, namely, the Entrust Public Certification Services. The Certification Services will be managed for Eskom by the Certificate Authority who is signed into the trust hierarchy of the Entrust Root Certification Authority. The terms contained in this Charter are subject to the terms and conditions contained in the Certification Practice Statement (CPS). Combined, this Charter and the CPS specify the digital certification process and provide the required trust in Eskom as a digital certificate issuer. All persons are required to adhere to the terms and conditions contained in the CPS as well as any other requirements imposed by Eskom that do not conflict with the CPS. 2. Scope This document is part of Eskom s Information Security Policy and is applicable to Eskom as well as to all parties taking part in the Eskom digital certification process. Eskom s Information Risk Management is the final authority on all Eskom IT related security within the Eskom sphere of IT operations. 3. Appointment appoints Eskom as a Registration Authority (-RA) to: 1. Accept applications for Eskom Certificates. 2. Perform authentication of identities and verification of information submitted by applicants when applying for the issuance of a digital certificate by the CA in terms of the provisions of this Charter, which has been approved by the Policy Authority. Page 4 of 11

REGISTRATION WWW..CO.ZA 3. Where such authentication and verification is successful, submit the request to the CA, in accordance with the provisions of this Charter and the CPS. The -RA is appointed exclusively for the purposes of authenticating the identity and verifying supporting and ancillary information of applicants (new certificates) or subscribers (certificate revocations) using the services provided by Eskom. 4. Document Name and Publication This document is called the Eskom Registration Authority Charter. The latest version of the Charter may be accessed at the website https://www.lawtrust.co.za/repository. 5. Applicant and Subscriber In this Charter a natural person applying for an Eskom Certificate shall be described as an applicant until the application for the Eskom Certificate has been granted. Once an Eskom Certificate has been issued the natural person to whom it has been issued shall be referred to as a subscriber. 6. Domain of Use (Eligibility for Certification) Eskom employees can be digitally certified under the following conditions: 1. The applicant has an Eskom Employee Number. 2. The applicant has a valid Eskom e-mail account. 3. The applicant has a cellular phone number. 4. The applicant is in good standing with Eskom. 5. The applicant is fully aware of the responsibilities regarding the care and use of digital certificates and keys (as contained in the CPS, this Charter and any other Eskom governance policies). 7. Purpose of Certification Digital certification is to be used to provide the subscribers with trusted identity credentials for, amongst other uses: 1. Secure e-mail. 2. Digitally sign documents or transactions. Page 5 of 11

REGISTRATION WWW..CO.ZA The above will ensure authentication, authorisation, privacy, message integrity and non-repudiation. The subscriber may only use the Eskom Certificate for legitimate business purposes. An Eskom Cost Centre Manager or Divisional Information Manager will determine if an Eskom employee is eligible to be issued an Eskom Certificate. 8. Ownership of Charter Eskom s Information Risk Management is responsible for the upkeep of this Charter. Changes to this Charter are to be authorised by Eskom s Information Risk Manager and approved by the Policy Authority. Eskom s Information Risk Management takes full responsibility for the upkeep and content of this Charter, but limits its liability to the use of this Charter as described in the CPS, this Charter and any other Eskom governance policies. The day to day business operations related to certificate lifecycle would be executed by Eskom s Corporate Information Management. The technical operations related to certificate lifecycle would be executed by Eskom s Outsourced ICT Service Provider. 9. Private Key Infrastructure Hierarchy The trust hierarchy is as follows: ٠۰ Entrust.net Secure Server Certification Authority Root Certification Authority (RCA) ٠۰ LAWtrust CA Local Certification and Issuing Authority (ICA) ٠۰ -RA Local Registration Authority (LRA) The root key hierarchy is as follows: ٠۰ Entrust.net Secure Server Certification Authority ROOT CA ٠۰ LAWtrust CA (Eskom Certificates to be signed by this CA) ISSUING CA 10. Certificate Content ٠۰ Common Name (First Name and Surname) Page 6 of 11

REGISTRATION WWW..CO.ZA ٠۰ Eskom Employee Number ٠۰ Eskom E-mail address ٠۰ Issuing Authority: LAWtrust CA ٠۰ Organisation: Eskom Holdings Limited 11. Application for an Eskom Certificate The -RA shall be entitled to accept and process applications for natural persons for the issue of an Eskom Certificate. As a minimum the -RA shall require from the natural person applicant: ٠۰ A duly completed Eskom Certificate Application Form signed by the Eskom Line Manager and approved by an Eskom Divisional/Regional Information Manager. ٠۰ A duly completed and signed Eskom Subscriber Agreement. ٠۰ Copy of the applicant s ID, Passport or Driver s License. The -RA shall retain the application together with all of the documentation relevant to the authentication of the identity of the applicant as well as the verification of supporting information centrally and securely in the Eskom Corporate Archive, in conformance with the requirements of the Policy Authority, for a period of 3 (three) years after the expiry or revocation of the Eskom Certificate. 12. Advising on the Outcome of the Application If the application is refused the -RA shall give the applicant notice of the refusal by the -RA to issue a certificate to the applicant. The notice shall be addressed to the e-mail address provided in the application, failing which in the manner deemed most expedient by the -RA and shall provide the reasons for the refusal. If the application is granted the -RA within 10 (ten) days of the receipt of the application by the -RA, will advice the applicant via e-mail at the address provided in the application. Page 7 of 11

REGISTRATION WWW..CO.ZA 13. Process of Request Verification Duly appointed Eskom Divisional/Regional Information Managers, who falls under Eskom Information Management, or Help Desk Managers will: 1. Receive a request (Eskom Certificate Application Form), which has been authorised by a Line Manager. 2. Physically verify the applicant s identity with face-to-face verification against the user s ID, Passport or Driver s License and the information in the submitted Eskom Application Form. 3. Request the certificate applicant to sign an Eskom Subscriber Agreement. 4. Approve the applicant s certificate application. 14. Process of Enrolment Online electronic enrolment will be done and the following enrolment fields are compulsory: 1. Common Name (First name & surname) (CN) 2. Eskom Employee Number (Serial Number) 3. Eskom E-mail Address (E) 4. Eskom Holdings Limited (O) The -RA Certificate Administrator, who falls under the authority of Eskom s Information Management, will perform the following steps to issue a certificate: 1. Receive the applicant s approved certificate application form. 2. Register the subscriber and create the reference code and authorisation code on the Certificate Management System. 3. Inform the subscriber via e-mail, at the e-mail address supplied on the Eskom Application Form, that a certificate has been issued. This e-mail will contain the reference code will be required to initiate the download of the certificate. The authorisation code that is required to complete the download of the certificate will be sent via SMS to the cell number provided on the Eskom Application Form. 4. Create and send the SMS and e-mail containing the relevant information to the subscriber. 5. The -RA shall, if required by the subscriber, provide assistance to the subscriber in the activation of the Eskom Certificate. Page 8 of 11

REGISTRATION WWW..CO.ZA 15. Certificate Use Verification ٠۰ The certificate validity can be verified in the CRL [website: http://crl.lawtrust.co.za/lawtrust.crl]. ٠۰ The CRL profile will be a full CRL. ٠۰ The certificate is valid for a maximum period of one year from date of issue. 16. Acceptance of Certificate After the issuance of the Eskom Certificate and notification addressed to the subscriber, the subscriber shall check that the content of the Eskom Certificate is correct. Unless notified to the contrary by the subscriber of any inaccuracies in the Eskom Certificate, the Eskom Certificate shall be deemed to have been accepted by the subscriber and the information contained in the Eskom Certificate deemed to be accurate. 17. Revocation of Certificates Eskom Certificates may be revoked under authority from the Eskom s Divisional/Regional Information Manager or a subscriber s Eskom Line Management under the following circumstances: 1. Subscriber s request. 2. Subscriber s formal relationship with Eskom ends. 3. Subscriber s role change in Eskom (certificate requirement no longer necessary). 4. Any changes in information contained in the Eskom Certificate issued to the subscriber. 5. Breach by subscriber of any terms of the CPS or the Eskom Subscriber Agreement entered into with the subscriber. 6. Loss, compromise, or suspected compromise, of a subscriber s private key or workstation. 7. Issue or use of the certificate not in accordance with the CPS. 8. The CA or Entrust CA expires. 9. Any other reason that the CA or the -RA reasonably believes may affect the integrity, security or trustworthiness of an Eskom Certificate. Page 9 of 11

REGISTRATION WWW..CO.ZA 18. Revocation Processes An Eskom Certificate Revocation Request may be submitted by a subscriber, the -RA or the LAWtrust CA if any of the above occurs. The Eskom Divisional/Regional Information Manager or subscriber s Line Management shall authenticate a request for revocation of an Eskom Certificate and upon verification send a revocation request to the Eskom RA who will generate a revocation request to the LAWtrust CA. The LAWtrust CA shall within 48 hours of receiving a revocation request, post the serial number of the revoked Eskom Certificate to the CRL in the repository. The Eskom Certificate Administrators shall make a commercially reasonable effort to notify the subscriber by e-mail if the subscriber s Eskom Certificate is revoked. Revocation of an Eskom Certificate shall not affect any of the subscriber s contractual obligations under the CPS or the Eskom Subscriber Agreement entered into by the subscriber. 19. Eskom Certificate Suspension The -RA may suspend an Eskom Certificate if: 1. The subscriber is not in good standing with the -RA or LAWtrust CA. 2. The subscriber fails to adhere to the provisions of the CPS or the Eskom RA Charter. 3. Temporary suspension of the subscriber s role that requires the use of an Eskom Certificate. The Eskom Divisional/Regional Information Manager may request the LAWtrust CA to suspend an Eskom Certificate without prior notice to the subscriber. The -RA shall make a commercially reasonable effort to notify the subscriber of the suspension by sending an e-mail to the e-mail address provided in the certificate application. 20. Eskom Certificate Annual Renewal The Eskom Certificate will be renewed annually on the approach of the expiry date for the certificate. This renewal is an automated process (for active certificates that are not revoked or suspended) and will require no interaction from the subscriber. Page 10 of 11

REGISTRATION WWW..CO.ZA 21. -RA Annual Audit The -RA shall be audited once per calendar year for compliance with the practices and procedures set out in this Charter and the CPS. If the results of an audit report recommend remedial action, the -RA shall initiate corrective action within 30 (thirty) days of receipt of such audit report. 22. References 1. All Eskom Related Information Security Policies 2. ECTA (Electronic Communications and Transactions Act No.25 of 2002) 3. ISO 17799:2005 & 27001:2005 Information Technology Code of Practice for Information Security Management 4. Eskom Certificate Application Form 5. Eskom Subscriber Agreement 6. Certificate Practices Statement (https://www.lawtrust.co.za/repository) Page 11 of 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information