NCDC GOVERNMENT-CA PKI DISCLOSURE STATEMENT

Similar documents
ARTL PKI. Certificate Policy PKI Disclosure Statement

TELSTRA RSS CA Subscriber Agreement (SA)

Ericsson Group Certificate Value Statement

PKI Disclosure Statement

HKUST CA. Certification Practice Statement

GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS)

Certification Practice Statement

Ford Motor Company CA Certification Practice Statement

Neutralus Certification Practices Statement

LET S ENCRYPT SUBSCRIBER AGREEMENT

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT

The name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is.

Certification Practice Statement

SAUDI NATIONAL ROOT-CA CERTIFICATE POLICY

Statoil Policy Disclosure Statement

ING Public Key Infrastructure Technical Certificate Policy

GlobalSign Subscriber Agreement for PersonalSign and DocumentSign for Adobe CDS Certificates Combined Agreement for epki (US)

Class 3 Registration Authority Charter

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.

Vodafone Group Certification Authority Test House Subscriber Agreement

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Vodafone Group CA Web Server Certificate Policy

IF YOU CHOOSE NOT TO ACCEPT THIS AGREEMENT, WHICH INCLUDES THE CERTIFICATE POLICY, THEN CLICK THE "DECLINE" BUTTON BELOW.

ComSign Ltd. Certification Practice Statement (CPS)

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

Starfield Technologies, LLC. Certificate Policy and Certification Practice Statement (CP/CPS)

GEOSURE PROTECTION PLAN

Starfield Technologies, Inc. Certificate Policy and Certification Practice Statement (CP/CPS)

StartCom Certification Authority

RapidSSL Subscriber Agreement

Certum QCA PKI Disclosure Statement

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION

Danske Bank Group Certificate Policy

ZIMPERIUM, INC. END USER LICENSE TERMS

Certification Practice Statement

Canadian Pharmaceutical Distribution Network Certificate Authority Services Agreement. In this document:

SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates

CMS Illinois Department of Central Management Services

Land Registry. Version /09/2009. Certificate Policy

LET S ENCRYPT SUBSCRIBER AGREEMENT

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0

BUYPASS CLASS 3 SSL CERTIFICATES Effective date:

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, Page 1

INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS Aristotle University of Thessaloniki PKI ( WHOM IT MAY CONCERN

Amazon Trust Services Certificate Subscriber Agreement

Tata Consultancy Services Limited Certifying Authority. Certification Practice Statement

Transnet Registration Authority Charter

TeliaSonera Public Root CA. Certification Practice Statement. Revision Date: Version: Rev A. Published by: TeliaSonera Sverige AB

Authorized Subscribers

STATUTORY INSTRUMENTS 2012 No. _

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY

ENTRUST CERTIFICATE SERVICES

Post.Trust Certificate Authority

APPLICATION FOR DIGITAL CERTIFICATE

The Boeing Company. Boeing Commercial Airline PKI. Basic Assurance CERTIFICATE POLICY

TERMS OF USE FOR PUBLIC LAW CORPORATION PERSONAL CERTIFICATES FOR QUALIFIED DIGITAL SIGNATURE

CERTIMETIERSARTISANAT and ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS

Certificate Policy. SWIFT Qualified Certificates SWIFT

Certification Practice Statement (ANZ PKI)

Certificate Policies and Certification Practice Statements

(This agreement is in rich text format and appears in a scrolling text box once you ve reached

EBIZID CPS Certification Practice Statement

TERMS OF USE 1 DEFINITIONS

REVENUE ON-LINE SERVICE CERTIFICATE POLICY. Document Version 1.2 Date: 15 September OID for this CP:

ADDENDUM TO THE BLACKBERRY SOLUTION LICENSE AGREEMENT FOR BLACKBERRY BUSINESS CLOUD SERVICES FOR MICROSOFT OFFICE 365 ( the ADDENDUM )

Service Description for the Registration and Administration of Domain Names by Swisscom

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012

INDIVIDUAL CLIENT AGREEMENT AGILITY FOREX LTD INDIVIDUAL CLIENT AGREEMENT

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

TERMS OF USE FOR NOTARIAL PERSONAL REPRESENTATION CERTIFICATES FOR AUTHENTICATION

Comodo Certification Practice Statement

Automatic Recurring Payment Application

Equens Certificate Policy

"Certification Authority" means an entity which issues Certificates and performs all of the functions associated with issuing such Certificates.

Trustis FPS PKI Glossary of Terms

X.509 Certification Practices Statement for the U.S. Government Printing Office Principal Certification Authority (GPO-PCA)

TeliaSonera Root CA v1 Certificate Practice Statement. Published by: TeliaSonera AB

CA/Browser Forum. Guidelines For The Issuance And Management Of Extended Validation Code Signing Certificates

TERMS AND CONDITIONS OF USE OF KUWAIT FINANCE HOUSE BAHRAIN S WEBSITE & INTERNET BANKING SERVICES

thawte Certification Practice Statement

TERMS OF USE TITLE CERTIFICATES FOR ELECTRONIC SIGNATURE

Eskom Registration Authority Charter

David Jones Storecard and David Jones American Express Card Member Agreement, Financial Services Guide and Purchase Protection. Terms and Conditions

In order to sit for the exam(s) the following prerequisites must be met and proof submitted:

MEDJOBBERS.COM & JOBBERS INC TERMS AND CONDITIONS

TACC ROOT CA CERTIFICATE POLICY

LAW OF MONGOLIA ON ELECTRONIC SIGNATURE

Certification Exam or Test shall mean the applicable certification test for the particular product line or technology for which You have registered.

COMODO CERTIFICATE SUBSCRIBER AGREEMENT

Public Key Infrastructure (PKI)

5. PRIVACY MFC shall take all reasonable steps to protect the personal information of Users. See our privacy policy below for more information.

Transcription:

NCDC GOVERNMENT-CA PKI DISCLOSURE STATEMENT Document Classification: Public Version Number: 1.5 Issue Date: June 11, 2015 Copyright 2015 National Center for Digital Certification, Kingdom of Saudi Arabia. This document is intended for use only by the National Center for Digital Certification and authorized Saudi National PKI participants. This document shall not be duplicated, used, or disclosed in whole or in part for any purposes without prior consent.

Table of Contents 1. Notice...3 2. Contact information...3 3. Certificate Type, Validation Procedures and Usages...4 4. Reliance Limits...4 5. Obligations...4 6. Certificate Status Checking Obligations of Relying Parties...5 7. Limited Warranty and Disclaimer/Limitation of Liability...5 8. Applicable Agreements, CP, CPS...6 9. Privacy Policy...6 10. Refund Policy...7 11. Applicable Law and Dispute Resolution...7 12. CA and Repository Licenses, Trust Marks, and Audit...7 13. Approved CSP and Registration Authorities...7 14. Approved Repositories...7 15. Eligible Subscribers...8 16. Certificate Status Information...8 17. Identification of this Certificate Policy...8 Version Number: 1.5 Page 2 of 8 Public

1. NOTICE This PKI Disclosure Statement does not substitute or replace NCDC Government-CA Certificate Policy (Government-CA CP) under which NCDC Government Certification Authority (Government-CA) digital certificates are issued. You must read the Government- CA CP published at (http://www.ncdc.gov.sa) before you apply for or rely on a certificate issued by the Government-CA. The full Government-CA CP is defined by two documents: This document, the Government-CA PKI Disclosure Statement (Government-CA PDS), and The Government-CA CP. The purpose of this document is to summarize and present the key points of the Government-CA CP in a more readable and understandable format for the benefit of Subscribers and Relying Parties. Government-CA is owned by the Ministry of Communication and Information Technology (MCIT). Government-CA is the Certification Authority under the Saudi National Root-CA. This is achieved by the Saudi National Root-CA issuing a digitally signed CA Certificate that authenticates the Public Key of the Government-CA. The Government-CA is responsible for issuing and managing Digital Certificates to Government employees, entities, non-human subscribers (like Servers and Network Devices) within the Government domain, through Certificate Service Providers (CSPs) within the framework. Government-CA Policy Authority (Government-CA PA) is responsible for the governance of the Government-CA. Its members are appointed by NCDC and may include members from Government CSPs. The CSP is an entity which issues and manages digital certificates, electronic signature tools and methods and any other associated services, which operates with or without its own physical certification authority (CA). Government-CA subject to the approval of NCDC, shall designate specific CSPs which in turn appoint RAs to perform the Subscriber Identification and Authentication and Certificate request and revocation functions defined in Government-CA CP and related documents. The Government-CA is hosted in the National Centre for Digital Certification s - Shared Services Centre (NCDC-SSC) which is responsible for managing Government-CA operations as per the agreed service levels. The terms used in this document shall have the meanings as defined in NCDC Glossary section which can be found at (http://www.ncdc.gov.sa). 2. CONTACT INFORMATION Queries regarding this PKI Disclosure Statement shall be directed at: E-mail: info@ncdc.gov.sa Tel: +966 11 452 2197 Fax: +966 11 452 2034 Version Number: 1.5 Page 3 of 8 Public

3. CERTIFICATE TYPE, VALIDATION PROCEDURES AND USAGES The certificate types supported by Government-CA are covered under Appendix-A in the Government-CA CP document. The Government-CA signing key is permitted only for signing certificates and CRLs for their defined user communities. For subscribers, key usage depends on type of the certificate. Certificates issued from Government-CA to the Government employees are normally used by individuals to sign and encrypt e-mail, data and to authenticate to applications (client authentication). The individual certificate may also be used for other general or specific Government purposes which are not covered explicitly above, provided that a Relying Party is able to reasonably rely on that certificate and the usage is not otherwise prohibited by (1) law of Saudi Arabia, (2) the Government-CA CP and CPS under which the certificate has been issued and (3) Subscriber Agreement. 4. RELIANCE LIMITS Government-CA does not set reliance limits for Certificates issued under this policy. Reliance limit may be set by other policies, application controls and Saudi applicable law or by Relying Party Agreement. For additional information, refer to Limited Warranty and Disclaimer/Limitation of Liability section. 5. OBLIGATIONS It is the responsibility of the Government-CA PA to: Ensure that the Hardware Security Modules (HSM s) used for key generation meet the requirements of FIPS 140-2 Level 3 to store the CA keys and take reasonable precautions to prevent any loss, disclosure or unauthorized use of the private key. Generate CA private key using multi-person control m-of-n split key knowledge scheme. Backing up of the CA signing Private Key under the same multi-person control as the original Signing Key. Keep confidential, any passwords, PINs or other personal secrets used in obtaining authenticated access to PKI facilities and maintain proper control, procedures for all such personal secrets. It is the responsibility of the Subscriber to: Provide accurate and complete information at all times to the CSP, both in the certificate request and verification process defined by the CSP for specific Certificate type to be supplied by the Government-CA; Review the issued Certificate to confirm the accuracy of the information contained within it before installation and first use; Obtain a certificate; make only true and accurate representation of the required information to the CSP; Use the Certificate for legal purposes and restrict to those authorized purposes detailed by the Government-CA CP; Version Number: 1.5 Page 4 of 8 Public

Notify the CSP in the event of any information in the Certificate is, or becomes, incorrect or inaccurate; and Notify the CSP immediately of a suspected or known key compromise in accordance with the procedures laid down in the Government-CA Certificate Policy. For the device or organization certificate the authorized representative represented during the registration process must accept these responsibilities. WARNING: The CA's private key is the primary means by which its subscribers are certified. This must be protected as its most valuable asset. If this private key is compromised, unauthorized persons could sign fraudulently produced certificates with the key and commit the Issuing Authority to unauthorized obligations and liabilities. 6. CERTIFICATE STATUS CHECKING OBLIGATIONS OF RELYING PARTIES If a Relying Party is to reasonably rely upon a Certificate it shall: Ensure that reliance on Certificates issued under Certificate Policy is restricted to appropriate uses (see "Certificate Type, Validation Procedures and Usages" which are covered under Appendix-A in the Government-CA CP document). Verify the Validity by ensuring that the Certificate has not expired. Ensure that the Certificate has not been suspended or revoked by accessing current revocation status information available at the location specified in the Certificate to be relied upon. Determine that such Certificate provides adequate assurances for its intended use. 7. LIMITED WARRANTY AND DISCLAIMER/LIMITATION OF LIABILITY The Government-CA warrants and promises to: Provide certification and repository services consistent with the CP, CPS and other NCDC Operations Policies and Procedures. Use its private signing key only to sign certificates and CRLs and for no other purpose; At the time of Certificate issuance; Government-CA implemented procedure for verifying accuracy of the information contained within it before installation and first use; Implement a procedure for reducing the likelihood that the information contained in the Certificate is not misleading; Implement procedures for verifying Device Sponsor requesting the Secure Site Certificate on behalf of the Device as authorized representative and to verify that the applicant either had the right to use, or had control of, the Domain Name(s) and IP address(es) listed in the Certificate s subject field and subjectaltname extension; Maintain 24 x 7 publicly-accessible repositories with current information and replicates Government-CA issued certificates and CRLs; Perform authentication and identification procedures in accordance with CSP agreement and NCDC Operations Policies and Procedures. Provide certificate and key management services including certificate issuance, publication, revocation and re-key in accordance with the Government-CA CP and Version Number: 1.5 Page 5 of 8 Public

CPS. Subscribers or Relying Parties for making no direct warranties or promises. The Government-CA does not liable for any loss of the PKI service: Due to war, natural disasters, etc. Due to unauthorized use of certificates or using it beyond the prescribed use defined by the Government-CA CP for the certificates issued by the Government-CA. Limitations on Liability: The Government-CA will not incur any liability to Subscribers or any person to the extent that such liability results from their negligence, fraud or willful misconduct. The Government-CA assumes no liability whatsoever in relation to the use of Certificates or associated Public-Key/Private-Key pairs issued under Certificate Policy for any use other than in accordance with Certificate Policy. Subscribers will immediately indemnify the Government-CA from and against any such liability and costs and claims arising there from. The Government-CA will not be liable to any party whosoever for any damages suffered whether directly or indirectly as a result of an uncontrollable disruption of its services. End-Users and CSPs are liable for any form of misrepresentation of information contained in the certificate to relying parties even though the information has been accepted by CSPs or Government-CA. Subscribers to compensate a Relying Party which incurs a loss as a result of the Subscribers breach of Subscriber s agreement. Relying Parties shall bear the consequences of their failure to perform the Relying Party obligations described in the Relying Party agreement. Certificate Service Providers (CSPs) shall bear the consequences of their failure to perform the Registration Authorities obligations described in the CSP agreement. Government-CA denies any financial or any other kind of responsibility for damages or impairments resulting from its CA operation. 8. APPLICABLE AGREEMENTS, CP, CPS Subscriber Agreement is submitted with the Subscriber s Request Form to the CSP in order to obtain valid certificate. Government-CA PDS and Government-CA CP can be found at (http://www.ncdc.gov.sa). The CSP Agreement, Relying Party Agreement and Government-CA CPS shall only be available subject to approval of a formal application in writing to the Government-CA PA. 9. PRIVACY POLICY The Government-CA respects need to appropriately control individual s personal information and to know how such information may be used. The Government-CA take reasonable care to ensure that the information submitted during the certificate application, authentication of identity and certification processes will be kept private. The Government-CA will use that information only for the purpose of providing PKI services. The private information will not be Version Number: 1.5 Page 6 of 8 Public

sold, rented, leased, or disclosed in any manner to any person or third party without subscriber s prior consent, unless otherwise required by law, or except as may be necessary for the performance of NCDC services, for auditing requirements, or as part of the regulatory compliance. For details please see NCDC Privacy Policy at (http://www.ncdc.gov.sa). 10. REFUND POLICY Currently, no fees are charged by Government-CA for Digital Certificates, although Government-CA reserves the right to change this in the future. Digital Certificates for which no charge is made, no refunds are possible. In addition a Government CSP may charge fees for its service. 11. APPLICABLE LAW AND DISPUTE RESOLUTION Applicable laws are the laws and regulations of the Kingdom of Saudi Arabia. NCDC will act in accordance with current legislation in the Kingdom of Saudi Arabia, in particular the e- Transactions Act and its bylaws. Applicable laws and dispute resolution provisions are in accordance with applicable Government-CA policies and agreements. NCDC Dispute Resolution Policy can be found at (http://www.ncdc.gov.sa). 12. CA AND REPOSITORY LICENSES, TRUST MARKS, AND AUDIT The CSPs wish to join the Government-CA are granted a non-exclusive license solely for the operations under the Government-CA. The Government-CA shall be subjected to periodic compliance audits which are no less frequent than once a year and after each significant change to the deployed procedures and techniques. Moreover, NCDC may require ad-hoc compliance audits of any CA s operation to validate that it is operating in accordance with the applicable CP, CPS, Audit and Compliance Policy and NCDC Operations Policies and Procedures. Similarly, the Government-CA PA has the right to require periodic inspections of its CSPs to validate that the CSPs are operating in accordance with the Government-CA CP and CSP agreement. The Government-CA shall internally audit each delegated third party s (CSP, RA & TA) compliance against defined requirements on an annual basis. NCDC shall also be performing self audits at least a quarterly basis against a randomly selected sample for monitor adherence and service quality. 13. APPROVED CSP AND REGISTRATION AUTHORITIES The application process for CSPs under Government-CA would be as per the Government CSP Joining Process and NCDC shall decide on the acceptance or rejection of the CSP application request based on fulfillment of requirements. All RA(s) under the approved CSPs shall be operational only after satisfying NCDC RA compliance requirements. 14. APPROVED REPOSITORIES NCDC Public LDAP directory and NCDC website (http://www.ncdc.gov.sa) are the only authoritative sources for: Version Number: 1.5 Page 7 of 8 Public

All publicly accessible certificates issued by Government-CA. The certificate revocation list (CRL) for Government-CA. 15. ELIGIBLE SUBSCRIBERS The Government-CA is responsible for issuing and managing Digital Certificates to Government employees, entities, non-human subscribers (like Servers and Network Devices) within the Government domain. These certificates are given through the Certificate Service Providers (CSPs) within the framework. 16. CERTIFICATE STATUS INFORMATION The Government-CA will publish its CRLs at least once every 24 hours time, and at the time of any Certificate revocation of its subscribers. 17. IDENTIFICATION OF THIS CERTIFICATE POLICY This document has been registered with Government-CA and has been assigned an object identifier as below: Government-CA PDS Document: 2.16.682.1.101.5000.1.3.1.1.3 All Government-CA PKI participants shall refer to NCDC Government-CA CP for further detailed information. Version Number: 1.5 Page 8 of 8 Public

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information