KISTI CA Report Status & Self-Audit

Slides:

Advertisements

Similar presentations

APGrid PMA Face-to-Face Meeting NCHC CA Weicheng Huang National Center for High-performance Computing April 8, 2008.

Advertisements

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March

CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.

SAFE Implementation Toolkit How to use it. Implementation toolkit Overview Log-in Contents Search Toolkit Use Log-out.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Report on Attribute Certificates By Ganesh Godavari.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.

Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

+1 (801) Standards for Registration Practices Statements IGTF Considerations.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.

NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

IHEP Grid CA Status Report Gongxing Sun F2F Meeting 20 Apr Computing Centre, IHEP,CAS,China.

IHEP Grid CA Status Report Wei F2F Meeting 8 Mar Computing Centre, IHEP,CAS,China.

Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.

UNAMgrid Alejandro Núñez Sandoval Rio de Janeiro, Brazil, 03/27/06 F2F meeting, TAGPMA.

KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim Jae-Hyuck Kwan

Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.

Academia Sinica Grid Computing Certification Authority (ASGCCA)

Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.

KISTI Grid CA Operation KISTI Supercomputing Center Sangwan Kim, Soonwook Hwang CA Operators Contact: Jan. 8, 2007.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

INFSO-RI Enabling Grids for E-sciencE EGEE Induction Grid training for users, Institute of Physics Belgrade, Serbia Sep. 19, 2008.

Grid Canada Certificate Authority Darcy Quesnel

Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.

NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.

APGrid PMA face-to-face meeting, 9/16/2008 PRAGMA-UCSD CA Team Pacific Rim Application and Grid Middleware Assembly

NIIF CA Status Update and Self-Audit Results 15 th EUGridPMA meeting Nicosia Tamás Máray NIIF Institute.

Baltic Grid Certification Authority 15th EUGridPMA, January 28th 2009, Nicosia1 Self-audit Hardi Teder EENet.

TR-GRID CA Self-Auditing Results and Status Update EUGridPMA Meeting September 12-14, 2011 Marrakesh Feyza Eryol, Onur Temizsoylu TUBITAK-ULAKBIM

18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.

Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )

NECTEC-GOC CA A Brief Status Report 13 th APGrid PMA Face-to-Face meeting March 24 th, 2014 Large-Scale Simulation Research Laboratory Information Communications.

UGRID CA Self-audit report Sergii Stirenko 21 st EUGRIDPMA Meeting Utrecht 24 January 2011.

HellasGrid CA self Audit. In general We do operations well Our policy documents need work (mostly to make the text clearer in a few sections) 2.

Armenian e-Science Foundation Certification Authority Ara A. Grigoryan 1,2, Artem Harutyunyan 1,2,3, Arsen Hayrapetyan 1,2,4 1 Armenian e-Science Foundation;

29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.

TNGrid CA 24 th EUGridPMA meeting Ljubljana, Slovenia, January, 2012 Heithem ABBES Mohamed JEMNI

H I A S T HIAST GRID CA 21 th EUGridPMA meeting Utrecht, January, 2011 Ghassan SABA Houssam ABED

Soapbox (S-Series) Certificate Validation Jens Jensen, STFC.

IRAN-GRID Certificate Authority 13 th EUgridPMA Meeting Copenhagen May 2008 Majid Arabgol Hessamdding Arfaei Shahin Rouhani

PKGrid CA Self-Audit 2012 Adeel-ur-Rehman Mansoor Sheikh.

IRAN-GRID CA Self Audit IRAN-GRID CA Self Audit Report Shahin Rouhani IRAN-GRID Tehran Iran Shahin Rouhani Grid Computation Group IPM, Tehran, Iran May.

Chapter 5 Network Security Protocols in Practice Part I

AEGIS Certification Authority

UGRID CA Sergii Stirenko, Oleg Alienin

Guidelines for auditing Grid CAs

HellasGrid CA & euGridPMA

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

CompTIA Security+ Study Guide (SY0-501)

زير ساخت كليد عمومي و گواهي هويت

جايگاه گواهی ديجيتالی در ايران

Resource Certificate Profile

MaGrid CA Self audit and update

NATIONAL CENTRE FOR PHYSICS PK-Grid-CA

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006

WEQ-012 PKI Overview March 19, 2019

PKI (Public Key Infrastructure)

Emir Imamagić University Computing Centre (Srce)

Bill Yau HKU Grid Certificate Authority (HKU Grid CA) Self Audit & Status Report Bill Yau

MyIFAM CA Self-Audit Report APGridPMA F2F Meeting 1/4/2019

HKU Grid Certificate Authority (HKU Grid CA) CP/CPS Reviewer’s Comments Bill Yau

BG.ACAD CA Self-audit report 2018

Presentation transcript:

KISTI CA Report Status & Self-Audit sahn@kisti.re.kr For KISTI Certification Authority

KISTI CA Overview Subject: C=KR, O=KISTI, CN=KISTI Certification Authority Valid from Apr 14, 2017 until Apr 9, 2037 (20 years) Signature algorithm: SHA-256 (CA Key size: 4096 bits) Online repository: http://ca.gridcenter.or.kr Deployed upon IPv6: http://cvmfs-6.ndgf.org/ipv6/overview.php Contact: kisti-grid-ca@kisti.re.kr

Operation status Subscribers Certificates Total number of subscribers: 342 Total number of institutes: 50 Certificates Total number of certificates: 62 Total number of issued certificates: 54 (user:29, host:25) Total number of revoked certificates: 8 (user:5, host:3) New in 2018: 1 user, 2 hosts

Self-Audit overview Auditing References IGTF CAs auditing Checklist version 1 : CA – 55, RA – 12 IGTF PKI Technology Guidelines Version 1.0-2016 Assurance Assessment-v02-20170926 Overall Scoring: CA – A(51), D(4) / RA – A(12) D (must change) : CA (16, 43, 45, 47) Logs and archive of them in issuing system are configured by default to be kept for one month; the system must be re-configured to keep all logs and their archives Self-Audit should be performed at least once a year

D (must chaNge) - CA (16, 43, 45, 47) (16) The CA must record and archive all requests for certificates, along with the issued certificates, all the requests for revocation, all the issued CRLs and the login, logout, start-up, and shutdown of the issuing system (43) The CA must record and archive all requests for certificates, along with all the issued certificates, all the requests for revocation, all the issued CRLs and the login, logout, start-up, and shutdown of the issuing system (45) The Issuing Authority (IA) must keep these records for at least three years (47) ASPEN, BIRCH, CEDAR: The Issuing Authority (IA) should perform internal operational audits of the Issuing Authority (IA)/RA staff and any underlying systems at least once per year to verify its compliance with the rules and procedures specified in its policies and practices documents

Actions required Issuing Machine Internal operational audits System logs in the issuing system are rotated weekly and only 4 weeks of backlogs are kept Rotating frequency is changed from weekly to yearly and the number of rotating has been increased up to 20 times, in principle the logs and their archives will be kept at least 20 years from now on Internal operational audits Perform self-audit and report the result at least once per year