Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 PKI Audits and Assessments: An insider’s.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 PKI Audits and Assessments: An insider’s."— Presentation transcript:

1 ©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 PKI Audits and Assessments: An insider’s view Nathan Faut, Senior Associate KPMG

2 ©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 Agenda Background PKI “Audit” Activities PKI and other “Audit” Activities Short-term look into what’s ahead Q&A

3 ©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 Background CISA, December 2005 Completed Web Trust engagements for DEA, USPS Previously helped establish HEPKI PA Previously worked with Cybertrust, a PKI vendor

4 ©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 PKI “Audit” Activities Audit vs. attestation ABA PKI Assessment Guidelines CA Control Objectives CA Audit criteria –AICPA/CICA Web Trust for CA –FBCA Compliance Assessments “The trust is in the auditor’s opinion” – Judy Spencer

5 ©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 Other “Audit” Criteria and Controls Certification & Accreditation (C&A) per OMB A-130, NIST 800-37, 800-53, et.al. Federal Information Security Management Act (FISMA) Financial Audits

6 ©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 CA “Audit” Expectations Have all CA documents in final form and ready (tip: do a pre-audit CP-to-CPS map) Plan to reproduce 6 to 12 months of data including physical access logs, server logs, incident logs and reports, etc. Decide what documents or parts of documents to make public Expect to educate and be educated

7 ©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 What’s Next? HSPD 12 credentials Bridge-to-Bridge Cross Certifications, e.g. FBCA-Certipath Federation Compliance Registration Compliance Commoditization

8 ©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 Q&A Thank You Nathan Faut nfaut@kpmg.com 202-533-4471

Download ppt "©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 PKI Audits and Assessments: An insider’s."

Similar presentations

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.

G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.
© 2007 PROSKAUER ROSE LLP® SARBANES-OXLEY ACT OF 2002 Presented by: Julie M. Allen 212.969.3155.

© 2007 PROSKAUER ROSE LLP® SARBANES-OXLEY ACT OF 2002 Presented by: Julie M. Allen
Views on TRAC and the UWE workload model 12 th December 2013.

Views on TRAC and the UWE workload model 12 th December 2013.
Program Managers Forum

Program Managers Forum
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.

Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.
Trending Topics in Contract Auditing Presenters: Allen Devine, Senior Manager Dan Smith, Manager Government Contracts.

Trending Topics in Contract Auditing Presenters: Allen Devine, Senior Manager Dan Smith, Manager Government Contracts.
0 © 2009 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms.

0 © 2009 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms.
Internal Audit Awareness

Internal Audit Awareness
March 6, 2012 SOC Reporting: What is New in the Audit Guides?

March 6, 2012 SOC Reporting: What is New in the Audit Guides?
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.

1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
R E G I O N A L A U D I T T R A I N I N G A U D I T ISA changes 2010.

R E G I O N A L A U D I T T R A I N I N G A U D I T ISA changes 2010.
Public Private Partnerships: What’s in it for my Government? 14 July 2011 Malcolm Butterfield.

Public Private Partnerships: What’s in it for my Government? 14 July 2011 Malcolm Butterfield.
1 When the Auditor Comes Knocking … What to Prepare and What to Expect from your CA auditor.

1 When the Auditor Comes Knocking … What to Prepare and What to Expect from your CA auditor.
SOX and IT Audit Programs John R. Robles Thursday, May 31, 2007 Tel: 787-647-396.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.

Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.
The U.S. Federal PKI and the Federal Bridge Certification Authority

The U.S. Federal PKI and the Federal Bridge Certification Authority
Information Risk Management in the Audit Chapter 9 Presented by Dee Dee Owens, Senior Manager KPMG LLP KPMG LLP.

Information Risk Management in the Audit Chapter 9 Presented by Dee Dee Owens, Senior Manager KPMG LLP KPMG LLP.

Similar presentations

Ads by Google