190 likes | 195 Views
ASGCCA Self-Audit Report APGridPMA Jinny Chien March 08 2008. Outline. ASGCCA basic audit Information ASGCCA Audit Score list The Detailed Audit Report Summary & Further Plan. ASGCCA Self-Audit Info. Time : March 2008 Place : Academia Sinica
E N D
Outline • ASGCCA basic audit Information • ASGCCA Audit Score list • The Detailed Audit Report • Summary & Further Plan
ASGCCA Self-Audit Info Time : March 2008 Place : Academia Sinica Staff : Jinny Chien, Min Tsai, Felix Lee and Eric Yen The relevant document: CP/CPS, CA cert, EE cert , Host cert and any other document available for the auditors Others : CA room, CA machine etc….
A List of Marks for Auditing • According to the result of the examination and each item can be scored from A to D, and X as below. • A : Good • B : Recommendation (minor change) • C : Recommendation (major change) • D : Advice (must change) • X : Could not evaluate (N/A)
ASGCCA Self-Audit Status • Full items are 71 • During this evaluation, ASGCCA got the following scores. • Score A (Good): 57 / 71 • Score B (minor change): 10 / 71 • Score C (major change): 2 / 71 • Score D (must change): 1 / 71 • Score X (N/A): 1 / 71 • The following reports only included score B to score X
The Audit Report Format Evaluation: The items of the auditing checklist
Self-Audit Detailed Report(1) Evaluation: The CP/CPS document is structured in RFC 3647
Self-Audit Detailed Report(2) Evaluation: The message digests of the certificate and CRLs generated
Self-Audit Detailed Report(3) Evaluation: CA cert and EE cert must comply with the IGTF and OGF profile
Self-Audit Detailed Report(4) Evaluation: The CRLs must be compliant with RFC 3280 and use version 2(recommended)
Self-Audit Detailed Report(5) Evaluation: The CP/CPS described the transition of the CA’s cryptographic data
Self-Audit Detailed Report(6) Evaluation: The CA lifetime must be no longer than 20 years
Self-Audit Detailed Report(7) Evaluation: The rekey process described to the CP/CPS
Self-Audit Detailed Report(8) Evaluation: The CA perform operational audits of CA/RA at the regular time
Self-Audit Detailed Report(9) Evaluation: How does the RA verify the FQDN of the host certificate
Self-Audit Detailed Report(10) Evaluation: The secure communication between CA and RA
Summary & Further Plan ASGCCA will resolve the following problems in 2008 MD5 problem on all certificates from ASGCCA The CP/CPS is compliant with RFC 3647 CRL profile is compliant with RFC 3280 Publish new version CP/CPS
Reference ASGCCA web http://ca.grid.sinica.edu.tw The current CP/CPS http://ca.grid.sinica.edu.tw/publication/index.php#CP/CPS The revised CP/CPS version 2.1 The Audit Report
Thanks for the listening Any Question?