|
DRC reference(s)
|
Title / Area
|
Comments
|
|
A.1
|
Configuration-Controlled Specification (CCS)
|
This is effectively the list of controlled documents
that the audit insists is in place.
"The configuration-control specification
controls controls the revision process
for the certificate practice statement (CPS, see A.3)"
|
|
A.2-3
|
Certification Practice Statement
and Certificate Policy
|
The core technical rules of the CA.
|
|
A.4
|
Privacy
|
|
|
A.5
|
Security Manual
|
DRC expects security details to be extracted from CPS/CP.
|
|
A.6
|
Risks, Liabilities
|
short list of disclosures.
|
|
B
|
Access for Subscribers, and "the General Public"
|
short list of disclosures.
|
|
C.1
|
Documentation Conformance
|
"The CA has been repeatedly observed to operate
in general conformance with its CPS."
|
|
C.2-4
|
Security, Maintaining Root Certificates
|
"The root certificate private key is stored secure
from electronic and physical compromise."
|
|
C.5-8
|
Generating / Signing / Renewing / Revoking
|
"Certificates are signed in a timely manner"
|
|
C.9
|
Use of External Registration Authority
|
RAs are Assurers?
"RAs provide the CA with complete documentation
on each verified applicant for a certificate (see &A.2,w)"
|