ДСТУ ETSI TS 119 431-1:2022 Электронные подписи и инфраструктура (ESI). Требования к политике и безопасности для поставщиков доверительных услуг. Часть 1. Компоненты сервиса TSP работающие удаленным QSCD/SCDe...



ДСТУ ETSI TS 119 431-1:2022
(ETSI TS 119 431-1 V1.2.1 (2021-05), IDT)

Електронні підписи та інфраструктури (ESI). Вимоги щодо політики та безпеки для
постачальників довірчих послуг. Частина 1. Компоненти сервісу TSP,
що працюють віддаленим QSCD/SCDev

 
     
Не є офіційним виданням.
Офіційне видання розповсюджує національний орган стандартизації
(ДП «УкрНДНЦ» http://uas.gov.ua)

Contents

Intellectual Property Rights

Foreword

Modal verbs terminology

Executive summary

Introduction

1 Scope

2 References

2.1 Normative references

2.2 Informative references

3 Definition of terms, symbols, abbreviations and notations

3.1 Terms

3.2 Symbols

3.3 Abbreviations

3.4 Notations

4 General concepts

4.1 General policy requirements concepts

4.2 Relationships between the TSP issuing certificates and the SSASC

4.3 SSASC applicable documentation

4.3.1 SSASC practice statement

4.3.2 SSASC policy

4.3.3 Terms and conditions

4.4 SSASC sub-component services

5 General provisions on practice statement and policies

5.1 Practice statement requirements

5.2 SCP name and identification

5.3 Participants

5.3.1 SSASP

5.3.2 Subscriber and signer

6 Trust Service Providers practice

6.1 Publication and repository responsibilities

6.2 Signing key initialization

6.2.1 Signing key generation

6.2.2 eID means linking

6.2.3 Certificate linking

6.2.4 eID means provision

6.3 Signing key life-cycle operational requirements

6.3.1 Signature activation

6.3.2 Signing key deletion

6.3.3 Signing key backup and recovery

6.4 Facility, management, and operational controls

6.4.1 General

6.4.2 Physical security controls

6.4.3 Procedural controls

6.4.4 Personnel controls

6.4.5 Audit logging procedures

6.4.6 Records archival

6.4.7 Key changeover

6.4.8 Compromise and disaster recovery

6.4.9 SSASP service termination

6.5 Technical security controls

6.5.1 Systems and security management

6.5.2 Systems and operations

6.5.3 Computer security controls

6.5.4 Life cycle security controls

6.5.5 Network security controls

6.6 Compliance audit and other assessment

6.7 Other business and legal matters

6.7.1 Fees

6.7.2 Financial responsibility

6.7.3 Confidentiality of business information

6.7.4 Privacy of personal information

6.7.5 Intellectual property rights

6.7.6 Representations and warranties

6.7.7 Disclaimers of warranties

6.7.8 Limitations of liability

6.7.9 Indemnities

6.7.10 Term and termination

6.7.11 Individual notices and communications with participants

6.7.12 Amendments

6.7.13 Dispute resolution procedures

6.7.14 Governing law

6.7.15 Compliance with applicable law

6.7.16 Miscellaneous provisions

6.8 Other provisions

6.8.1 Organizational

6.8.2 Additional testing

6.8.3 Disabilities

6.8.4 Terms and conditions

7 Framework for definition of server signing application service component policy built on the present document

Annex A (normative): Specific requirements related to Regulation (EU) No 910/2014

A.1 SSASP as a Qualified TSP

A.2 Policy name and identification

A.3 General requirements

A.4 Signing key generation

A.5 Signature activation

A.6 Signature activation data management

Annex B (informative): Regulation and EU SSASC policy mapping

Annex C (informative): Scope of remote signing standards

C.1 Scope of remote signing standards

Annex D (informative): Change history

History