ДСТУ ETSI TS 119 511:2019 Електронні підписи та інфраструктури (ESI). Вимоги щодо політики та безпеки для постачальників довірчих послуг, що забезпечують тривале збереження цифрових підписів чи загальних дани...
ДСТУ ETSI TS 119 511:2019
(ETSI TS 119 511 V1.1.1 (2019-06), IDT)
Електронні підписи та інфраструктури (ESI). Вимоги щодо політики та безпеки для постачальників довірчих послуг, що забезпечують тривале збереження цифрових підписів чи загальних даних, використовуючи методи цифрового підпису
Не є офіційним виданням.
Офіційне видання розповсюджує національний орган стандартизації
(ДП «УкрНДНЦ» http://uas.gov.ua)
Contents
Intellectual Property Rights
Foreword
Modal verbs terminology
Introduction
1 Scope
2 References
2.1 Normative references
2.2 Informative references
3 Definition of terms, symbols, abbreviations and notations
3.1 Terms
3.2 Symbols
3.3 Abbreviations
3.4 Notations
4 General Concepts
4.1 Preservation storage models
4.1.1 Overview
4.1.2 Preservation service with storage [WST]
4.1.3 Preservation service with temporary storage [WTS]
4.1.4 Preservation service without storage [WOS]
4.2 Functional goals
4.3 Preservation service applicable documentation
4.3.1 Preservation service practice statement
4.3.2 Preservation service policy
4.3.3 Preservation schemes and preservation profiles
4.3.4 Preservation evidence policy
4.3.5 Signature validation policy
4.4 Expected evidence duration
4.5 Preservation period
5 Risk assessment
6 Policies and practices
6.1 Preservation service practice statement
6.2 Terms and Conditions
6.3 Information security policy
6.4 Preservation profiles
6.5 Preservation evidence policy
6.6 Signature validation policy
6.7 Subscriber agreement
7 PSP management and operation
7.1 Internal organization
7.2 Human resources
7.3 Asset management
7.4 Access control
7.5 Cryptographic controls
7.6 Physical and environmental security
7.7 Operation security
7.8 Network security
7.9 Incident management
7.10 Collection of evidence
7.11 Business continuity management
7.12 TSP termination and termination plans
7.13 Compliance
7.14 Cryptographic monitoring
7.15 Augmentation of preservation evidences
7.16 Export-import package
8 Operational and notification protocols
8.1 Preservation protocol
8.2 Notification protocol
9 Preservation process
9.1 Storage of preserved data and evidences
9.2 Preservation evidences
9.3 Preservation of digital signatures
Annex A (normative): Qualified preservation service for QES as defined by article 34 the Regulation (EU) No 910/2014
Annex B (informative): Mapping of requirements to Regulation (EU) No 910/2014
Annex C (informative): Differences and relationships between an archival service and a preservation service
C.1 Archival services
C.2 Preservation services
C.3 Comparison of archival services with preservation services
C.4 Relationships between archival services and preservation services
Annex D (informative): Cryptographic threats and countermeasures
D.1 Risks based on collision attacks of one-way hash functions used within a digital signature
D.2 Risks based on the digital signature algorithm and key length
D.3 Risks based on the revocation of a signing key
History
Повна версія документа доступна в тарифі «ВСЕ ВРАХОВАНО».