UNITED STATES POSTAL SERVICE (USPS) USPS Public Key Infrastructure (PKI) X.509 Certificate Policy (CP) USPS PKI OID: 2.16.840.1.101.3.2.1.20.1 Version 1.67 October 01, 2007 Corporate Information Security Office United States Postal Service Raleigh, North Carolina United States Postal Service [page 01] USPS PKI CP October 2007 Table Of Contents 1. Introduction 2 1.1 Overview 3 1.2 Identification 3 1.3 Community and Applicability 3 1.4 Details 5 2 General Provisions 6 2.1 Obligations 6 2.2 Liability 9 2.3 Financial Responsibility 9 2.4 Interpretation and Enforcement 9 2.5 Fees 9 2.6 Publication and Repository 9 2.7 Compliance Audit 10 2.8 Confidentiality of Information 11 2.9 Intellectual Property Rights 12 3 Identification and Authentication 13 3.1 Initial Registration 13 3.2 Certificate Renewal, Update, and Routine Rekey 17 3.3 Authentication for Rekey after Revocation 17 3.4 Authentication of Revocation Request 17 4 Operational requirements 18 4.1 Application for a Certificate 18 4.2 Certificate Issuance 18 4.3 Certificate Acceptance 19 4.4 Certificate Suspension & Revocation 19 4.5 security audit procedures 22 4.6 records archival 25 4.7 key changeover 26 4.8 compromise and disaster recovery 27 4.9 ca termination 28 5 physical, procedural, and personnel security 29 5.1 physical controls 29 5.2 procedural controls 30 5.3 personnel security controls 33 6 technical security controls 35 6.1 key pair generation and installation 35 6.2 private key protection 36 6.3 good practices regarding key pair management 38 6.4 activation data 38 6.5 computer security controls 39 6.6 life cycle technical controls 39 6.7 network security controls 40 6.8 cryptographic module engineering controls 40 7 certificate and crl profiles 42 7.1 certificate profile 42 7.2 crl profile 43 8 specification administration 44 8.1 specification change procedures 44 8.2 publication and notification procedures 44 8.3 cps approval procedures 45 United States Postal Service [page 02] USPS PKI CP October 2007 9 compliance audit and other assessments 46 9.1 frequency and circumstances of compliance audits 46 9.2 identity/qualifications of assessor 46 9.3 assessor's relationship to assessed entity 46 9.4 topics covered by assessment 46 9.5 actions taken as a result of deficiency 46 9.6 communication of results 46 appendix a: acronyms 47 appendix b: definitions 48 appendix c: references 51 1 Introduction The United States Postal Service (USPS) operates a Public Key Infrastructure (PKI) to provide security for its electronic information. Programs that carry out or support USPS missions may require the type of security services provided by a PKI.  A PKI is a complex system that facilitates secure electronic data storage and exchange.  Security is by using public key cryptography.  The types of security services provided by a PKI are: Confidentiality: The transformation of data into a form unreadable by anyone without the proper key. Data Integrity: A service that addresses the unauthorized alteration of data by either confirming its integrity or warning about changes. Authentication: The process whereby users or information sources prove that they are who they claim to be. Non-repudiation: A service that limits denial of previous commitments or actions. These services are provided through public key cryptography’s use of certificates and the public and private cryptographic keys associated with the certificates. The primary function of a PKI is to manage these certificates and keys. A PKI manages the certificates through the following components: * Policy Authority (PA): A trusted party that oversees and enforces the Certificate Policy (CP). * Certification Authority (CA): A trusted party that creates, renews, and revokes certificates. * Registration Authority (RA): A trusted agent of the CA that verifies user identity. United States Postal Service [page 03] USPS PKI CP October 2007 * Certificate Repository: The public area in which users’ public keys are stored. This is the Lightweight Directory Access Protocol (LDAP) version (v) 3 directory provided through USPS implementation of Microsoft Active Directory. * Certificate Policies:The set of rules that guide the operation of the PKI. * Certificate Procedures:The set of practices that define the detail operations of the PKI. The USPS PKI consists of a central USPS Root CA, a USPS Intermediate CA, two USPS Subordinate CAs, RAs at Eagan and other USPS locations as needed based on logistics, and the X.500 directory supporting the USPS computing environment.  This document defines the certificate policies for the administration and operation of the USPS PKI including: * Subscriber identification and authorization verification. * Control of PKI computer and cryptographic systems. * Operation of PKI computer and cryptographic systems, facilities and personnel. * Usage of keys and public key certificates by subscribers and relying parties. * Definition of rules to limit liability and to provide a high degree of certainty that the stipulations of this policy are being met. This CP is used by the CAs within the USPS PKI and by CAs outside the USPS PKI who wish to inter-operate with the USPS Subordinate CA within the USPS PKI. Note: definitions of terms used in this CP are provided in Appendix B. Users of this document are to consult the appropriate USPS Certification Authority (CA) Certification Practice Statement (CPS) to obtain further details of the implementation of this CP. 1.1 Overview This CP follows and complies with the Internet Engineering Task Force (IETF) Request for Comment (RFC) 2527, X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. United States Postal Service [page 04] USPS PKI CP October 2007 This CP defines the primary obligations and operational responsibilities of all USPS PKI program participants, and defines the creation, management, and use of X.509 v 3 public key certificates.  Public key certificates are appropriate for use in applications requiring communication between networked computer-based systems and applications requiring electronic information confidentiality, integrity, authentication and non-repudiation. Such applications include, but are not limited to, electronic mail, transmission of sensitive but unclassified information, digital signing of electronic forms, contract submission digital signatures, and authentication of infrastructure components such as Web servers. Please note the term "X.509 certificates" as used in this CP implies X.509 v 3 certificates. While this CP does not require the use of public key certificates in any particular USPS application or program, if public key certificates are used they are used in accordance with this CP. This CP supports medium level assurance.Please note that the term "assurance" refers to the level of trust associated with a certificate. The term "assurance" is not intended to convey any representation or warranty as to 100% availability of the USPS CA services offered under this CP. Such availability may be affected by system maintenance, system repair, or factors outside the control of the USPS PKI. Issuance of a public key certificate under any part of this CP: * Is not to be used for protection of classified information. * Does not imply that the subscriber has any authority to conduct business transactions on behalf of the USPS CA. The terms and provisions of this CP are interpreted under and governed by federal law.  The U. S. government disclaims any liability that may arise from the use of this CP. 1.2 Identification The object identifier (OID) is named "usps-cp1" and assigned the Object Number 2.16.840.1.101.3.2.1.20.1.  The OID is registered with the National Institute of Standards and Technology (NIST). 1.3 Community and Applicability This CP defines the policies under which the USPS PKI is administered and operated. In compliance with USPS Handbook AS-805, Information Security, as a policy under the jurisdiction of the USPS Corporate Information Security Office (CISO), this CP applies to USPS organizations and USPS contractors and therefore USPS organizations and USPS contractors comply with this CP, unless a waiver is obtained from the USPS CISO. United States Postal Service [page 05] USPS PKI CP October 2007 The USPS PKI adheres to this CP. 1.3.1 Certification Authorities (CAs) The USPS CAs operating under this CP are responsible for: * Creating of end entity confidentiality (i.e. encryption) key pairs (if required). * Creating and signing of X.509 certificates binding subscribers with their verification public key and encryption keys. * Where permitted, creating and signing of X.509 certificates binding other CAs with their CA public keys. * Promulgating certificate status through Certificate Revocation Lists (CRLs). * Operating the CA in accordance with the CPS associated with this CP. * Approving and assigning individuals to fulfill the CA Operations positions. * Reviewing and auditing RA operations within its domain. * Resolving disputes between subscribers and the CAs or RAs. * Requesting revocation of PKI Operations personnel or RAs' certificates. A cross-certification between a USPS Subordinate CA and another CA are in accordance with this CP and any additional requirements determined by the USPS PKI PA.  All cross-certification is done pursuant to instructions from the PA.  Any agreements made with other CAs are documented and applicable disclaimers made vailable to subscribers. 1.3.2 Registration Authorities (RAs) RAs operating under this CP are responsible for end entity administration on behalf of the USPS CAs. 1.3.3 End Entities 1.3.3.1 Subscribers A subscriber may be an individual or an organization. A subscriber is the entity whose name appears as the subject in a certificate. Subscribers may be issued certificates for assignment to devices, groups, organizational roles, or applications provided that responsibility and accountability is attributable to an individual or an organization. United States Postal Service [page 06] USPS PKI CP October 2007 USPS PKI certificates are only issued after a request or uthorization for issuance is received from one or more USPS sponsors. Certificates may be issued to USPS employees, USPS contractors, or organizations with which the sponsor has relationships in conducting USPS business or research. The USPS Subordinate CAs and RAs may administer any number of subscribers. 1.3.3.2..Relying Parties A relying party is an entity that relies on the validity of the binding of the subscriber’s name to a public key. A relying party may be either a subscriber of the USPS PKI or a subscriber of a PKI that has signed a cross-certification agreement with the USPS PKI. 1.3.4..Applicability Certificates issued under this CP are only to be used for transactions relating to USPS business.  Certificates issued under this CP are suitable for providing co nfidentiality, integrity, authentication, and non-repudiation for USPS information up to and including sensitive but unclassified information. The combination of this CP and associated certificates can be used to protect USPS sensitive but unclassified data including: * Mission information. * Information that USPS is required by law or agreement to protect such as Privacy Act information and information provided to USPS by its contractors and subject to non- disclosure agreement. * Proprietary business and technology information such as legal, contract proposal, and source selection information. * Electronic commerce transactions including Electronic Data Interchange (EDI), e-mail, Web servers, Secure Socket Layer (SSL), etc. * Personally identifiable information, including social security number, biometric data, court-ordered non- disclosure, health, performance, bank routing number, credit card number, etc. United States Postal Service [page 07] USPS PKI CP October 2007 1.3.5 Approved and Prohibited Applications Applications for which issued certificates are suitable include the following: * Applications that use or contain USPS sensitive but unclassified information. * Electronic mail applications that use USPS standard electronic mail packages. * Web applications that contain USPS sensitive but unclassified information. * Electronic forms used in conducting USPS business. Applications for which issued certificates are prohibited include the following: * Applications that use or contain classified information. * Applications that have no relevance to USPS business. Approved and prohibited applications are identified by the USPS PKI PA. 1.3.6 Repositories The USPS PKI Manager ensures that there is at least one certificate and CRL repository associated with it. This repository should be in the form of one or more directories that comply with USPS X.509 standards. Where the repository is not under the control of a USPS CA, the USPS PKI PA ensures that the terms and conditions of its association with the repository include, but are not limited to, the subjects of availability, access control, and integrity of data. 1.4 Contact Details This CP is administered by the USPS PKI PA, CISO. The USPS PKI PA may be contacted at: USPS PKI Policy Authority Corporate Information Security Office United States Postal Service 475 L' Enfant Plaza SW Washington, DC 20260-2141 The USPS PKI Policy Authority may also be contacted at information_security@usps.gov. United States Postal Service [page 08] USPS PKI CP October 2007 2 General Provisions 2.1 Obligations 2.1.1 CA OBligations The USPS CAs operates in accordance with its CPS, this CP, and federal law and regulations when issuing and managing the keys provided under this CP. The USPS PKI Manager ensures that all RAs operating on his or her behalf comply with the relevant provisions of this CP concerning the operation of RAs. The USPS RAs take all reasonable measures to ensure that subscribers and relying parties are aware of their respective rights and obligations with respect to the operation and management of any keys, certificates, or subscriber hardware and software used in connection with the PKI. The USPS PKI PA: * Publishes this CP and associated CPSs. * Puts in place mechanisms and procedures to ensure that the RAs and subscribers are aware of and agree to abide with the stipulations in this CP and the USPS Subordinate CA CPS. * Ensures certificates of subscribers found to have acted in a manner counter to the Subscriber Agreement are revoked. * Establishes that any CA with whom it cross-certifies comply with all CPs that are mutually recognized. * Through compliance audit, verifies cross-certifying CAs comply with this CP. * Ensures the CPS conforms to this CP. * Ensures that certification services, issuance and revocation of certificates, and issuance of CRLs are in accordance with this CP. * Acts as the subscriber for the USPS Root CA and the USPS Intermediate CA(s). 2.1.1.1 Notification of Certificate Issuance and Revocation The USPS Subordinate CA makes certificates and CRLs available to a subscribers or relying parties in accordance with section 4-4. 2.1.1.2 Accuracy of Representations When the USPS Subordinate CA publishes a certificate, it certifies that it issued a certificate to a subscriber and verified that the information stated in the certificate is in accordance with this CP. Publication of the certificat in a public repository constitutes notice of such verification. United States Postal Service [page 09] USPS PKI CP October 2007 The USPS PKI RA provides to each subscriber notice of the subscriber’s rights and obligations under this CP. Such notice includes a description of the allowed uses of certificates issued under this CP, the subscriber’s obligations concerning key protection, and procedures for communication between the subscriber and the RA, including communication of changes in service delivery or changes to this CP. Such notice also indicates procedures to address suspected key compromise, certificate or key renewal, service cancellation, and dispute resolution. The USPS RA ensures that any notice includes a description of a relying party’s obligations with respect to use, verification, and validation of certificates. 2.1.1.3 Time Between Certificate Request and Issuance The time between a certificate request and the issuance of a certificate should be one business day or less. 2.1.1.4 Certificate Revocation and Renewal The USPS PKI PA ensures that procedures for the expiration, revocation, and re-issuance of a certificate conform to sections 3-2, 3.3, 3.4, and 4.4 of this CP and are expressly stated in the CPS, the Subscriber Agreement, or any other applicable document outlining the terms and conditions of the certificate use. The USPS PKI PA also ensures that notice of revocation of a certificate will be posted to the CRL within the time limits stated in sections 4.4.4 and 4.4.10. The address of the CRL is defined in the certificate. 2.1.1.5 Protection of Private Keys The USPS PKI Manager ensures that CA private keys and activation data are protected in accordance with Chapters 4 and 6 of this CP. The USPS RA ensures that subscriber private keys that it holds or stores and activation data are protected in accordance with Chapters 4 and 6 of this CP. The USPS PKI Manager ensures that any confidentiality (i.e. encryption) private keys of a subscriber have been backed up and are protected in accordance with Chapter 6 of this CP. 2.1.1.6 Restrictions on Issuing CA's Private Key Use The USPS PKI Manager ensures that its certificate signing private key is used only to sign CA related activities such as signing certificates, CRLs, and Authority Revocation Lists (ARLs). The USPS Subordinate CA may issue certificates to subscribers, CA and RA personnel, devices, and applications. The USPS Subordinate CA may also issue cross- certificates to other CAs when expressly authorized by the USPS PKI PA. United States Postal Service [page 10] USPS PKI CP October 2007 2.1.2 RA OBLIGATIONS RAs are obligated to conform to the stipulations of this CP and comply with the CPS. RAs that are found to have acted in a manner inconsistent with these obligations are subject to revocation of RA responsibilities. RAs are responsible for bringing to the attention of subscribers all relevant information pertaining to the rights and obligations of the USPS CA, RAs, and subscribers contained in this CP, the associated CPS, the Subscriber Agreement, if applicable, and any other relevant document outlining the terms and conditions of use. RAs are accountable for transactions performed on behalf of the USPS Subordinate CA. 2.1.2.1 Notification of Certificate Issuance and Revocation RAs are obligated to conform to certificate issuance and revocation stipulations of this CP and to comply with the CPS. There is no requirement for RAs to notify a relying party of the issuance or revocation of a certificate. 2.1.2.2 Accuracy of Representations When RAs submit subscriber information to a USPS Subordinate CA, they certify to the USPS Subordinate CA that they have authenticated the identity of that subscriber in accordance with Chapters 3 and 4 of this CP and guidelines established in the CPS. 2-1.2.3 Protection of RA Private Key Each RA ensures that his or her private keys are protected in accordance with Chapters 5 and 6. 2.1.2.4 Restrictions on RA Private Key Use RAs use the keys and certificates only for the purposes authorized by this CP and in conformance with the CPS. 2-1.3 Subscriber Obligations For the USPS Subordinate CA(s), a subscriber is obliged to enter into an agreement or abide by an acceptable use policy which outlines the terms and conditions of use, including permitted applications and purposes. RAs are responsible for ensuring subscriber obligations. For the USPS Root CA and the USPS Intermediate CA(s), the USPS PKI PA acts as the subscriber. 2.1.3.1 Accuracy of Representations Any information required to be submitted to a RA in connection with a certificate is complete and accurate. The RA verifies the subscriber information is complete and accurate. United States Postal Service [page 11] USPS PKI CP October 2007 2.1.3.2 Protection of Subscriber Private Key and Key Token Subscribers are required to protect their private keys and key tokens (if applicable) in accordance with section 6, and to take all reasonable measures to prevent their loss, disclosure, modification, or unauthorized use. 2.1.3.3 Restrictions on Subscriber Private Key Use The subscriber uses the keys and certificates only for purposes related to USPS business and in conformance with this CP and the CPS. 2.1.3.4 Notification Upon Private Key Compromise Where a subscriber suspects private key compromise, he or she immediately notifies a RA in a manner specified by this CP and in accordance with the CPS. 2.1.3.5 Notification Upon Recovery Information Compromise If using self key recovery, subscribers inform a RA immediately of any suspected unauthorized use of recovery information or compromise of recovery information. 2.1.4 Relying Party Obligations The rights and obligations of a relying party who is a member of this PKI are covered in this CP. The rights and obligations of a relying party belonging to another PKI is addressed in the cross- certification agreement between the USPS PKI and the other PKI. 2.1.4.1 Use of Certificates for Appropriate Purpose Relying parties use the certificate only for the purposes for which it was issued and in accordance with this CP and the CPS. 2.1.4.2 Verification Responsibilities Relying parties only use certificates in accordance with the certification path validation procedure specified in the X.509 standard and IETF RFC 2459, Internet X.509 Public Key Infrastructure Certificate and CRL Profile. 2.1.4.3 Revocation Check Responsibility Prior to using a certificate, a relying party checks the status of the certificate against the appropriate and current CRL in accordance with the requirements stated in section 4-4.10 of this CP. As part of this verification process, the digital signature of the CRL is also validated. 2.1.5 Repository Obligations Repositories that support the USPS CAs in posting information as required in this CP maintain availability of CRLs in accordance with the requirements stated in section 4-4.10 of this CP. If applicable,repositories provide access control mechanisms sufficient to protect certificates and CRLs as provided in section 2-6.3 of this CP. United States Postal Service [page 12] USPS PKI CP October 2007 Repositories are available on a schedule set forth by the USPS PKI PA. 2.2 Liability USPS disclaims any liability that may arise from use of any certificate issued by or under the authority of USPS, or from the determination to revoke a certificate issued by or under the authority of USPS. In no event is USPS liable for any damages, including, but not limited to, direct, indirect, special, consequential, or punitive damages, arising out of or relating to any certificate issued or revoked by or under the authority of USPS. 2.3 FINANCIAL RESPONSIBILITY 2-3.1 Indemnification by Relying Parties USPS disclaims any fiduciary liability that may arise from use of any certificate issued by or under the authority of USPS, or from the determination to revoke a certificate issued by or under the authority of USPS. 2.3.2 Fiduciary Relationships Issuance of certificates by the USPS Subordinate CA and assistance in that issuance by a USPS RA does not make USPS or its USPS Subordinate CA or RA an agent, fiduciary, trustee, or other representative of requesters or relying parties, or others using the USPS PKI. 2.4 Interpretation and Enforcement 2.4.1 Governing law Federal law governs the enforceability, construction, interpretation, and validity of this CP. 2.4.2 Severability, Survival, Merger, Notice Severance or merger may result in changes to the scope, management, and/or operations of the USPS CAs. In such an event , this CP may require modification as well. Should it be determined that one section of this CP is incorrect or invalid, the other sections of this CP remain in effect until the CP is updated. Requirements for updating this CP are described in Chapter 8 of this CP. Responsibilities, requirements, and privileges of this CP are merged to the newer CP upon its release. 2.4.3 Dispute Resolution Procedures Any dispute related to key and certificate management between USPS and an organization or individual outside of USPS is resolved using the following dispute settlement mechanism: * A dispute is resolved by negotiation if possible. * A dispute not settled by negotiation is resolved through arbitration by the USPS PKI PA. United States Postal Service [page 13] USPS PKI CP October 2007 2.5 Fees No stipulation. 2.6 Publication and Repository 2.6.1 Publication of CA Information The USPS PKI PA: * Publishes a CPS on a Web site maintained by or on behalf of the USPS CAs, the location of which will be identified in compliance with Chapter 8 of this CP. * Provides a full text version of the applicable CPS when necessary for the purposes of any audit, accreditation, or cross-certification. * Provides the following certificate information in the repository: * All encryption public key certificates issued by the USPS Subordinate CA to subscribers. * All cross-certificates issued by the USPS Subordinate CA to other CAs. * Most recent CRL of public key certificates revoked by the USPS Subordinate CA. * Most recent ARL of cross-certificates revoked by the USPS Subordinate CA. 2.6.2 Frequency of Publication Certificates are published following subscriber acceptance. CRL publication is in accordance with Chapter 4 of this CP. 2.6.3 Access Controls The USPS PKI PA ensures, directly or through agreement with a repository, that repository access controls are configured on certificates, certificate status information, and CRLs and that only authorized personnel can write or modify the online version of this CP and the CPSs. Subscribers have read only access to this CP and the CPSs. 2.6.4 Repositories The USPS LDAP v3 Directory is used as the USPS certificate repository in order to facilitate the widest distribution of certificates. United States Postal Service [page 14] USPS PKI CP October 2007 2.7 Compliance Audit A USPS PKI compliance audit mechanism is performed by the Office of the Inspector General (OIG) to ensure that the requirements of this CP and the CPSs are being implemented and enforced. A compliance audit determines whether the USPS CAs actual performance meets the standards established in its CPS and satisfies the requirements of this CP. The audit specifications for the RA function are defined in the USPS Subordinate CA CPS. 2.7.1 Frequency of Compliance Audit A compliance audit of the USPS CAs and randomly selected RAs is performed no less frequently than once per year. The USPS PKI PA and\or Office of the Inspector General may order a compliance audit at any time at its discretion. 2.7.2 Identity/Qualifications of CA Auditor The USPS PKI PA approves the auditor or auditing organization to be used for compliance audits. The auditor performs CA information system security audits as a primary responsibility, demonstrate significant experience with PKI and cryptographic technologies as well as the operation of relevant PKI software. The auditor is thoroughly familiar with the requirements associated with the issuance and management of certificates. 2.7.3 Auditor’s Relationship to Audited CA The auditor performing the compliance audit can be contracted by USPS or can be an organization within USPS sufficiently separated from the audited USPS CA to provide an unbiased, independent evaluation. 2.7.4 Topics Covered by Audit The purpose of the audit is to verify that the USPS CA is implementing its practices and policies in accordance with this CP and the CPS. 2.7 Compliance Audit A USPS PKI compliance audit mechanism is performed by the Office of the Inspector General (OIG) to ensure that the requirements of this CP and the CPSs are being implemented and enforced. A compliance audit determines whether the USPS CAs actual performance meets the standards established in its CPS and satisfies the requirements of this CP. The audit specifications for the RA function are defined in the USPS Subordinate CA CPS. 2.7.5 Actions Taken as a Result of Audit Any discrepancies between the USPS CA’s operation and the stipulations of this CP and the CPS is recorded by the auditor in a formal report to be submitted to the USPS PKI PA. In addition to noting any discrepancies, the auditor notes the severity of any discrepancies. United States Postal Service [page 15] USPS PKI CP October 2007 The USPS PKI PA in consultation with the USPS PKI Operations personnel determines: * The remedy for any noted discrepancies. * A time for completing remedies to any discrepancies noted. * If other parties require notification, in relation to the type and severity of any discrepancies. In the case of discrepancies classified as severe discrepancies which affect other parties, the affected parties will be notified of the discrepancies and the actions being taken to remedy the discrepancies. A remedy may include any of the following procedures: * Indicate the discrepancies, but allow the USPS CA to continue operations until the next programmed audit; or * Allow the USPS CA to continue operations for a maximum of 30 days pending correction of any problems prior to revocation; or * Suspend USPS CA operation. The decision regarding which of these actions to take will be based on the severity of the discrepancies, the risks imposed, and the disruption to subscribers. 2.7 Compliance Audit A USPS PKI compliance audit mechanism is performed by the Office of the Inspector General (OIG) to ensure that the requirements of this CP and the CPSs are being implemented and enforced. A compliance audit determines whether the USPS CAs actual performance meets the standards established in its CPS and satisfies the requirements of this CP. The audit specifications for the RA function are defined in the USPS Subordinate CA CPS. 2.7.6 Communication of Results Results of an audit are communicated to the USPS PKI PA, in accordance with this CP, and as defined by the CPS. Communication to subscribers or other USPS personnel depends on the discrepancies discovered and the remedies to be taken. If one of the USPS CAs is found not to be in compliance with this CP and the CPS, the USPS PKI Manager is notified immediately at the completion of the audit. Required remedies are defined and communicated to the USPS PKI Manager as soon as possible to limit the risks created. The implementation of remedies are communicated to the USPS PKI PA. A special audit may be required to confirm the implementation and effectiveness of the remedy. United States Postal Service [page 15] USPS PKI CP October 2007 The method and detail of notification of audit results to CAs cross-certified with the USPS Subordinate CA is defined within the cross-certification agreement between the two parties. Unless specified in a particular cross-certification agreement, no communication of the audit results occurs outside USPS. 2.8 Confidentiality of Information All information that is not considered by the USPS PKI PA to be public is treated as sensitive. Specification of confidential information is addressed in the following subsections. 2.8.1 Types of Information to be Kept Confidential The subscriber's private signing key is kept confidential by the subscriber. The subscriber’s copy of his/her private encryption key (to provide confidentiality) is kept confidential by the subscriber. However, private keys may be backed-up by the issuing USPS Subordinate CA or another party on behalf of the USPS Subordinate CA, in which case these keys are protected in accordance with section 6, and not disclosed to any other party without the prior consent of the subscriber or sponsor, unless required by law. Personal or corporate information held by the USPS CAs or RAs, other than that which is explicitly published as part of a certificate, CRL, ARL, certificate policy, or this CP is considered sensitive and not released unless required by law. Collection of personal information is subject to collection, maintenance, retention, and protection requirements of the Privacy Act of 1974, 5 U.S.C. § 552a. Access to information stored by the USPS CAs or RAs is restricted to those with an official need-to-know in order to perform their official duties. Information held in audit trails is considered sensitive and not released outside the agency, unless required by law. Generally, the results of annual audits are kept confidential, with exceptions as outlined in section 2-7. Any keys held by the USPS CAs are released only to an organizational authority, in accordance with this CP and the applicable CPS, or a law enforcement official, in accordance with U.S. law and this CP. Confidentiality of relevant information in the directory is achieved through the use of access controls. 2.8.2 Types of Information Not Considered Confidential Information included in public certificates, CRLs, and ARLs issued by USPS CAs is not considered sensitive. United States Postal Service [page 17] USPS PKI CP October 2007 Information in this CP is not considered sensitive. 2.8.3 Disclosure of Certificate Revocation Information If a certificate issued by a USPS CA is revoked or suspended, a reason code is included in the CRL entry for the action. This reason code is not considered confidential. However, no other details concerning the revocation are normally disclosed. 2.8.4 Information Release USPS PKI Operations does not disclose certificate or certificate- related information to any third party, except when: * Authorized by this CP or the applicable CPS. * Required to be disclosed by law, U.S. government rule or regulation, or court order. * Required to release information to law enforcement officials, consistent with the USPS policy. * Authorized by the subscriber when necessary to affect an appropriate use of the certificate. The USPS PKI PA may choose to further define or restrict the subscriber’s authority to disclose certificate or certificate-related information. Any requests for the disclosure of information is signed and delivered to the USPS PKI PA. 2.8.5 Release as Part of Civil Discovery To release information as part of civil discovery, USPS PKI personnel comply with the USPS organizational policy. 2.8.6 Other Information Release Circumstances No stipulation. 2.9 Intellectual Property Rights The Postal Service retains exclusive right to any product or information developed by it under or pursuant to this CP including, but not limited to, any public key certificates and private keys that it issues. The rights to any product or information developed by a Postal Service contractor under or pursuant to this CP is governed by the terms of the contract and federal laws and regulations. United States Postal Service [page 18] USPS PKI CP October 2007 3. Identification and Authentication 3.1 Initial Registration 3.1.1 Types of Names Names for certificate issuers and certificate subjects are of the X.500 Distinguished Name (DN) form.  The "United States Postal Service" is a registered name in accordance with American National Standards Institute, the U.S.National Name Registration Authority.  A single naming hierarchy is established within the Postal Service as outlined below: Names for certificate issuers (i.e. USPS CA) and certificate subjects (i.e. subscriber or end entity) are of the X.500 DN form. These names are unique and unambiguous within the USPS hierarchy as specified in the USPS Directory Service Architecture, Standards and Products document. Certificate issuers will have entries at the organizationName level.  The DNs will follow the following form: OU=United States Postal Service,O=U.S.Government,C=US Certificate subjects will have entries at the organizationalUnitName level.  The DNs will follow the following form: CN=Jane Doe, OU=United States Postal Service,O=U.S. Government,C=US All attributes identified in this section are as defined in International Telecommunications Union - Telecommunications Standardization Sector (ITU-T) Recommendation X.521 Information Technology - Open Systems Interconnection - The Directory: Selected Object Classes (1988). Certificate subjects may choose an optional Alternated Subject Name if marked non-critical. Certificate subjects may choose to have additional name forms, such as an e-mail address; however, the DN is the primary name and the one used to populate the subject fields of certificates and CRLs. Additional objects outside the scope of this CP will also be present in the naming hierarchy. 3.1.2 Need for Names to Be Meaningful All names, including machine names and application names, will be unique and understandable to humans.  The DN will represent the subscriber in a way that is easily understandable for humans. For people, this will be a legal name.  For equipment, this will be a model name and serial number. The contents of each certificate Subject and Issuer name field will have an association with the authenticated name of the Entity. United States Postal Service [page 19] USPS PKI CP October 2007 A certificate issued for a device or application will include within the Directory entry the name of the person or organization responsible for that device or application. All certificates will have name constraints asserted that limit the name space of the CAs to that appropriate for the domain. 3.1.3 Rules for Interpreting Various Name Forms Rules for interpreting name forms will be contained in the applicable certificate profile. As the USPS organization responsible for management and operation of the USPS X.500 directory, Information Technology Engineering and Architecture is responsible for the USPS X.500 directory name space. 3.1.4 Uniqueness of Names Distinguished names will be unique for all end entities of the USPS CA.  X.500 distinguished names will be used, and the USPS CAs and RAs will enforce name uniqueness within the X.500 name space, which they have been authorized. When name forms other than a DN (e.g., e-mail address or DNS name) are used, they too will be allocated to ensure name uniqueness. 3-1.5 Name Claim Dispute Resolution Procedure Any dispute related to a name claim between USPS and an organization or individual outside of USPS will be resolved using the following dispute settlement mechanism: A dispute will be resolved by negotiation if possible. A dispute not settled by negotiation will be resolved through arbitration by the USPS PKI PA. 3.1.6 Recognition, Authentication, and Roles of Trademarks The USPS CA may establish cross-certification with other CA domains outside the USPS PKI.  The naming and trademark issues associated with those names within those domains is outside the scope of this CP. 3.1.7 Method to Prove Possession of Private Key In all cases where the party named in a certificate generates its own keys, that party will be required to prove possession of the private key which corresponds to the public key in the certificate request. For signature keys, this may be done by the entity using its private key to sign a value and providing that value to the USPS Subordinate CA. The USPS Subordinate CA will then validate the signature using the party’s public key. United States Postal Service [page 20] USPS PKI CP October 2007 In the case where a key is generated directly on the party’s hardware or software token, or in a key generator that benignly transfers the key to the party’s token, then the party is deemed to be in possession of the private key at the time of generation or transfer. If the party is not in possession of the token when the key is generated, then the token (e.g., a smartcard) will be delivered to the subject in a way that ensures that the correct tokens and activation data are provided to the correct subjects. For all assurance levels, when keyed hardware tokens are elivered to certificate subjects, the delivery will be accomplished in a way that ensures that the correct tokens and activation data are provided to the correct subjects. The USPS Subordinate CA (or Entity) will maintain a record of validation for receipt of the token by the subject. When any mechanism that includes a shared secret (e.g., a password or PIN) is used, the mechanism will ensure that the applicant and the USPS Subordinate CA (or Entity) are the only recipients of this shared secret. Prior to the issuance of a certificate, the USPS Subordinate CA and end entity will confirm their respective identities through the use of a shared secret. Prior to the exchange of a private decryption key, the USPS Subordinate CA and end entity will confirm their respective identities through the use of a shared secret. 3.1.8 Authentication of Organization Identity Public key certificates will be issued to individuals whenever possible.  For those cases in which there are several individuals acting in one capacity, a certificate may be issued that contains the name of an organization. An application for an organization to be a subscriber will be made by an individual authorized to act on behalf of the prospective subscriber (i.e. organization). This authorized individual will be the person in the organization who will be responsible for ensuring control of the certificate and the associated private keys, including accounting for which individual of the organization has control of the keys at what time. In addition, in the case of an organization, the confidentiality (i.e., encryption) key pair will be used but the digital signature key pair will not be used. Identification and authentication of the prospective subscriber will be by the following means: * Requests for organizational certificates will include the organization name, address, and documentation of the existence of the organization. United States Postal Service [page 21] USPS PKI CP October 2007 * The RA will examine notarized copies of documentation providing evidence of the existence of the organization. * The RA will also verify the identity and authority of the individual acting on behalf of the prospective subscriber and their authority to receive the keys on behalf of that organization. * The RA will keep a record of the type and details of identification used. * The RA will retain the name of the person to whom the organizational certificate is issued. The procedures for issuing an organizational certificate will not conflict with other stipulations of this CP (e.g., key generation, private key protection, and user obligations). The USPS Subordinate CA may issue cross-certificates to the CAs of contractors and partners.  The USPS PKI PA will review the policies and procedures of the other CA before approving a cross- certification. The USPS PKI PA will authenticate the other CA using existing business agreements between USPS and the other CA’s organization or through searches of recognized databases of registered corporations, or by presentation of the organization's articles of incorporation to the USPS PKI PA.  In all cases, the authentication documentation will be filed and retained by the USPS PKI PA. 3.1.9 Authentication of Individual Identity An application for an individual to be a subscriber will be made by the individual. In addition to the identification and authentication described below, the prospective subscriber will personally present him or herself to a RA for authentication prior to certificate issuance. It is the responsibility of a RA to verify the identity of the subscriber applying for a certificate.  A RA will obtain confirmation of the subscriber’s identity and affiliation with USPS.  A RA will record, file, and retain a copy of the authentication documentation described below. 3.1.9.1 Authentication of Subscriber's Affiliation Confirmation of the individual’s affiliation with USPS will be through one of the following means: United States Postal Service [page 22] USPS PKI CP October 2007 * For most USPS personnel, proof of affiliation is provided through the identification badge issued to the individual. For the badge to be considered confirmation of affiliation, the badge issuer will have received official notification of the individual's affiliation. * For USPS employees, the badge issuer will receive notification of employment from the USPS Human Resources department. The badge issuer will retain this notification. Examples of acceptable notification include official federal employment forms or written and signed notification from Human Resources hiring officials. * For contractors, the badge issuer will receive confirmation from the contractor's Contracting Officer's Technical Representative (COTR) or Technical Monitor. * For USPS facilities in which the badge process does not meet the requirement noted above, a RA will receive and retain notification of the individual's affiliation. For USPS employees, a RA will first receive written and signed confirmation from the USPS Human Resources department. For contractors, a RA will first receive written and signed confirmation from the contractor's COTR or Technical Monitor. 3.1.9.2 Authentication of Subscriber's Identity Confirmation of the individual’s identity will be through one of the following means: * For some USPS facilities, identity checks may be performed as part of the initial hiring and badge procedure for USPS employees and/or contractors. If so, the RA will require two credentials, at least one of which will be a photo ID such as a drivers license or passport. Other credentials include original copies of state and federal-issued identity documents. The RA will collect a copy of the documentation used to verify the identity information or show access to a database or file where the information is retained. * If a USPS facility does not provide identity checks as part of the initial hiring and badge procedure, the RA will perform the identity verification or be shown a form of identification for which an identity check has previously been performed. United States Postal Service [page 23] USPS PKI CP October 2007 @ For RAs performing identity verification, the RA will require two credentials, at least one of which will be a photo ID such as a drivers license or passport. Other credentials include original copies of a Social Security card and a birth certificate with a raised seal.  The RA will record, file, and retain a copy of the information checked along with the sources used to check the information. @ For a RA accepting other forms of identification, the identification provided will include a picture. A RA accepting another form of identification will make a copy ofthe form of identification accepted or record and retain the following: The form of identification accepted. - Any unique identification information associated with the form. - Any expiration information associated with the form. 3-1.9.3 Authentication Process Documentation The RA will record, file, and retain the following authentication process documentation: * The identity of the person performing the identification. * A signed declaration by that person that he or she verified the identity of the applicant or how the applicant is known to the verifier. * A unique identifying number from the ID of the verifier and from the ID of the applicant. * The date and time of the verification. * A declaration of identity signed by the applicant using a handwritten signature performed in the presence of the person performing the identity authentication. If an applicant is unable to be present for face-to-face registration, the applicant will be represented by a trusted person already issued a digital certificate by the Entity. The trusted person will present information sufficient for registration for both himself/herself and the applicant whom the trusted person is representing. United States Postal Service [page 24] USPS PKI CP October 2007 3.1.10 Authentication of Devices or Applications Some computing and communications components (routers, firewalls, servers, etc.) will be named as certificate subjects. In such cases, the component will have a human sponsor. If the human sponsor retires, dies, or transfers, a new sponsor is designated. Application will be made by an individual or organization to which the device or application is attributable. Identification and authentication of the applicant will follow section 3-1.8 or 3-1.9 as if that individual or organization was applying for the certificate on its own behalf. The PKI sponsor is responsible for providing the following registration information: * Equipment identification (e.g., serial number) or service name (e.g., DNS name). * Equipment public keys. * Equipment authorizations and attributes (if any are to be included in the certificate). * Contact information to enable the CA or RA to communicate with the sponsor when required. The registration information will be verified. Acceptable methods for performing this authentication and integrity checking include, but are not limited to: * Verification of digitally signed messages sent from the sponsor (using certificates of equivalent or greater assurance than that being requested). * In person registration by the sponsor, with the identity of the sponsor confirmed in accordance with the requirements of section 3-1.9. A RA will also verify the identity of individuals or organizations making the application and their authority to receive the keys for that device or application. The RA will keep a copy of the application request and record, file, and retain the type and details of identification used. The certificate is revoked if the sponsor dies, retires, transfers, or if there are changes in his or her job responsibilities. United States Postal Service [page 25] USPS PKI CP October 2007 3.2 Certificate Renewal, Update, and Routine Rekey 3-2.1 Certificate Rekey The longer and more often a key is used, the more susceptible it is to loss or discovery. This weakens the assurance provided to a relying party. Therefore, it is important that a subscriber periodically obtains new keys and re-establishes its identity. Identity may be established through use of a current signature key, except that identity will be established through initial registration process at least once every nine years from the time of initial registration. Rekeying a certificate means that a new certificate is created that is identical to the old one, except that the new certificate has a new, different public key, a different serial number, and may be assigned a different validity period. A request for rekey may only be made by the Entity in whose name the keys have been issued. Only Entities that are USPS employees may request rekey on the basis of existing subscriber certificates. All other Entities will identify themselves as in an initial request, in accordance with section 3-1. For cross-certification relationships, no automatic rekey will be provided. If the USPS PKI PA determines that a cross- certification agreement is to extend beyond the original period, a new cross-certificate is issued, prior to expiration of the current one. The same identification and authentication process used for initial cross-certification agreements applies to the issuance of new keys. 3.2.2 Certificate Renewal Renewing a certificate means creating a new certificate with the same name, key, and other information as the old one, but with a new, extended validity period and a new serial number. Certificates may be renewed in order to reduce the size of CRLs. A certificate may be renewed if the public key has not reached the end of its validity period, the associated private key has not been compromised, and the subscriber name and attributes are unchanged. 3.2.3 Certificate Update Updating a certificate means creating a new certificate that has the same or a different key and a different serial number and differs in one or more other fields from the old certificate.  For example, the USPS Subordinate CA may choose to update a certificate of a subscriber whose characteristics have changed. The old certificate may or may not be revoked, but will not be further rekeyed, renewed, or updated. Further, if an individual’s name changes (e.g., due to marriage), then proof of the name change will be provided to the RA in order for an updated certificate having the new name to be issued. United States Postal Service [page 26] USPS PKI CP October 2007 Finally, when the USPS Subordinate CA updates its private signature key and thus generates a new public key, the CA will notify all CAs, RAs, and subscribers that rely on the CA’s certificate that it has been changed. For self-signed ("root") certificates, such certificates will be conveyed to users in a secure fashion to preclude malicious substitution attacks. 3.3 Authentication for Rekey After Revocation For subscribers whose certificates have been revoked, rekey will not be permitted until the identification and authentication requirements for initial registration are repeated, except in the situation where an organizational change within USPS results in changes to the DNs of several employees. For revoked cross-certificates, no rekey will be done until the identification and authentication requirements are repeated. 3.4 Authentication of Revocation Request The RA acting on behalf of the USPS Subordinate CA will authenticate certificate revocation requests. The CPS sets out in the process for addressing such requests and the means for establishing the validity of the request. The USPS CA revocation policy is presented in section 4-4 of this CP. Requests for revocation of a certificate will be logged. 4 Operational Requirements 4.1 Application for a Certificate The USPS PKI PA will ensure that all procedures and requirements with respect to an application for a subscriber certificate are set out in the USPS Subordinate CA CPS and are in compliance with this CP. The following steps will be required in the certificate application process: * A RA will establish the identity of the certificate requester per sections 3-1.8 and 3-1.9. * The applicant will sign an agreement or an acknowledgement of the applicable terms, conditions governing their use of the certificate, and requirements for protection of the private key. An application for a subscriber certificate does not oblige the USPS Subordinate CA to issue a certificate. The USPS PKI PA will sponsor the request for certificates to be generated by the USPS Root CA and the USPS Intermediate CA. United States Postal Service [page 27] USPS PKI CP October 2007 4.1.1 DELIVERY OF PUBLIC KEY FOR CERTIFICATE ISSUANCE Public keys will be delivered for certificate issuance in a way that binds the applicant Entity's verified identification to the public key. This binding will be accomplished using cryptography that is as strong as that employed in certificate issuance. In those cases where public/private key pairs are generated by the USPS Subordinate CA on behalf of the subscriber, the CA will implement secure mechanisms to ensure that the token on which the public/private key pair is held is securely sent to the proper subscriber. The USPS Subordinate CA will also implement procedures to ensure that the token is not activated by an unauthorized entity. 4.2 Certificate Issuance It is the responsibility of the RA to verify that the application information by the subscriber or machine sponsor is correct and accurate. If databases are used to confirm subscriber and machine sponsor information, then these databases will be protected from unauthorized modification to a level commensurate with the level of assurance of the certificate being sought. Upon completion of the certificate application process per section the USPS Subordinate CA will: * Build and sign a certificate, with confirmation from the RA. * Publish the certificate in the USPS repository. * Send the certificate to the subscriber. The issuance and publication of a certificate by the USPS Subordinate CA indicates a complete and final approval of the certificate application. 4.2.1 Delivery of Private Key to SUbscriber or Machine Sponsor In most cases, a private key will be generated and remain within the cryptographic boundary of the cryptographic module. If the owner of the module generates the key, then there is no need to deliver the private key. If the key is generated elsewhere, then the module will be delivered to the subscriber or machine sponsor. Accountability for the location and state of the module will be maintained until the subscriber or machine sponsor accepts possession of it. The subscriber or machine sponsor will acknowledge receipt of the module. Under no circumstances will anyone other than the subscriber or machine sponsor have substantive knowledge of or control over private signing keys after generation of the key. Anyone who generates a private signing key for a subscriber or machine sponsor will not retain any copy of the key after United States Postal Service [page 28] USPS PKI CP October 2007 delivery of the private key to the subscriber or machine sponsor. A secondary check will be performed by USPS PKI Operations personnel to assure that the information was provided correctly from the USPS PKI RA. For information on delivery of key pairs for certificate issuance, please refer to sections 6-1.2. The USPS Root CA will be sponsored by the USPS PKI PA and its certificates will be requested, applied for, and documented by the USPS PKI PA or their designated representative. 4.3 Certificate Acceptance Acceptance is the action by a subscriber or machine sponsor that triggers the subscriber's or machine sponsor's duties and potential liability. Prior to issuing a certificate, the USPS Subordinate CA will ensure, in its CPS, a technical or procedural mechanism to: * Explain to the subscriber or machine sponsor its responsibilities as defined in section 2-1.3. * Require the subscriber or machine sponsor to indicate acceptance of the responsibilities and the certificate by signing a document or statement containing the requirements the subscriber will meet to protect the private key and the use of the certificate. The ordering of this process, and the mechanisms used, will depend on factors such as where keys are generated and how certificates are posted. For a device or application, the individual or organization responsible for the device or application may do the acceptance. 4.4 Certificate Suspension & Revocation 4.4.1 Circumstances for Revocation A certificate will be revoked when the certificate is no longer trusted. Reasons for certificate revocation are: * Private keys are compromised or suspected of compromise. * When identifying information or attributes in the certificate changes before the certificate expires (i.e. organizational change). * Media holding the private key is compromised or suspected of compromise. * Request from the USPS PA. United States Postal Service [page 29] USPS PKI CP October 2007 * The subscriber’s or machine sponsor's employment is terminated or the subscriber or machine sponsor is suspended for cause. * Failure of the subscriber or machine sponsor to meet the subscriber obligations under this CP, the CPS, or any applicable law. * The subscriber, machine sponsor, or other authorized party (as defined in section 4-4.2) requests that the certificate be revoked. A cross-certificate issued by a USPS Subordinate CA to an external CA will be revoked when the certificate is no longer trusted for any reason or if the relationship is no longer required. Reasons for cross-certificate revocation are: * Compromise or suspected compromise of private keys. * Failure of the cross-certified CA to meet the obligations as stated in the cross-certification agreement. * Unexpected changes to the business relationship between the two entities. 4.4.2 Who Can Request Revocation The revocation of a certificate may only be requested by: * The subscriber in whose name the certificate has been issued. * The individual or organization that made the application for the certificate on behalf of a device or application. * The subscriber’s management, if the subscriber is a USPS employee or contractor. * CA personnel of the USPS PKI. * RA personnel associated with the USPS PKI. * The Corporate Information Security Office. * The USPS Inspection Service. * The USPS PKI PA. 4.4.3 Procedure for Revocation Request Requests for revocation will provide identification of the certificate to be revoked, an explanation of the reason for revocation, and allowances for the request to be authenticated (e.g., digitally or manually signed). Authentication of certificate revocation requests is important to prevent malicious revocation of certificates by unauthorized parties. United States Postal Service [page 30] USPS PKI CP October 2007 Upon receipt and authentication of a revocation request concerning a certificate created by either the USPS Root CA or the USPS Intermediate CA, the request will be forwarded to the USPS PKI PA for approval. If approved, the USPS PKI PA will direct the USPS PKI CA Administrator to revoke the certificate and record the event. An approved revocation request and any resulting action taken by the USPS CAs will be recorded and archived. When a certificate is revoked, a detailed description of the reason for the revocation will also be documented. Upon receipt and authentication of a revocation request concerning a certificate created by the USPS Subordinate CA, a RA will send the revocation request to the USPS PKI Certificate Manager. The USPS PKI Certificate Manager will revoke the certificate and will record the event. The revocation request, and any resulting actions taken by the USPS Subordinate CA or a RA, will be retained. When a certificate is revoked, a detailed description of the reason for the revocation will also be documented. When a subscriber’s certificate is revoked, the revocation will be published in the appropriate CRL. Revoked certificates will remain on the CRL until the certificate expires. When a cross- certificate is revoked, the revocation will be published in the ARL of the USPS Subordinate CA. For PKI implementations using hardware tokens, a subscriber ceasing its relationship with an organization that sponsored the certificate will, prior to departure, surrender to the organization (through any accountable mechanism) all cryptographic hardware tokens that were issued by or on behalf of the sponsoring organization. Regardless of whether or not the hardware token was surrendered, all subscriber certificates associated with the tokens will be immediately revoked. The token surrendered will be sanitized or destroyed promptly upon surrender and will be protected from malicious use between surrender and sanitization or destruction. 4.4.4 Revocation of a Certificate Issued by the CA Revocation will take effect upon the publication of status information (identifying the reason for the revocation, which may include loss, compromise, or termination of employment) starting from the time the request is authenticated or sufficient evidence of compromise or loss is received. Information about a revoked certificate will remain in the status information until the certificate expires. A certificate may be omitted from CRLs issued after it expires. United States Postal Service [page 31] USPS PKI CP October 2007 4.4.5 Revocation Request Grace Period Actions in response to a request for revocation will be initiated within 18 hours of receipt. The USPS Subordinate CA’s revocation request grace period may be shorter than 18 hours; if there are circumstances under which the USPS Subordinate CA needs to take immediate action, these will be spelled out in the CPS. 4.4.6 Circumstances for Suspension The USPS Subordinate CA may disable/suspend a subscriber’s certificate if a subscriber goes on leave. The USPS Subordinate CA may disable/suspend a subscriber’s certificate in support of a security investigation by internal USPS security personnel or external law enforcement agencies. Unlike revocation, disabling a subscriber allows for re-enabling at a later time. Information on public keys of disabled subscribers is not available in the USPS repository, but it is retained in a USPS Subordinate CA database. Once the certificate is disabled or suspended, the subscriber’s keys are not available for encryption or signing. However, any files that were signed, prior to the suspension, may be verified by recipients. Certificate suspension for CA certificates is not permitted. Cross-certificates will not be suspended. 4.4.7 Who can Request Suspension The parties identified in section 4-4.2 can also request disabling/suspending a certificate. 4.4.8 Procedure for Suspension Request The USPS Subordinate CA will ensure that all procedures and requirements with respect to the suspension of a certificate are set out in the CPS. Requests for suspension will provide identification of the certificate to be suspended, an explanation of the reason for suspension, and allowances for the request to be authenticated (e.g., digitally or manually signed). Upon receipt and confirmation of the suspension request, the USPS Certificate Manager will suspend the certificate and will record the event. A confirmed suspension request, and any resulting actions taken by the USPS Subordinate CA or a RA, will be retained. 4.4.9 Limits on Suspension Period The requesting party will stipulate limits. United States Postal Service [page 32] USPS PKI CP October 2007 4.4.10 CRL Issuance Frequency The USPS Subordinate CA will ensure that it issues an up-to-date CRL at least every 24 hours, even if there are no changes or updates to be made, to ensure timeliness of information. Delta CRLs will be issued more frequently to provide interim updates between publications of the CRL. If there are circumstances under which the USPS Subordinate CA will post early updates, these will be spelled out in the CPS. The USPS Subordinate CA will also ensure that its CRL issuance is synchronized with any directory synchronization to ensure the accessibility of the most recent CRL to relying parties. The USPS Subordinate CA will ensure that superseded CRLs are removed from the directory system upon posting of the latest CRL. 4.4.11 CRL Checking Requirements A relying party will check the status of all certificates in the certificate validation chain against the current CRLs and ARLs prior to their use. A relying party will also verify the authenticity and integrity of CRLs and ARLs. If it is temporarily infeasible to obtain revocation information, then the relying party will either reject use of the certificate or make an informed decision to accept the risk, responsibility, and consequences for using a certificate whose authenticity cannot be guaranteed to the standards of this CP. 4.4.12 Online Revocation/Status Checking Availability The USPS PKI does not currently support online revocation/status checking. 4.4.13 Online Revocation Checking Requirements No stipulation. 4.4.14 Other Forms of Revocation Advertisements Available No stipulation. 4.4.15 Checking Requirements for Other Forms of Revocation Advertisements No stipulation. 4.4.16 Special Requirements Related to Key Compromise For information on CA key compromise, please refer to section 4-8.3 of this CP. United States Postal Service [page 33] USPS PKI CP October 2007 4.5 Security Audit Procedures The USPS CAs will record in audit log files all events relating to the security of the CAs. Where possible, the security audit logs will be automatically collected. Where this is not possible, a logbook, paper form, or other physical mechanism will be used. All security audit logs, both electronic and non-electronic, will be retained and made available during compliance audits. The security audit logs for each auditable event defined below will be retained in accordance with section Automated audit logs include system event logs and the certificate database. Manual logs include facility access control logs, the CA Logbook, RA Logbooks, and the Audit Log Summary. 4.5.1 Types of Events Recorded All security auditing capabilities of the CA operating system and applications required by this CP will be enabled. As a result, most of the events identified in the table below will be automatically recorded. At a minimum, each audit record will include the following (recorded either automatically or manually for each auditable event): * The type of event. * The date and time the event occurred. * A success or failure indicator when executing the CA’s signing process. * A success or failure indicator when performing certificate revocation. * The identity of the entity and/or operator(s) that caused the event. * The identity of the entity and/or operator(s) that witnessed the event. * A message from any source requesting an action by the CA is an auditable event. The message will include message date and time, source, destination, and contents. Auditable events by audit category include: SECURITY AUDIT 1. Any changes to the audit parameters, e.g., audit frequency,type of event audited. 2. Any attempt to delete or modify the audit logs. IDENTIFICATION AND AUTHENTICATION 3. Successful and unsuccessful attempts to assume a role, i.e., login and authenticate as a CA trusted role. maximum authentication attempts. United States Postal Service [page 34] USPS PKI CP October 2007 5. Maximum number of unsuccessful authentication attempts during user login. 6. An Administrator unlocks an account that has been locked as a result of unsuccessful authentication attempts. 7. An Administrator changes the type of authenticator, e.g., from password to biometrics. KEY GENERATION 8. Whenever the CA generates a key. (Not mandatory for single session or one-time use of symmetric keys.) PRIVATE KEY LOAD AND STORAGE 9. The loading of component private keys. 10. All access to certificate subject private keys retained within the CA for key recovery purposes. TRUSTED PUBLIC KEY ENTRY, DELETION, AND STORAGE 11. All changes to the trusted public keys, including additions and deletions. PRIVATE KEY EXPORT 12. The export of private keys (keys used for a single session or message are excluded). CERTIFICATE REGISTRATION 13. All certificate requests. CERTIFICATE REVOCATION 14. All certificate revocation requests. CERTIFICATE CHANGE 15. The approval or rejection of a certificate status change request. 16. Certificate renewal. 17. Certificate rekey. 18. Certificate update. CA CONFIGURATION 19. Any security-relevant changes to the configuration of the CA. ACCOUNT ADMINISTRATION 20. Roles and users are added or deleted. 21. The access control privileges of a user account or a role are modified. CERTIFICATE PROFILE MANAGEMENT 22. All changes to the certificate profile. REVOCATION PROFILE MANAGEMENT 23. All changes to the revocation profile. CERTIFICATE REVOCATION LIST PROFILE MANAGEMENT 24. All changes to the certificate revocation list profile. MISCELLANEOUS 25. Installation of the operating system. 26. Installation of the CA. 27. Installing hardware cryptographic modules. 28. Removing hardware cryptographic modules. 29. Destruction of cryptographic modules. 30. System startup and shutdown. 31. Logon attempts to CA apps. United States Postal Service [page 35] USPS PKI CP October 2007 32. Receipt of hardware/software. 33. Attempts to set passwords. 34. Attempts to modify passwords. 35. Backing up CA internal database. 36. Restoring CA internal database. 37. File manipulation (e.g., creation, renaming, moving). 38. Posting of any material to a repository. 39. Access to CA internal database. 40. All certificate compromise notification requests. 41. Loading tokens with certificates. 42. Shipment of tokens. 43. Zeroizing tokens. 44. Rekey of the CA. 45. All events requiring two-person control. CONFIGURATION CHANGES TO THE CA SERVER 46. Hardware. 47. Software. 48. Operating system. 49. Patches. 50. Security profiles. PHYSICAL ACCESS/SITE SECURITY 51. Personnel access to room housing CA. 52. Access to the CA server. 53. Known or suspected violations of physical security. ANOMALIES 54. Software error conditions. 55. Software check integrity failures. 56. Receipt of improper messages. 57. Misrouted messages. 58. Network attacks (suspected or confirmed). 59. Equipment failure. 60. Electrical power outages. 61. Uninterruptible power supply (UPS) failure. 62. Obvious and significant network service or access failures. 63. Violations of certificate policy. 64. Violations of certification practice statement. 65. Resetting operating system clock. The actual information to be logged will be identified in the CPS. 4.5.2 Frequency of Audit Log Processing The USPS PKI Manager will ensure that the audit logs are reviewed periodically. Such reviews involve verifying that the log has not been tampered with and then briefly inspecting all log entries, with a more thorough investigation of any alerts or irregularities in the logs. Supporting logs from the USPS CAs and RAs will be compared when any action is deemed suspicious. Actions taken as a result of these reviews will be documented. The frequency of audit log processing will be at least every two months. Statistically significant set of security audit data United States Postal Service [page 36] USPS PKI CP October 2007 generated by the CA since the last review will be examined (where the confidence intervals for each category of security audit data are determined by the security ramifications of the category and the availability of tools to perform such a review), as well as a reasonable search for any evidence of malicious activity. 4.5.3 Retention Period for Audit Log USPS CA audit logs will be kept onsite for at least one year and subsequently retained in the manner described in section 4-6.2 of this CP. The audit individual who removes audit logs from the CA systems will be a trusted official different from the individuals who operate the CAs. 4.5.4 Protection of Audit Log CA system configuration and procedures will be implemented together to ensure that: * Only authorized people have read access to the logs. * Only authorized people may archive audit logs. * Audit logs are not modified. * Audit logs are not deleted prior to the end of the retention period. The procedures for the protection of audit log(s) will be identified in the CPS. The USPS PKI PA will identify a trusted responsible party to perform audit log reviews. This responsible party will not be allowed to modify an audit log or delete archived audit log data prior to the end of the audit log retention period. Audit logs will be moved to a safe, secure storage location separate from the CA equipment. Note: If a system over-writes audit logs after a given time, the audit log is not considered deleted or destroyed if the audit log has been backed up and archived. 4.5.5 Audit Log Backup Procedures Audit logs and audit summaries will be backed up. The CPS will specify procedures for the backup of audit log(s) and procedures for periodic off-site storage of audit logs. 4.5.6 Audit Collection System Audit processes will be invoked at system startup and cease only at system shutdown. Should it become apparent that the automated audit system has failed, and the integrity of the system or confidentiality of the information protected by the system is at risk, then the USPS PKI CA Administrator will suspend CA operation until the problem is remedied. The CPS will identify and specify the operation of the audit collection system. United States Postal Service [page 37] USPS PKI CP October 2007 4.5.7 Notification to Event-Causing Subject Where an event is logged by the audit collection system, notification to the individual, organization, device, or application that caused the event is neither required nor prohibited by this CP. The CPS will identify its approach to notification to event-causing subject(s). 4.5.8 Vulnerability Assessments The USPS PKI CA Administrator and other operating personnel will be watchful for attempts to violate the integrity of the certificate management system. The USPS CAs will use the processes identified in section 4-5 of the applicable CPS to monitor, assess, and address system vulnerabilities as required. 4.5.9 RA and CA Administrator Logbooks The RA and the USPS PKI CA Administrator will maintain logbooks to log events for recovering the CA database if needed. The RA Logbooks and the USPS PKI CA Administrator Logbook can be used to reconstruct events not captured on the last CA database backup. 4.6 Records Archival 4.6.1 Types of Data Archived PKI archive records will be sufficiently detailed to establish the proper operation of the CA, or the validity of any certificate (including those certificates that have been revoked or expired) issued by the CA. At a minimum the following data will be archived, if applicable: * CA accreditation. * CP and CPS. * Contractual agreements and obligations. * CA system and equipment configuration. * Modifications and updates to CA system and configuration. * Certificate requests and approvals. * Token requests and approvals. * Revocation and suspension requests and approvals. * Identification and authentication information submitted by subscribers. * Documentation of receipt and acceptance of certificates. * Documentation of receipt of tokens. United States Postal Service [page 38] USPS PKI CP October 2007 * All certificates issued or published (private signing keys are not backed up). * Record of CA certificate renewal, update, and rekey. * All CRLs and ARLs issued and/or published. * Key recovery requests and approvals. * All audit logs containing auditable events identified in section * Security audit data in accordance with section 4-5. * Other data or applications to verify archive contents. * Documentation required for compliance audits. 4.6.2 Retention Period for Archive Archive records are retained at least until the Certificate expires or is revoked. In general, archive data are preserved, maintained, and disposed of in accordance with the USPS System of Records 910.000, Identity and Document Verification Services, as defined in Handbook AS-353, Guide to Privacy and the Freedom of Information Act. The minimum retention period for the USPS PKI is 10 years and 6 months without any loss of data. 4.6.3 Protection of Archive No unauthorized user will be permitted to write to, modify, or delete the archive. Archive media will be stored in a safe, secure storage facility separate from the CA itself. The archive media will be protected by a combination of physical and cryptographic protection. The archive site will provide adequate protection from physical threats and environmental threats such as temperature, humidity, water, and magnetism. The archive protection will be identified in the CPS. 4.6.4 Archive Backup Procedures Data associated with the USPS Root CA and USPS Intermediate CA will be backed up as required. The data associated with the USPS Subordinate CA (as noted above in section 4-6.1) will be incrementally backed up daily. A complete backup will be taken weekly along with all essential components of the USPS CA required for continued operations. The weekly backup will be sent offsite to the archive storage facility. United States Postal Service [page 39] USPS PKI CP October 2007 4.6.5 Time-Stamping of Records All electronic records and media will be automatically time stamped as they are created. The CPS will describe how system clocks used for time-stamping are maintained in synchrony with an authoritative time standard. Manual records and logs will also be time stamped as they are created. 4.6.6 Archive Collection System The archive collection system will be identified in the CPS, to include the packaging and transmittal of retained data. 4.6.7 Procedures to Obtain and Verify Archive Information Only authorized personnel should be allowed access to archive information. The contents of the archive will not be released except as determined by the USPS PKI PA or as required by law and in accordance with the USPS Records Retention and Schedules. The CPS will identify the procedures to obtain and verify archive information. 4.7 Key Changeover USPS employees will receive automatic key update. As such, both the encryption and digital signature key pairs are automatically updated prior to expiration. All other subscribers will apply to renew his or her key pair. The CA signing key may be changed. Once the signing key is changed the new key will be used for signing and the old key can be used to verify the old signature until the lifetime of the old signing key expires. The details of the key changeover process will be identified in the CPS. 4.8 Compromise and Disaster Recovery 4.8.1 Computing Resources, Software, and/or Data are Corrupted The USPS PKI Operations will establish business continuity procedures that outline the steps to be taken in the event of the corruption or loss of computing resources, software, and/or data. In the case of loss or damage to the USPS CAs, USPS CA operations will be re-established as quickly as possible with priority given to the ability to generate certificate status information. When a repository is not under the control of the USPS PKI, the USPS PKI PA will ensure that all agreements with the repository provide that business continuity procedures be established and documented by the repository. Business continuity procedures will be identified in the CPS. United States Postal Service [page 40] USPS PKI CP October 2007 4.8.2 Key Revocation and Recovery 4.8.2.1 CA Key Revocation and Recovery If the CA cannot issue a CRL prior to the time specified in the next update field of its currently valid CRL, then the Federal Bridge CA PA and all of its members will be securely notified at the earliest feasible time in a fashion set forth in the MOA. This will allow member entities to protect their interests as relying parties. The Federal Bridge CA PA will determine whether to revoke the FBCA certificate issued to the USPS Subordinate CA. In the event of a disaster where the CA installation is physically damaged and all copies of the CA signature keys are destroyed, the USPS PKI PA will securely advise the Federal Bridge CA PA and all of its member entities at the earliest feasible time. The USPS CA will reestablish operational capabilities as quickly as possible in accordance with procedures set forth in the CPS. 4.8.2.2 Subscriber Key Revocation and Recovery Examples of reasons for subscriber requested key recovery include: * A subscriber forgets a password. * A subscriber loses or damages a PKI profile file. * A subscriber loses or damages a security token (e.g., PCMCIA card). * A subscriber suspects his/her keys have been compromised. If the reasons for recovery do not include a lost or damaged security token or key compromise, the subscriber has two possible methods for recovery. The subscriber can present himself or herself to the RA for recovery or if the subscriber provided shared secrets he or she can recover his or her profile without RA intervention. Examples of reasons for key recovery without subscriber consent include: * A subscriber has left the organization and the subscriber’s supervisor or department management needs to decrypt files for business continuity. * A subscriber’s actions are in question by the organization’s management and the subscriber’s files need to be reviewed. United States Postal Service [page 41] USPS PKI CP October 2007 * A subscriber’s actions are in question by a law enforcement agency and the subscriber’s files need to be reviewed. Key recovery without subscriber consent is always performed with RA intervention. 4-8.2.3 RA Key Revocation and Recovery The USPS Subordinate CA will maintain, "shared secrets" for each RA. These secrets will not be sensitive in nature (such as driver's license, social security number, etc.) but will be something known only to the individual. This database will be maintained in a secure manner. This database will be used to verify the identity of the RA prior to recovery. 4.8.2.4 Key Recovery Requested by External Entity Requests by an external entity will be processed through the USPS CISO. External entities include any law enforcement agency (FBI, DEA, State Police, etc). 4.8.3 CA Key Compromise 4.8.3.1 CA Key Compromise If the CA signature keys are compromised or lost (such that compromise is possible even though not certain): * The USPS PKI Manager will immediately notify the USPS PKI PA, all CAs to whom it has issued cross-certificates, and all RAs. * A new CA key pair will be generated by the applicable CA(s) in accordance with procedures set forth in the CPS. * New CA certificates will be issued to Entities also in accordance with the USPS Subordinate CA CPS. The USPS Subordinate CA CPS and appropriate supporting agreements will contain provisions outlining the means used to provide notice of compromise or suspected compromise. 4.8.3.2 Entity Key Compromise In any key compromise situation involving an end entity's keys, a report will be filed with the RA indicating the circumstances under which the compromise occurred. If accidental on the part of the requester no further action will be required. Otherwise, the RA will report the compromise to the USPS CISO for a possible follow-up investigation and potential action in accordance with USPS information security policies. United States Postal Service [page 42] USPS PKI CP October 2007 4.8.4 Disaster Recovery The USPS PKI Operations will establish a disaster recovery plan, which outlines the steps to be taken to re-establish a secure facility in the event of a natural or other type of disaster. When a repository is not under the control of the USPS PKI, the USPS PKI PA will ensure that any agreement with the repository provides that a disaster recovery plan be established and documented by the repository. The disaster recovery process will be identified in the CPS. 4.9 CA Termination All issues relating to the USPS CA termination will be presented to the USPS PKI PA for oversight of the termination process. In the event of termination, the USPS Subordinate CA in cooperation with the USPS PKI PA will notify its subscribers, notify all CA’s with whom it is cross-certified, revoke all certificates it issued, and arrange for the continued retention of the USPS CA’s keys and information. The USPS CA archive records will be retained in the manner and for the time period indicated in section 4-6.2 of this CP. 5 Physical, PRocedural, and Personnel Security 5.1 Physical Controls 5.1.1 Site Location and Construction The USPS CA site will satisfy at least the requirements for a High-Security Zone (refer to Appendix B for the definition of a High-Security Zone). 5.1.2 Physical Access 5.1.2.1 CA Facility The USPS CA equipment will always be protected from unauthorized access and tampering, especially while the cryptographic module is installed and activated. Access to the cryptographic module and computer system is a sensitive operation requiring restricted physical access and implementation of the two-person rule. The following physical access requirements apply to the primary and backup CA facility: * Ensure no unauthorized access to the hardware is permitted. * Ensure all removable media and paper containing sensitive plain-text information is stored in secure containers. * Be manually or electronically monitored for unauthorized intrusion at all times. United States Postal Service [page 43] USPS PKI CP October 2007 * Ensure a site access log is maintained and audited periodically. * Require two-person physical access control to the cryptographic module, computer system, and digital signature and encryption keys. * Be a locked facility to which only authorized personnel have access. * Ensure access to the CA server is limited to those personnel identified on an access list. * Ensure personnel not on the access list are properly escorted and supervised. A security check of the facility housing the CA equipment will occur if the facility is to be left unattended. At a minimum, the check will verify the following: * The equipment is in a state appropriate to the current mode of operation (e.g., cryptographic modules are in place when "open" and secured when "closed" and all equipment other than the repository is shut down when not processing). * Any security containers are properly secured. * Physical security systems (e.g., door locks, vent covers) are functioning properly. * The area is secured against unauthorized access. The CPS will define the person or group of persons responsible for making these checks. A log identifying the person making the checks and the time the check was completed will be maintained. If the facility is not continuously attended, the last person to depart will initial a sign-out sheet that indicates the date and time, and asserts that all necessary physical protection mechanisms are in place and activated. United States Postal Service [page 44] USPS PKI CP October 2007 5.1.2.2 RA Site If a RA is permitted to submit online requests to the USPS Subordinate CA, the RA site will provide appropriate security protection of the cryptographic module and the RA’s private key. The RA enrollment workstation will be protected from unauthorized access while the cryptographic module is installed and activated. The RA will implement physical access controls to reduce the risk of equipment tampering even when the cryptographic module is not installed and activated; e.g., removable cryptographic modules will be inactivated prior to storage in secure containers. Activation data will be memorized or if recorded stored in a manner commensurate with the security afforded the cryptographic module and will not be stored with the cryptographic module. The stock of blank Personal Identify Verification (PIV) cards and PIV cards created but not distributed to the recipient will be secured through physical controls (e.g., locked file cabinets). 5.1.2.3 Subscriber Site Private keys stored on a subscriber's hard drive will be secured through cryptographic mechanisms. Subscribers will not leave their workstations unattended when the cryptographic mechanism is in an unlocked state (i.e., when the PIN or password has been entered). For added security the subscriber may physically secure the hard drive using access control software/hardware, or the subscriber may store private keys on a removable diskette and store media in a locked drawer when the media is not being used. 5.1.3 Power and Air Conditioning The facility that houses the USPS CA’s equipment will be supplied with power and air conditioning sufficient to create a reliable operating environment. The USPS CA’s equipment will have backup capability sufficient to automatically lockout input, finish any pending actions, and record the state of the equipment before lack of power or air conditioning causes a shutdown. 5.1.4 Water Exposures USPS CA’s equipment will be protected from environmental and accidental water damage. 5.1.5 Fire Prevention and Protection An automatic fire extinguishing system will be installed in accordance with local policy and code. United States Postal Service [page 45] USPS PKI CP October 2007 5.1.6 Media Storage Storage media used by the CA system will be protected from accidental damage (e.g., water, fire, and magnetism) and environmental threats (e.g., temperature, humidity, and dust). Media that contains audit, archive, or backup information will be duplicated and the duplicate copy stored in a location separate from the CA. 5.1.7 Waste Disposal Media used for the storage of information such as keys, activation data, or CA files will be sanitized or destroyed before released for disposal. Normal office waste will be removed or destroyed in accordance with local policy. 5.1.8 Off-Site Backup The USPS primary CA site will have an off-site backup facility. The off-site backup CA site will have the same level of security and controls as the primary CA site and as stipulated in this CP. The USPS Subordinate CA will perform a full system backup sufficient to recover from system failure for off-site storage on at least a weekly basis. 5.2 Procedural Controls 5.2.1 Trusted Roles A trusted role is one whose incumbent performs functions that can introduce security problems if not carried out properly, whether accidentally or maliciously. The functions performed in these roles form the basis of trust for a PKI. Two approaches are taken to increase the likelihood that these roles can be successfully carried out. The first approach is to ensure that the person filling the role is diligent, trustworthy, and properly trained. The second is to distribute the critical functions of the role among several people, so that any malicious activity requires collusion. 5.2.1.1 CA Trusted Roles The trusted roles for the USPS PKI CA are: * PKI Manager. * PKI Certificate Manager. * PKI CA Administrator. * PKI Operator. * PKI Backup Operator. United States Postal Service [page 46] USPS PKI CP October 2007 * PKI Recovery Key Agent. * PKI Auditor. * PKI Engineer. The PKI Manager is responsible for the following: * Managing the CAs. * Authorizing the commencement and cessation of CA services. * Setting the number of required authorizations for sensitive operations. * Changing CA officers and RA password rules. * Verifying that audit logs are being prepared. * Ensuring audit logs are being retained. The PKI Certificate Manager is responsible for the following: * Configuring certificate profiles or templates. * Creating certificates. * Issuing certificates. * Renewing, rekeying, and updating certificates. * Revoking certificates. * Suspending certificates. * Issuing, updating, and revoking cross-certification agreements at the direction of the USPS PKI PA. * Setting default certificate lifetimes. The PKI CA Administrator is responsible for the following: * Establishing and maintaining user accounts. * Adding and deleting other CA officers and RAs. * Configuring certificate profiles or templates and audit parameters. * Generating and backing up CA keys. United States Postal Service [page 47] USPS PKI CP October 2007 * Maintaining the correct operation and configuration of the underlying hardware and software for the USPS CAs. The PKI Operator is responsible for: * Routine operation of the CA equipment and operations. * Changing recording media. * System backups. The PKI Backup Operator is responsible for: * Backup operation of the CA equipment and operations. * System recovery. The PKI Recovery Key Agent is responsible for * Retrieving the private keys stored by the USPS Subordinate CA. The PKI Auditor is responsible for: * Reviewing and archiving audit logs. * Performing or overseeing internal audits to ensure that the CAs are perating in accordance with the CPS. The PKI Engineer is responsible for: * Setting and modifying the security policy for the USPS CAs, in accordance with this CP and the applicable CPS. * Installing, configuring, and maintaining CA system hardware and software. 5.2.1.2 RA Trusted Roles The trusted RA role is responsible for: * Accepting of subscription, certificate change, certificate revocation/suspension, and key recovery requests. * Verifying an applicant’s identity. * Transmitting applicant information to the CA. * Receiving and distributing authorization codes. * Managing the subscriber initialization process. United States Postal Service [page 48] USPS PKI CP October 2007 * Requesting the creation, renewal, or revocation certificates. * Requesting and distributing tokens (where applicable). 5.2.2 Separation of Roles The separation of roles prevents one person from maliciously using the CA system without detection because each person’s system access is limited to those actions they are required to perform in fulfilling their responsibilities. Individuals may assume more than one role; however, individuals who assume the PKI Manager, CA Administrator, Operator, and Backup Operator roles may not assume the PKI Auditor role. The CA system will identify and authenticate its users and will ensure that no user identity can assume more than one identity. No individual will be assigned more than one identity. 5.2.3 Number of Persons Required per Task The USPS CA will identify in the CPS those operations that are sensitive and require multiple authorizations. To perform sensitive operations a minimum of two individuals will be required. These individuals should use a split knowledge technique such as separate smart cards and PINs to perform any sensitive operation. An example of a sensitive operation is one that involves access to a subscriber's private keys stored by the USPS CA, such as key recovery. 5.2.4 Identification and Authentication for Each Role An individual will identify and authenticate him/herself before being permitted to perform any actions set forth above for that role or identity. Identification and authentication for USPS CA personnel will follow the requirements identified in sections 5.3, 5.3.1, and 5.3.2. The items in these sections will be performed before USPS CA personnel are: * Included in the access list for physical access to the CA systems. * Given a certificate and account on the CA systems for the performance of their role. Each of these certificates and accounts (with the exception of CA signing certificates) will: * Be directly attributable to an individual. * Not be shared. * Be restricted to actions authorized for that role through the use of CA software, operating system, and procedural controls. United States Postal Service [page 49] USPS PKI CP October 2007 5.3 Personnel Security Controls Personnel performing duties with respect to the operation of the USPS CAs or a RA will: * Be appointed by an approving authority. * Have received comprehensive training with respect to the duties they are to perform. * Not be assigned duties that may cause a conflict of interest with their USPS CA or RA duties. The applicable CPS will identify the individual or group responsible for the operation of that CA. 5.3.1 Background, QualificationS, Experience, and Clearance Requirements USPS CA and RA roles are deemed to be positions of "public trust" per the Office of Personnel Management (OPM) 5 CFR Parts 731, 732, and 736. All personnel filling trusted roles will be selected on the basis of loyalty, trustworthiness, and integrity, and must be U. S. citizens. Personnel filling these roles will successfully complete investigations for public trust positions. The requirements governing the qualifications, selection, and oversight of individuals who operate, manage, oversee, and audit the CAs will be set forth in the applicable CPS. 5.3.2 Background Check Procedures All background checks will be performed in accordance with Federal Information Processing Standards (FIPS) Publication 201, Personal Identity Verification for Federal Employees and Contractors. 5.3.3 Training Requirements Personnel performing duties with respect to the operation of the USPS CAs or a RA will receive training in: * CA/RA security principles, mechanisms, and the stipulations of this CP and the applicable CPS. * Operation of the software and/or hardware used in the CA systems. * All PKI duties they are expected to perform. * Disaster recovery and business continuity plans and procedures. Documentation will be maintained identifying all personnel who received training and the level of training completed. United States Postal Service [page 50] USPS PKI CP October 2007 5.3.4 Retraining Frequency and Requirements The requirements of section 5-3.3 will be kept current to accommodate changes in the CA systems. Refresher training will be conducted in accordance with these changes. 5.3.5 Job Rotation No stipulation. 5.3.6 Sanctions for Unauthorized Actions The USPS PKI PA will take appropriate administrative and disciplinary actions against personnel who have performed actions involving the CAs or their repository not authorized in this CP or the applicable CPS. Repeated or significant violations of this CP and the applicable CPS may result in revocation of their public key certificates. CA or RA personnel who operate in violation of the policies and procedures stated herein may have their access to the CA systems and their public key certificates revoked and may be subject to administrative discipline and possible criminal prosecution. 5.3.7 Contracting Personnel Contracting personnel employed to operate any part of the USPS CAs or perform as a RA will be subject to the same criteria as a USPS employee and will be cleared to the same level. 5.3.8 Documentation Supplied to Personnel The USPS PKI PA will make this CP and the Subordinate CPS available to CA and RA personnel. CA and RA personnel will document their positions in the USPS PKI Operations Manuals in sufficient detail to define their duties and procedures. Documentation supporting the training they received will also be provided to all personnel. 6 Technical Security Controls 6.1 Key Pair Generation and Installation 6.1.1 Key Pair Generation A digital signature key pair will be generated by the subscriber using a FIPS approved algorithm. A confidentiality (i.e. encryption) key pair will be generated by the USPS Subordinate CA using a FIPS approved algorithm. United States Postal Service [page 51] USPS PKI CP October 2007 Digital signature and encryption key pairs will be generated using FIPS Pub 140-2 level 2 validated cryptographic module(s). The methods of CA key pair generation will be stipulated in the USPS Subordinate CA CPS. Auditable evidence will be generated that indicates that the documented procedures were followed and the documentation of the procedure will be detailed enough to show that appropriate role separation was used. The process will be validated by an independent third party. 6.1.2 Private Key Delivery to Subscriber If the subscriber generates the key, then there is no need to deliver the private key. If the private key is not generated by the subscriber, then it will be delivered to the subscriber in a secure manner. The methods used for private key delivery will be stipulated in the USPS Subordinate CA CPS. 6.1.3 Public Key Delivery to Certificate Issuer The digital signature public key will be delivered to the USPS Subordinate CA either via an online transaction in accordance with the IETF RFC 2510, Internet X.509 Public Key Infrastructure Certificate Management Protocols, or via an equally secure manner. If the public encryption key is not generated by the USPS Subordinate CA, then it will be delivered to the USPS Subordinate CA in a secure manner. The methods used for public key delivery will be stipulated in the USPS Subordinate CA CPS. 6.1.4 Fbca and CA Certificate and Public Key Availability and Delivery The USPS Subordinate CA is required to issue a certificate to the FBCA and post it to the FBCA repository concurrent with the issuance of an FBCA certificate to the USPS Subordinate CA. A copy of the FBCA public key is then available to facilitate trust path validation. For the USPS Subordinate CA to issue cross- certificates to the FBCA, the FBCA shall transport its public key to the USPS Subordinate CA in a secure, out-of-band fashion to affect certificate issuance. 6.1.5 Key Sizes Key pairs for Entities will be a minimum of 1024 bit Rivest- Shimar-Adleman (RSA) Algorithm or Digital Signature Algorithm (DSA) with Secure Hash Algorithm version 1 (SHA-1) or better. The asymmetric key sizes used by the USPS Subordinate CA for Entity key pairs will be stipulated in the USPS Subordinate CA CPS. United States Postal Service [page 52] USPS PKI CP October 2007 Use by an Entity of SSL or another protocol providing similar security to accomplish any of the requirements of this CP will require at a minimum triple-DES or equivalent for the symmetric key, and at least 1024 bit RSA or equivalent for the asymmetric keys. 6.1.6 Public Key Parameters Generation If the USPS CAs utilizes the DSA, the CAs will generate parameters in accordance with FIPS Publication 186-2. 6.1.7 Parameter Quality Checking Parameter quality checking (including primarily testing for prime numbers) for DSA will be checked as specified in FIPS Publication 186-2. 6.1.8 Hardware/Software Key Generation USPS CA digital signature key pairs will be generated in a hardware cryptographic module. Key pairs for all other Entities may be generated in a software or hardware cryptographic module. Any pseudo-random numbers used for key generation will be generated by a FIPS approved method. Software key generation process will comply with FIPS Publication 140-2 level 1. Hardware used in key generation/storage will comply with FIPS Publication 140-2 level 2 and above. 6.1.9 Key Usage Purposes (As Per X.509V3 Key Usage Field) Dual-use key pairs will not be used. Subscribers will be issued two key pairs, one for data encryption and one for digital signature. Encryption key pairs may be used for session key establishment. Digital signature key pairs may be used for authentication, non-repudiation, and message integrity. The use of a specific key is determined by the key usage extension in the X.509 certificate. In particular, certificates to be used for digital signatures (including authentication) will set the digitalSignature and/or nonRepudiation bits. Certificates to be used for key or data encryption will set the Encipherment and/or dataEncipherment bits. Certificates to be used for key agreement will set the keyAgreement bit. The CA signing key pair are the only keys permitted to be used for signing certificates, CRLs, and ARLs. 6.2 Private Key Protection Subscribers will protect their private keys from disclosure. Subscribers will not leave their workstations unattended when the cryptography is in an unlocked state (i.e., when the PIN or password has been entered). Private keys stored on a hard drive will be secured through cryptographic mechanisms. For added security subscribers may physically secure the hard drive using access control software/hardware or store their private keys on a removable media and store the media in a locked drawer when the media is not being used. United States Postal Service [page 53] USPS PKI CP October 2007 The CA private keys will be protected by a combination of cryptographic software and hardware mechanisms. The level of protection will be adequate to deter a motivated attacker with substantial resources. 6.2.1 Standards for Cryptographic Module The following are the minimum requirements for cryptographic modules: * Latest version of FIPS Pub 140 series (currently FIPS Pub 140-2). * CA - Level 2 (Hardware). * Subscriber - Level 1 (Hardware or Software). * RA - Level 2 (Hardware). Higher cryptographic module standard levels may be used. The actual standards used by the USPS will be stipulated in the applicable CPS. 6.2.2 Private Key Multi-Person Control Multiple person control will be required for private key recovery. Two staff members performing duties associated with the roles of CA Administrator will participate or be present. The USPS Subordinate CA may allow subscribers to recover their own keys. In this case the two person participation will be replaced with a secure method that is consistent with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-63. The USPS Subordinate CA will stipulate the methods for subscriber self key recovery in the USPS Subordinate CA CPS. 6.2.3 Private Key Escrow Private signature keys will not be escrowed by a third party. 6.2.4 Private Key Backup The methods used for signature key backup will be stipulated in the applicable CPS. 6.2.4.1 Backup of CA Private Signature Key The USPS CAs will back up the CA private signature key to create a copy of the signature key that may be kept at the CA primary location for routine recovery; a second copy may be kept at the CA backup location for disaster recovery purposes. Backed-up private signature keys will be stored in encrypted form under the same multi-person access rules and storage controls as the original signature key. United States Postal Service [page 54] USPS PKI CP October 2007 6.2.4.2 Backup of Subscriber Private Signature Key A subscriber may optionally back up its own digital signature private key. If so, the keys will be copied and stored in encrypted form under the subscriber's control. 6.2.4.3 Backup of CA Private Confidentiality Keys The USPS CAs will back up the CA private confidentiality (i.e.encryption) keys under the same multi-person access rules and storage controls as the original signature key. 6.2.5 Private Key Archival Private signature keys will not be archived. 6-2.6 Private Key Entry into Cryptographic Module CA private keys will be generated by and remain in a cryptographic module. In the event that a private key is to be transported from one cryptographic module to another, the private key will be encrypted during transport; private keys will never exist in plaintext form outside the cryptographic module boundary. 6.2.7 Method of Activating Private Keys The Entity will be authenticated to the cryptographic module before the activation of the private key. This authentication may be in the form of a password, passphrases, or PINs. Entry of activation data will be protected from disclosure (e.g., the data should not be displayed while it is entered). The USPS CA signing key will be activated when the CA servers are brought up and the CA administrator logs into the hardware device. The login is in the form of a password that is protected from disclosure while it is being entered. 6.2.8 Method of Deactivating Private Keys Cryptographic modules that have been activated will not be left unattended or otherwise open to unauthorized access. After use, they will be deactivated, e.g. via a manual logout procedure, or by a passive timeout after a period of inactivity. Hardware cryptographic modules should be removed and stored in a secure container when not in use. When keys are deactivated they will be cleared from memory before the memory is de-allocated. Any disk space where keys were stored will be sanitized before the space is released to the operating system. When deactivated, private keys will be kept in encrypted form only. United States Postal Service [page 55] USPS PKI CP October 2007 The USPS CA signing key will be deactivated when the CA servers are brought down or shut down and the CA administrator logs out of the hardware device. The hardware cryptographic modules will be removed and stored in a secure container when not in use. The CA signing keys will remain securely stored within the hardware device when deactivated. 6.2.9 Method of Destroying Private Keys Subscriber private signature keys will be destroyed when they are no longer needed or when the certificates to which they correspond expire or are revoked. All copies of the subscriber private signature key in computer memory and in shared disk space will be securely destroyed. For software cryptographic modules, this may be accomplished by overwriting the data. For hardware tokens, this may be accomplished by executing a "sanitization" command. Physical destruction of hardware should not be required. The USPS PKI PA will approve the method of destruction. The USPS CA signing key is held in a hardware device. If required, the CA signing key is destroyed during sanitization as specified for FIPS Pub 140-2 Level 3 compliant devices. Sanitization is performed by executing a "zeroize" command. Physical destruction of the hardware device is not required. 6.3 Good Practices Regarding Key Pair Management Dual-use key pairs will not be used. One key pair will be used for digital/authentication and another separate key pair will be used for confidentiality. A subscriber’s key pair that is used for digital signatures will never be escrowed, archived, or backed up, because a subscriber can repudiate a transaction if there is a copy of his or her digital signature private key in existence. For information that is encrypted, the subscriber will use his or her private encryption (confidentiality) key to decrypt the information. If that private key is lost or destroyed, or if the subscriber departs the entity without relinquishing the private key, or acts maliciously, there is no way to decrypt the information. Thus, for business continuity reasons, an entity must be able to escrow, back- up, or archive private keys used for decrypting files and e-mails, while not escrowing, backing-up, or archiving key pairs used for authentication. 6.3.1 Public Key Archival The public key is archived as part of the certificate archival. United States Postal Service [page 56] USPS PKI CP October 2007 6.3.2 Usage Periods For the Public and Private Keys Suggested validity period for 2048-bit keys: * USPS Root CA public key and certificate — 20 years. * USPS Root CA signing key : 20 years. * End entity public key and certificate : two years. * End entity private key (i.e. signing key) : 70% of public key certificate. 6.4 Activation Data 6.4.1 Activation Data Generation and Installation Any activation data will be unique and unpredictable. The activation data, in conjunction with any other access control, will have an appropriate level of strength for the keys or data to be protected. Where a CA uses passwords as activation data for the CA signing key, the activation data will be changed upon CA rekey. Where subscriber passwords are used, a subscriber will have the capability to change his or her password at any time. Passwords will be generated in conformance with FIPS Pub 112. If data used for subscriber initialization will be transmitted, it will be via a channel of appropriate protection, and distinct in time and place from the associated cryptographic module. 6.4.2 Activation Data Protection Data used to unlock private keys will be protected from disclosure by a combination of cryptographic and physical access control mechanisms. Activation data should either be biometric in nature or memorized, not written down. If written down, it will be secured at the level of the data that the associated cryptographic module is used to protect, and will not be stored with the cryptographic module. The protection mechanism will include a control to temporarily lock the account, or terminate the application, after a predetermined number of failed login attempts. Activation data will never be shared. 6.4.3 Other Aspects of Activation Data If passwords as activation data are used, the usage periods will be in accordance with USPS Handbook AS-805, Information Security. The activation data used by the USPS Subordinate CA will be stipulated in the USPS Subordinate CA CPS. United States Postal Service [page 57] USPS PKI CP October 2007 6.5 Computer Security Controls 6-5.1 Specific Computer Security Technical Requirements The following computer security functions may be provided by the operating system, or through a combination of operating system, software, and administrative and physical safeguards. The CA and its ancillary parts will include the following functionality: -Require authenticated logins. -Provide discretionary access control. -Provide a security audit capability. -Restrict access control to CA services and PKI roles. -Enforce separation of duties for PKI roles. -Require identification and authentication of PKI roles and associated identities. -Prohibit object re-use or require separation for CA random access memory. -Require use of cryptography for session communication and database security. -Archive CA history and audit data. -Require self-test security related CA services. -Require a trusted path for identification of PKI roles and associated identities. -Require a recovery mechanism for keys and the CA system. -Enforce domain integrity boundaries for security critical processes. 6.5.2 Computer Security Rating The USPS CAs will operate on hardened platforms (hardware, software, and operating system) under configuration control. Where possible the operating configuration will be an evaluated configuration that is government approved (i.e., running the same version of the computer operating system as that which received the evaluation rating). 6.6 Life Cycle Technical Controls 6-6.1 System Development Controls The system development controls for CA and RA equipment and applications are as follows: United States Postal Service [page 58] USPS PKI CP October 2007 -Hardware and software will be obtained from approved Postal Service sources. * Hardware and software procured to operate the CAs will be purchased in a fashion to reduce the likelihood that any particular component was tampered with (e.g., by ensuring the equipment was randomly selected at time of purchase). * Hardware and software developed specifically for the CAs will be developed in a controlled environment, and the development will be under a formal, documented development methodology. * All hardware and software will be shipped or delivered via controlled methods that provide a continuous chain of accountability from the purchase location to the CA physical location. All hardware and software are shrink-wrapped by the seller, under positive surveillance controls by the shipper, and placed in the CA facility under two-person access control and camera surveillance 24/7. * The CA hardware and software will be dedicated to performing one task: the CA. There will be no other applications, hardware devices, network connections, or component software installed which are not part of the CA operation. * Only applications required to perform the operation of the CA will be loaded on the CA. * Proper care will be taken to prevent malicious software from being loaded onto CA and RA equipment. RA hardware and software will be scanned for malicious code on first use and periodically thereafter. * Hardware and software updates will be purchased or developed in the same manner as original equipment and will be installed by trusted and trained personnel in a defined manner. 6.6.2 Security Management Controls Security management controls for the USPS CAs will include: * The CAs will have a mechanism and/or procedures in place to document, control, and monitor the CA system configuration. * There will be a mechanism for detecting unauthorized modification to CA software or configuration. * A formal configuration management methodology will be used for installation and ongoing maintenance of the CA system. United States Postal Service [page 59] USPS PKI CP October 2007 * CA software, when first loaded, will be verified as being that supplied from the vendor, with no modifications, and the version intended for use. * CA equipment will be dedicated to administering a key management infrastructure. * CA equipment will not have installed applications or component software, which are not part of the CA configuration with the exception of security software such as virus protection. * CA equipment updates will be installed by trusted and trained personnel in a defined manner. 6.7 Network Security Controls Any network software present will be necessary to the functioning of the USPS Subordinate CA. The USPS Subordinate CA will employ appropriate security measures to ensure they are guarded against denial of service and intrusion attacks. Such measures include the use of guards, firewalls, and filtering routers. Remote access to the USPS Subordinate CA system is secured using a secure communications protocol. No other remote access is permitted and features including inbound FTP are disabled. All unused network ports and services will be blocked or turned off, except those required by CA enabled event auditing and the audit of all failed operations and low-frequency successes. 6.8 Cryptographic Module Engineering Controls All USPS CA Digital Signature key generation, USPS CA Digital Signature key storage, and certificate signing operations will be performed in a hardware cryptographic module validated at least to FIPS 140-2 Level 2 hardware. The RA Digital Signature key generation and signing operations will be performed by cryptographic modules validated at least to FIPS 140-2 Level 2 hardware. Subscriber will use cryptographic modules validated at least to FIPS Pub 140-2 Level 1 hardware or software. 7 Certificate and CRL Profiles 7.1 Certificate Profile 7.1.1 Version Number This CP supports X.509 Version 3 certificates. The USPS CAs will issue X.509 Version 3 certificates, in accordance with the X.509 standard and IETF RFC 2459, Internet United States Postal Service [page 60] USPS PKI CP October 2007 X.509 Public Key Infrastructure Certificate and CRL Profile, and Federal Public Key Infrastructure 509 Certificate and CRL Extensions Profile. The following base (non-extension) X.509 fields are supported: (A description of each field is included.) Version: Version of X.509 certificate, version 3 (2) SerialNumber: Unique serial number for certificate Signature: CA signature to authenticate certificate Issuer: Name of CA Validity: Activation and expiry date for certificate Subject: Subscriber’s distinguished name SubjectPublicKeyInformation: Algorithm ID, key 7.1.2 Certificate Extensions The USPS CAs will identify in their CPS the use of any private extensions supported by the USPS CAs, RAs, and end entities. 7.1.3 Algorithm Object Ids Certificates issued under this CP will use the following OIDs for signatures: id-dsa-with-sha1 {iso(1) member-body(2) us(840) x9-57(10040) x9cm(4)3} sha-1withRSAEncryption {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)5} Certificates under this CP will use the following OIDs for identifying the algorithm for which the subject key was generated: id-dsa {iso(1) member-body(2) us(840) x9-57(10040) x9cm(4)1} RSAEncryption {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)1} Dhpublicnumber {iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2)1} United States Postal Service [page 61] USPS PKI CP October 2007 idkeyExchangeAlgorithm {joint-iso-ccitt(2) country(16)us(840) organization(1) gov(101)dod(2) infosec(1) algorithms(1) 22} 7.1.4 Name Forms In general, the name form used will be the Distinguished Name. In a certificate, the issuer DN and subject DN fields contain the full X.500 Distinguished Name of the certificate issuer or certificate subject. See section 3-1.1. 7.1.5 Name Constraints No stipulation. 7.1.6 Certificate Policy Object Identifier Upon identification by the USPS PKI PA, certificates issued under this CP will assert the Policy OID appropriate to the level of assurance specified in the CP. 7.1.7 Usage of Policy Constraints Extension No stipulation. 7.1.8 Policy Qualifiers Syntax and SEmantics No stipulation. 7.1.9 Processing Semantics for the Critical Certificate Policy No stipulation. 7.2 CRL Profile 7.2.1 Version Number The USPS CAs will issue X.509 version 2 CRLs in accordance with the IETF RFC 2459, Internet X.509 Public Key Infrastructure Certificate and CRL Profile and Federal Public Key Infrastructure 509 Certificate and CRL Extensions Profile. 7.2.2 CRL Entry Extensions The USPS CAs will identify in their CPS the use of any extensions supported by the USPS CAs, RAs, and end entities. Detailed CRL profiles addressing the use of each extension will conform to the Federal Public Key Infrastructure 509 Certificate and CRL Extensions Profile. 8 Specification Administration 8.1 Specification Change Procedures This CP will be reviewed in its entirety every year by the USPS PKI Operations. Errors, updates, or suggested changes to this document will be communicated as they become known to the contact in section 1-4. United States Postal Service [page 62] USPS PKI CP October 2007 8.1.1 Items that can Change without Notification Changes to items within this CP which, in the judgment of the USPS PKI PA, will have no or minimal impact on the subscribers and cross-certified CA domains using certificates and CRLs issued under this CP, may be made with no change to the document version number and no notification. 8.1.2 Changes with Notification Changes to the certificate policies supported by this CP as well as changes to items within this CP which, in the judgment of the USPS PKI PA may have significant impact on subscribers and cross- certified CA domains using certificates and CRLs issued under this CP, may be made with proper notice and the version number of this document will be increased accordingly. 8.1.2.1 List of Items Any items in this CP may be subject to the notification requirements identified in sections 8-1.1 and 8-1.2. 8.1.2.2 Notification Mechanism Prior to major changes to this CP, notification of the upcoming changes will be posted on a USPS Web site and conveyed to cross-certified CA organizations via secure email. The notification will contain a statement of proposed changes, the final date for receipt of comments, and the proposed effective date of the change. The USPS PKI PA may request the USPS PKI Manager notify their subscribers of the proposed changes. 8.1.2.3 Comment Period The comment period will be 30 days unless otherwise specified in the notification. 8.1.2.4 Mechanism to Handle Comments Comments on proposed changes to this CP or any of the CPSs should be directed to the USPS PKI PA. Such communication should include a description of the change, a change justification, contact information for the person requesting the change, and signature of the person requesting the change. The USPS PKI PA will accept, accept with modifications, or reject the proposed change after completion of the comment period. Decisions with respect to the proposed changes are at the sole discretion of the USPS PKI PA. 8.1.2.5 Period for Final Change Notice The USPS PKI PA will determine the period for final change notice. United States Postal Service [page 63] USPS PKI CP October 2007 8.1.2.6 Items Whose Change Requires a New Policy If a policy change is determined by the USPS PKI PA to warrant the issuance of a new policy, the USPS PKI PA may assign a new OID for the modified policy. 8.2 Publication and Notification Procedures The USPS PKI PA will publish this CP and the CPSs on the Postal Service Intranet on the Information Technology Web site at http://cto.usps.gov; select Support (at the top of the Web page), from Corporate Information Security select Public Key Infrastructure. The CPSs are also published on the Internet at www.usps.com. The USPS PKI PA will also disseminate information via e-mail to any inquiries. 8.3 CPS Approval Procedures The USPS PKI PA will make the determination that the CPS complies with this CP. Each USPS CA will meet all requirements of the approved and applicable CPS prior to commencing operations. 9 Compliance Audit and Other Assessments An annual compliance audit is performed for operations supporting USPS CA services. In addition to the annual compliance audit, the USPS Inspector General is entitled to perform other reviews and investigations to ensure the trustworthiness of USPS CA services. 9.1 Frequency and Circumstances of Compliance Audits Compliance audits are conducted at least annually at the sole expense of the audited entity. 9.2 Identity/Qualifications of Assessor USPS CA services compliance audits are performed by a public accounting firm that: * Demonstrates proficiency in public key infrastructure technology, information security tools and techniques, security auditing, and the third-party attestation function, and * Is accredited by the American Institute of Certified Public Accountants (AICPA), which requires the possession of certain skill sets, quality assurance measures such as peer review, competency testing, standards with respect to proper assignment of staff to engagements, and requirements for continuing professional education. 9.3 Assessor's Relationship to Assessed Entity Compliance audits of USPS CA operations are performed by a public accounting firm that is independent of USPS. United States Postal Service [page 64] USPS PKI CP October 2007 9.4 Topics Covered by Assessment The scope of the annual audit includes CA environmental controls, key management operations and infrastructure/administrative CA controls, certificate life cycle management, and CA business practices disclosure. 9.5 Actions Taken as a Result of Deficiency With respect to compliance audits of USPS operations, significant exceptions or deficiencies identified during the compliance audit will result in a determination of actions to be taken. This determination is made by USPS management with input from the auditor. The USPS management is responsible for developing and implementing a corrective action plan. If USPS PKI PA determines that such exceptions or deficiencies pose an immediate threat to the security or integrity of the CA, a corrective action plan will be developed within 30 days and implemented within a commercially reasonable period of time. For less serious exceptions or deficiencies, USPS management will evaluate the significance of such issues and determine the appropriate course of action. 9.6 Communication of Results A copy of the audit report is available through the USPS PKI PA. Appendix A: Acronyms ACE Advanced Computing Environment ADAM Active Directory in Application Mode AIA Authority Information Access AO Area Office ARL Authority Revocation List BMC Bulk Mail Center CA Certification Authority CISO Corporate Information Security Office COTR Contracting Officer Technical Representative CP Certificate Policy CPO Chief Privacy Officer CPS Certification Practice Statement CRL Certificate Revocation List DES Data Encryption Standard DN Distinguished Name DO District Office DSA Digital Signature Algorithm EDI Electronic Data Interface FIPS Federal Information Processing Standard FTP File Transfer Protocol HRSSC Human Resources Shared Service Center IBSSC Integrated Business Systems Solution Centers United States Postal Service [page 65] USPS PKI CP October 2007 IETF Internet Engineering Task Force ITU International Telecommunications Union LDAP Lightweight Directory Access Protocol MAC Message Authentication Code MOA Memorandum of Agreement NIST National Institute of Standards and Technology OID Object Identifier OU Organizational Unit PA Policy Authority PIN Personal Identification Number PKCS Public Key Cryptography Standards PKI Public Key Infrastructure RA Registration Authority RFC Request for Comment RSA Rivest-Shimar-Adleman SHA-1 Secure Hash Algorithm-1 SP Special Publication SSL Secure Socket Layer TCP/IP Transmission Control Protocol/Internet Protocol USPS United States Postal Service Appendix B: Definitions Activation Data * Private data, other than keys, that are required to access cryptographic modules. Assurance * How well a relying party can be certain of or trust the certificate. The level of assurance associated with a public key certificate is an assertion by a CA of the degree of confidence that a relying party may reasonably place in the binding of a subscriber's public key to the identity and privileges asserted in the certificate. Level of assurance depends on multiple factors that include the proper registration of subscribers and the proper generation and management of the certificate and associated private keys in accordance with the stipulations of the CP. Personnel, physical, procedural, and technical security controls contribute to the assurance level of the certificates. Auditors * Personnel responsible for reviewing and archiving audit logs and performing or overseeing internal audits to ensure that the CA is operating in accordance with the CPS. Authority Revocation List (ARL) * A list of revoked CA certificates. An ARL is a CRL for CA cross-certificates. United States Postal Service [page 66] USPS PKI CP October 2007 Basic Level of Assurance * This level provides a basic level of assurance relevant to environments where there are risks and consequences of data compromise, but they are not considered to be of major significance. This may include access to private information where the likelihood of malicious access is not high. It is assumed at this security level that users are not likely to be malicious. CA Administrators * Personnel responsible for establishing and maintaining user accounts, configuring certificate profiles or templates and audit parameters, and maintaining the correct operation and configuration of the underlying hardware and software for the USPS CA. CA Signing Key * The private portion of the CA signing key pair which is used to digitally sign certificates, certificate revocation lists, and authority revocation lists. CA Signing Key Pair * The key pair used by the CA for digitally signing. It consists of the CA signing (private) key and the CA public (verification) key. CA Public Key * The public key portion of the CA signing key pair which is used to verify certificates, certificate revocation lists, and authority revocation lists signed by the CA signing key. Certificate * The public key of a user, together with some other information, rendered unforgeable by digitally signing it with the private key of the certification authority that issued it. The certificate format is in accordance with ITU-T Recommendation X.509. Certificate Managers * Personnel responsible for creating, issuing, and revoking certificates and issuing, updating, and revoking cross certification agreements. Certification Policy (CP) * A document that defines the policies of a CA. A CP addresses all aspects associated with generation, production, distribution, recovery, and administration of digital certificates. A CP also defines the policies for administration and operation of a CA. Certification Practice Statement (CPS) * A statement of practices that a CA employs to implement the specific policies defined in the CP. Certificate Repository * The public area in which user's public keys are stored. Certificate Revocation List (CRL) * A list of revoked certificates that is created and signed by the same CA that issued the certificates. A certificate is added to the list if it is revoked (e.g., because of suspected key compromise). Certification Authority (CA) * An authority trusted by one or more users to issue and manage X.509 public key certificates and CRLs. United States Postal Service [page 67] USPS PKI CP October 2007 Cross-Certification * The process of establishing a trust relationship between two ertification Authorities (CAs). A process by which two CAs securely exchange keying information so that each can certify the trustworthiness of the other’s keys. Once the CAs have cross-certified, users within the CA domains can validate each other’s certificates. Digital Signature * The result of a transformation of a message by means of a cryptographic system using keys such that a person who has the initial message can determine: (a) whether the transformation was created using the key that corresponds to the signer’s key; and (b) whether the message has been altered since the transformation was made. Directory * A directory system that conforms to the ITU-T X.500 series of Recommendations. Employee * Any person employed by USPS. End Entity * An entity that uses the keys and certificates created within the PKI for purposes other than the management of the aforementioned keys and certificates. An end entity may be a subscriber, a relying party, a device, or an application. Entity * Any autonomous element within the Public Key Infrastructure. This may be a CA, an RA, or an end entity. High Level of Assurance * This level is appropriate for use where the threats to data are high, or the consequences of the failure of security services are high. This may include very high value transactions or high levels of fraud risk. High-Security Zone * An area to which access is controlled through an entry point and limited to authorized, appropriately screened personnel and properly escorted visitors. High-Security Zones should be separated by a perimeter. High-Security Zones are monitored 24 hours a day and 7 days a week by security staff, other personnel, or electronic means. Issuing CA * In the context of a particular certificate, the issuing CA is the CA that signed and issued the certificate. Key * In cryptography, a secret value that is used in an encryption algorithm to encrypt and decrypt data. Key Pair * Two mathematically related keys having the following properties: (a) one key can be used to encrypt a message that can only be decrypted using the other key, and United States Postal Service [page 68] USPS PKI CP October 2007 (b) knowing one key, it is computationally infeasible to discover the other key. MD5 * One of the message digest algorithms developed by RSA Data Security Inc. Medium Level of Assurance * This level is relevant to environments where risks and consequences of data compromise are moderate. This may include transactions having substantial monetary value or risk of fraud, or involving access to private information where the likelihood of malicious access is substantial. Object Identifier (OID) * The unique alphanumeric/numeric identifier registered under the ISO registration standard to reference a specific object or object class. OIDs are used by Certification Authorities to provide information to interfacing applications on policies the CA supports. Operators * Personnel responsible for routine operation of the CA equipment and operations and system backups. Organization * A department, agency, corporation, partnership, trust, joint venture, or other association. PKI Manager * Individual responsible for the overall operation of a USPS CA. His or her responsibility covers areas such as staffing, finances, and dispute resolution. The PKI Manager role does not require an account on the CA. Policy Authority (PA) * Individual responsible for setting, implementing, and administering policy decisions for the USPS PKI. Private Key * The portion of the public key pair that is kept secret by the owner of the key pair. The USPS PKI uses a private key for encryption and a private signing key for digital signatures. Public Key * The portion of the public key pair that is available to everyone. The public key is stored in the directory. The USPS PKI uses a public key for encryption and a public (i.e. verification) key for verifying a digital signature. Public Key Cryptography * Public key cryptography is a cryptographic system that uses key pairs. One key of the pair is public and the other key is private and known only to the owner. The mathematical relationship between the keys is such that an action performed by one key (i.e. encryption) can be undone by the other key (i.e. decryption). In addition, the relationship between the keys is such that knowing the public key does not compromise the private key. The USPS PKI uses two key pairs, one pair for encryption and one pair for signing. United States Postal Service [page 69] USPS PKI CP October 2007 Public Key Cryptography Standards (PKCS) * The PKCS are specifications produced by RSA Laboratories in cooperation with secure systems developers worldwide for the purpose of accelerating the deployment of public key cryptography. PKCS documents have become widely referenced and implemented. Public Key Cryptography Standards #12 * This standard specifies a portable format for storing or transporting a user's private keys, certificates, miscellaneous secrets, etc. Public Key Infrastructure (PKI) * A structure of hardware, software, people, processes, and policies that uses Digital Signature technology to provide relying parties with a verifiable association between the public component of an asymmetric key pair and a specific subscriber. Reason Code * A code put in the certificate to indicate the reason why the certificate was revoked. Recovery Key Agents * Personnel responsible for retrieving the private keys stored by the CA. Registration Authority (RA) * Personnel responsible for the identification and authentication of certificate subscribers before certificate issuance, but who does not actually sign the certificates (i.e., an RA is delegated certain tasks on behalf of a CA). Relying Party * Individual who uses a certificate signed by a USPS CA to authenticate a digital signature or to encrypt communications to the certificate subject, and is a subscriber of a USPS CA or a PKI which is cross-certified with the USPS PKI. Rudimentary Level of Assurance * This level provides the lowest degree of assurance concerning identity of the individual. This level is relevant to environments in which the risk of malicious activity is considered to be low. It is not suitable for transactions requiring authentication, and is generally insufficient for transactions requiring confidentiality. Sensitive But Unclassified * Information, data, or systems that require protection due to the risk and magnitude of the harm or loss that could result from unauthorized disclosure, alteration, loss, or destruction but has not been designated as classified for national security purposes. Sponsor * A Sponsor is the USPS department or individual that nominated a specific individual or organization to be issued a certificate. (For an employee this may be the employee’s manager.) The Sponsor is responsible for informing the CA or RA if the relationship with the subscriber is terminated or has changed such that the certificate should be revoked or updated. United States Postal Service [page 70] USPS PKI CP October 2007 Subscriber * An individual or organization whose public key is certified in a public key certificate. A USPS employee or contractor. Subscribers may have one or more certificates from a specific CA associated with them; most will have at least two active certificates — one containing their Digital Signature key, the other containing their Confidentiality (i.e. encryption) key. Verification Public Key * The public key portion of a signing key pair used to verify data that has been signed by the corresponding signing private key. United States Postal Service [page 71] USPS PKI CP October 2007 Appendix C: REFERENCES The documents noted below were referenced in the CP. Handbook AS-353, Guide to Privacy and the Freedom of Information Act, dated September 2005, as amended. Available on the Postal Service Intranet at http://blue.usps.gov. Click on Manuals, then AS-353. Handbook AS-805, Information Security, dated March 2002, as amended. Available on the Postal Service at http://blue.usps.gov. Click on Manuals, the AS-805. Key Generation Ceremony Script, November 2005. FIPS Pub 112, Password Usage, May 1985. FIPS Pub 140-2, Security Requirements for Cryptographic Modules, May 2001. FIPS Pub 186-2, Digital Signature Standard (DSS), January 2000. NIST SP 800-73, Interfaces for Personal Identity Verification, March 2005. NIST SP 800-76, Biometric Data Specification for Personal Identity Verification, February 2006. NIST SP 800-78, Cryptographic Algorithms and Key Sizes for Personal Identity Verification, April 2005. NPG 2810.1, Security of Information Technology, August 1999. 5 U.S.C. § 552a, The Privacy Act of 1974. RFC 2459, X.509 Public Key Infrastructure Certificate and CRL Profile, Housley, Ford, Polk and Solo, January 1999. RFC 2510, X.509 Public Key Infrastructure Certificate Management Protocols, Adams and Farrell, March 1999. RFC 2527, X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework, Chokhani and Ford, March 1999. USPS Public Key Infrastructure X.509 Certificate Policy. Available on the Postal Service Intranet at: http://cto.usps.gov. Select Support (at the top of the Web page), under Corporate Information Security select Public Key Infrastructure, and then select USPS Public Key Infrastructure X.509 Certificate Policy ITU-T Recommendation X.521 Information Technology -- Open Systems Interconnection -- The Directory: Selected Object Classes, 1988.