Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword or section
Like this
1Activity

Table Of Contents

0 of .
Results for:
No results containing your search query
P. 1
dea010610-2

dea010610-2

Ratings: (0)|Views: 10 |Likes:
Published by RepentChristian

More info:

Published by: RepentChristian on Aug 21, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

08/21/2011

pdf

text

original

 
 
Controlled Substance Ordering System(CSOS)
Certification Practices Statement (CPS)
Prepared forDrug Enforcement AdministrationOffice of Diversion ControlTechnology Section (ODT)Arlington, VA 22202Version 4.0January 6, 2010
 
CSOS Certification Practices Statement Version 4.0
Table of Contents
Page
 ii
FOR OFFICIAL USE ONLY (FOUO)
 
SECTION 1
 – 
INTRODUCTION .............................................................................................................................. 1
 
1.1
 
O
VERVIEW
....................................................................................................................................................... 1
 
1.2
 
D
OCUMENT
N
AME AND
I
DENTIFICATION
......................................................................................................... 2
 
1.3
 
PKI
 
P
ARTICIPANTS
........................................................................................................................................... 2
 
1.3.1
 
Certification Authority Entities .............................................................................................................. 2
 
1.3.2
 
 Registration Authorities (RAs) ............................................................................................................... 6 
 
1.3.3
 
Subscribers (all who transmit electronic orders) ...................................................................................
 
1.3.4
 
 Relying Parties (all who accept electronic orders) ................................................................................ 8
 
1.3.5
 
Other Participants (CSOS Coordinator) ............................................................................................... 8
 
1.4
 
C
ERTIFICATE
U
SAGE
........................................................................................................................................ 9
 
1.4.1
 
 Appropriate Certificate Uses ................................................................................................................. 9
 
1.4.2
 
Prohibited Certificate Uses ................................................................................................................... 9
 
1.5
 
P
OLICY
A
DMINISTRATION
................................................................................................................................ 9
 
1.5.1
 
Organization Administering the Document ........................................................................................... 9
 
1.5.2
 
Contact Person ...................................................................................................................................... 9
 
1.5.3
 
Person Determining CPS Suitability for the Policy ............................................................................. 10
 
1.5.4
 
CPS Approval Procedures ................................................................................................................... 10
 
1.6
 
D
EFINITIONS AND
A
CRONYMS
........................................................................................................................... 11
 
SECTION 2
 – 
PUBLICATION AND REPOSITORY RESPONSIBILITIES ..................................................... 19
 
2.1
 
R
EPOSITORIES
................................................................................................................................................ 19
 
2.2
 
P
UBLICATION OF
C
ERTIFICATION
I
NFORMATION
............................................................................................ 19
 
2.3
 
T
IME OR
F
REQUENCY OF
P
UBLICATION
.......................................................................................................... 20
 
2.4
 
A
CCESS
C
ONTROLS ON
R
EPOSITORIES
........................................................................................................... 20
 
SECTION 3
 – 
IDENTIFICATION AND AUTHENTICATION ........................................................................... 22
 
3.1
 
N
AMING
......................................................................................................................................................... 22
 
3.1.1
 
Types of Names .................................................................................................................................... 22
 
3.1.2
 
 Need for Names to be Meaningful ....................................................................................................... 22
 
3.1.3
 
 Anonymity or Pseudonymity of Subscribers ......................................................................................... 22
 
3.1.4
 
 Rules for Interpreting Various Name Forms ....................................................................................... 22
 
3.1.5
 
Uniqueness of Names ........................................................................................................................... 22
 
3.1.6 
 
 Recognition, Authentication and Role of Trademarks ......................................................................... 23
 
3.2
 
I
NITIAL
I
DENTITY
V
ALIDATION
...................................................................................................................... 23
 
3.2.1
 
 Method to Prove Possession of Private Key ........................................................................................ 23
 
3.2.2
 
 Authentication of Organization Identity .............................................................................................. 23
 
3.2.3
 
 Authentication of Individual Identity ................................................................................................... 24
 
3.2.4
 
 Non-Verified Subscriber Information .................................................................................................. 29
 
3.2.5
 
Validation of Authority ........................................................................................................................ 29
 
3.2.6 
 
Criteria for Interoperation ................................................................................................................... 30
 
3.3
 
I
DENTIFICATION AND
A
UTHENTICATION FOR
R
E
-
KEY
R
EQUESTS
.................................................................. 30
 
3.3.1
 
 Identification and Authentication for Routine Re-Key ......................................................................... 30
 
3.3.2
 
 Identification and Authentication for Re-Key After Revocation .......................................................... 32
 
3.4
 
I
DENTIFICATION AND
A
UTHENTICATION FOR
R
EVOCATION
R
EQUEST
........................................................... 32
 
SECTION 4
 – 
CERTIFICATE LIFE-CYCLE OPERATIONAL REQUIREMENTS ....................................... 33
 
4.1
 
C
ERTIFICATE
A
PPLICATION
............................................................................................................................ 33
 
4.1.1
 
Who Can Submit a Certificate Application .......................................................................................... 33
 
4.1.2
 
 Enrollment Process and Responsibilities ............................................................................................. 33
 
4.2
 
C
ERTIFICATE
A
PPLICATION
P
ROCESSING
....................................................................................................... 37
 
 
CSOS Certification Practices Statement Version 4.0
Table of Contents
Page
 iii
FOR OFFICIAL USE ONLY (FOUO)
 
4.2.1
 
Performing Identification and Authentication Functions .................................................................... 37 
 
4.2.2
 
 Approval or Rejection of Certificate Applications ............................................................................... 37 
 
4.2.3
 
Time to Process Certificate Applications ............................................................................................. 37 
 
4.3
 
C
ERTIFICATE
I
SSUANCE
................................................................................................................................. 38
 
4.3.1
 
CA Actions During Certificate Issuance .............................................................................................. 38
 
4.3.2
 
 Notifications to Subscriber by the CA of Issuance of Certificate ......................................................... 38
 
4.4
 
C
ERTIFICATE
A
CCEPTANCE
............................................................................................................................ 39
 
4.4.1
 
Conduct Constituting Certificate Acceptance ...................................................................................... 39
 
4.4.2
 
Publication of the Certificate by the CA .............................................................................................. 39
 
4.4.3
 
 Notification of Certificate Issuance by the CA to Other Entities ......................................................... 40
 
4.5
 
K
EY
P
AIR AND
C
ERTIFICATE
U
SAGE
.............................................................................................................. 40
 
4.5.1
 
Subscriber Private Key and Certificate Usage .................................................................................... 40
 
4.5.2
 
 Relying Party Public Key and Certificate Usage ................................................................................. 40
 
4.6
 
C
ERTIFICATE
R
ENEWAL
................................................................................................................................. 40
 
4.6.1
 
Circumstances for Certificate Renewal ............................................................................................... 40
 
4.6.2
 
Who May Request Renewal .................................................................................................................. 40
 
4.6.3
 
Processing Certificate Renewal Requests ............................................................................................ 41
 
4.6.4
 
 Notification of New Certificate Issuance to Subscriber ....................................................................... 41
 
4.6.5
 
Conduct Constituting Acceptance of a Renewal Certificate ................................................................ 41
 
4.6.6 
 
Publication of the Renewal Certificate by the CA ............................................................................... 42
 
4.6.7 
 
 Notification of Certificate Issuance by the CA to Other Entities ......................................................... 42
 
4.7
 
C
ERTIFICATE
R
E
-K
EY
.................................................................................................................................... 43
 
4.7.1
 
Circumstances for Certificate Re-Key ................................................................................................. 43
 
4.7.2
 
Who May Request Certification of a New Public Key ......................................................................... 45
 
4.7.3
 
Processing Certificate Re-Keying Requests ......................................................................................... 45
 
4.7.4
 
 Notification of New Certificate Issuance to Subscriber ....................................................................... 49
 
4.7.5
 
Conduct Constituting Acceptance of a Re-Keyed Certificate .............................................................. 51
 
4.7.6 
 
Publication of the Re-Keyed Certificate by the Certification Authority .............................................. 51
 
4.7.7 
 
 Notification of Certificate Issuance by the CA to Other Entities ......................................................... 52
 
4.8
 
C
ERTIFICATE
M
ODIFICATION
......................................................................................................................... 52
 
4.8.1
 
Circumstances for Certificate Modification ........................................................................................ 52
 
4.8.2
 
Who May Request Certificate Modification ......................................................................................... 52
 
4.8.3
 
Processing Certificate Modification Requests ..................................................................................... 53
 
4.8.4
 
 Notification of New Certificate Issuance to Subscriber ....................................................................... 53
 
4.8.5
 
Conduct Constituting Acceptance of a Modified Certificate ............................................................... 54
 
4.8.6 
 
Publication of the Modified Certificate by the CA ............................................................................... 54
 
4.8.7 
 
 Notification of Certificate Issuance by the CA to Other Entities ......................................................... 55
 
4.9
 
C
ERTIFICATE
R
EVOCATION AND
S
USPENSION
................................................................................................ 56
 
4.9.1
 
Circumstances for Revocation ............................................................................................................. 56 
 
4.9.2
 
Who Can Request Revocation .............................................................................................................. 58
 
4.9.3
 
Procedure for Revocation Request ...................................................................................................... 58
 
4.9.4
 
 Revocation Request Grace Period ....................................................................................................... 61
 
4.9.5
 
Time Within Which CA Must Process the Revocation Request ............................................................ 61
 
4.9.6 
 
 Revocation Checking Requirements for Relying Parties ..................................................................... 61
 
4.9.7 
 
CRL Issuance Frequency ..................................................................................................................... 62
 
4.9.8
 
 Maximum Latency for CRLs ................................................................................................................ 62
 
4.9.9
 
On-line Revocation/Status Checking Availability ................................................................................ 63
 
4.9.10
 
On-line Revocation Checking Requirements ................................................................................... 63
 
4.9.11
 
Other Forms of Revocation Advertisements Available ................................................................... 63
 
4.9.12
 
Special Requirements Re/Key Compromise .................................................................................... 63
 
4.9.13
 
Circumstances for Suspension ........................................................................................................ 63
 

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->