Department of Labor: Aces Cps

© 2001 Digital Signature Trust Co. All rights reserved.
Certification Practices Statement
Digital Signature Trust Co.

For Access Certificates for Electronic Services (ACES)
Version 3.2
Copyright 2001 Digital Signature Trust Co. All rights reserved.
This document is subject to change without notice.

Table of Contents
1 INTRODUCTION .................................................................................................... 1
1.1 CPS OVERVIEW .....................................................................................................1
1.2 POLICY IDENTIFICATION .........................................................................................1
1.3 COMMUNITY AND APPLICABILITY ..........................................................................2
1.3.1 Approved Applications...................................................................................3
1.3.2 Prohibited Applications..................................................................................3
1.4 CONTACT DETAILS ................................................................................................3
2 GENERAL PROVISIONS ....................................................................................... 4
2.1 RIGHTS AND OBLIGATIONS .....................................................................................4
2.1.1 CA Rights and Obligations.............................................................................4
2.1.2 CA Right to Subcontract ................................................................................4
2.1.3 RA Obligations ...............................................................................................5
2.1.4 Subscriber Contractual Obligations...............................................................5
2.1.5 Applicant (Person Authorized to Receive Certificate for Qualified Relying
Party Application) .....................................................................................................29
AUTHORIZING OFFICIAL OF QUALIFIED RELYING PARTY.............................29
2.1.6 Relying Party Rights and Obligations ..........................................................31
2.1.6 Repository Obligations ....................................................................................31
2.2 LIABILITY.............................................................................................................31
2.2.1 CA Liability..................................................................................................32
2.2.2 RA Liability...................................................................................................32
2.2.3 Repository Liability ......................................................................................32
2.3 FINANCIAL RESPONSIBILITY .................................................................................32
2.4 INTERPRETATION AND ENFORCEMENT ..................................................................32
2.4.1 Governing Law ............................................................................................32
2.4.2 Severability, Survival, Merger, and Notice..................................................32
2.4.3 Dispute Resolution Procedures ....................................................................33
2.5 FEES .....................................................................................................................33
2.5.1 Certificate Issuance or Renewal Fees ..........................................................33
2.5.2 Certificate Access Fees ................................................................................33
2.5.3 Revocation or Status Information Access Fees............................................33
2.5.4 Fees for Other Services Such as Policy Information ...................................33
2.5.5 Refund Policy ...............................................................................................33
2.6 PUBLICATION AND REPOSITORY ...........................................................................34
2.6.1 Publication of CA Information ....................................................................34
2.6.2 Frequency of Publication.............................................................................34
2.6.3 Access Controls............................................................................................34
2.6.4 Repositories ..................................................................................................34
2.7 COMPLIANCE AUDIT ............................................................................................34
2.8 CONFIDENTIALITY AND PRIVACY..........................................................................35
ii
2.9 INTELLECTUAL PROPERTY RIGHTS ........................................................................36
3 IDENTIFICATION AND AUTHENTICATION.................................................. 37

3.1 INITIAL REGISTRATION .........................................................................................37
3.1.1 Types of Names ............................................................................................37
3.1.2 Need for Names to be Meaningful ...............................................................37
3.1.3 Rules for Interpreting Various Name Forms................................................38
3.1.4 Uniqueness of Names...................................................................................38
3.1.5 Name Claim Dispute Resolution Procedure.................................................38
3.1.6 Recognition, Authentication, and Role of Trademarks................................38
3.1.7 Verification of Possession of Key Pair.........................................................38
3.1.8 Authentication of Organizational Identity ...................................................39
3.1.9 Authentication of Individual Identity...........................................................39
3.2 ROUTINE REKEY AND CERTIFICATE RENEWAL......................................................39
3.3 REKEY AFTER REVOCATION ..................................................................................39
3.4 REVOCATION REQUEST .........................................................................................39
4 OPERATIONAL REQUIREMENTS.................................................................... 40
4.1 CERTIFICATE APPLICATION ..................................................................................40
4.2 CERTIFICATE ISSUANCE........................................................................................42
4.3 CERTIFICATE ACCEPTANCE ..................................................................................42
4.4 CERTIFICATE SUSPENSION AND REVOCATION .......................................................43
4.4.1 Circumstances for Revocation .....................................................................43
4.4.2 Who Can Request Revocation ......................................................................44
4.4.3 Procedure for Revocation Request...............................................................45
4.4.4 Circumstances for Suspension .....................................................................45
4.4.5 Who Can Request Suspension ......................................................................45
4.4.6 Procedure for Suspension Request ...............................................................46
4.4.7 Limits on Suspension Period ........................................................................46
4.4.8 CRL Issuance Frequency (If Applicable)......................................................46
4.4.9 Online Revocation/Status Checking Availability .........................................46
4.4.10 Online Revocation Checking Requirements.................................................47
4.4.11 Other Forms of Revocation Advertisements Available................................47
4.4.12 Checking Requirements for Other Forms of Revocation Advertisements...47
4.4.13 Special Requirements Rekey Compromise ...................................................47
4.5 SECURITY AUDIT PROCEDURES .............................................................................47
4.6 RECORDS ARCHIVAL.............................................................................................48
4.6.1 Types of Events Recorded ............................................................................48
4.6.2 Retention Period for Archive .......................................................................51
4.6.3 Protection of Archive...................................................................................51
4.6.4 Archive Backup Procedures.........................................................................52
4.6.5 Archive Collection System (Internal or External)........................................52
iii
4.6.6 Procedures to Obtain and Verify Archive Information................................52

4.7 KEY CHANGEOVER ...............................................................................................52
4.8 COMPROMISE AND DISASTER RECOVERY..............................................................52
4.9 CA TERMINATION................................................................................................53
5 PHYSICAL, PROCEDURAL, AND PERSONNEL SECURITY CONTROLS . 53
5.1 PHYSICAL CONTROLS ...........................................................................................53
5.2 PROCEDURAL CONTROLS......................................................................................55
5.2.1 Operating System Administrators ................................................................55
5.2.2 CA Operators ...............................................................................................56
5.2.3 Directory/Repository Administrators ...........................................................56
5.2.4 Help Desk Infrastructure Personnel.............................................................57
5.2.5 Network Infrastructure Personnel ...............................................................57
5.2.6 Backup Operators ........................................................................................57
5.2.7 DST Management Group .............................................................................58
5.3 PERSONNEL CONTROLS.........................................................................................58
5.3.1 Background, Qualifications, Experience, and Clearance Requirements .....58
5.3.2 Background Check Procedures....................................................................59
5.3.3 Training Requirements.................................................................................59
5.3.4 Retraining Frequency and Requirements.....................................................60
5.3.5 Job Rotation Frequency and Sequence ........................................................60
5.3.6 Sanctions for Unauthorized Actions ............................................................60
5.3.7 Contracting Personnel Requirements ..........................................................60
5.3.8 Documentation Supplied to Personnel.........................................................60
6 TECHNICAL SECURITY CONTROLS ............................................................... 61
6.1 KEY PAIR GENERATION AND INSTALLATION ........................................................61
6.1.1 Key pair generation......................................................................................61
6.1.2 Private Key Delivery to Entity.....................................................................61
6.1.3 Public Key Delivery to Certificate Issuer.....................................................62
6.1.4 CA Public Key Delivery to Users.................................................................62
6.1.5 Key Sizes.......................................................................................................63
6.1.6 Public Key Parameters Generation .............................................................63
6.1.7 Parameter Quality Checking .......................................................................63
6.1.8 Hardware/Software Key Generation ...........................................................63
6.1.9 Key Usage Purposes (As Per X.509 v3 Key-Usage Field)...........................63
6.2 PRIVATE KEY PROTECTION ...................................................................................64
6.2.1 Standards for Cryptographic Module ..........................................................64
6.2.2 Private Key (n out of m) Multiperson Control.............................................64
6.2.3 Private Key Escrow .....................................................................................64
6.2.4 Private Key Backup .....................................................................................64
6.2.5 Private Key Archival....................................................................................64
6.2.6 Private Key Entry into Cryptographic Module............................................64
iv
6.2.7 Method of Activating Private Key ...............................................................64

6.2.8 Method of Deactivating Private Key ...........................................................65
6.2.9 Method of Destroying Private Key ..............................................................65
6.3 OTHER ASPECTS OF KEY PAIR MANAGEMENT ......................................................65
6.3.1 Public Key Archival .....................................................................................65
6.3.2 Usage Periods for the Public and Private Keys ..........................................65
6.4 ACTIVATION DATA ..............................................................................................65
6.4.1 Activation Data Generation and Installation ..............................................66
6.4.2 Activation Data Protection..........................................................................66
6.4.3 Other Aspects of Activation Data................................................................66
6.5 COMPUTER SECURITY CONTROLS .........................................................................66
6.6 LIFE-CYCLE TECHNICAL CONTROLS......................................................................66
6.6.1 System Development Controls .....................................................................66
6.6.2 Security Management Controls....................................................................67
6.6.3 Life-Cycle Security Ratings ..........................................................................67
6.7 NETWORK SECURITY CONTROLS ..........................................................................67
6.8 CRYPTOGRAPHIC MODULE ENGINEERING CONTROLS.............................................67
7 CERTIFICATE AND CRL PROFILES ................................................................ 67
7.1 CERTIFICATE PROFILE ..........................................................................................67
7.1.1 Version Number(s) .......................................................................................68
7.1.2 Certificate Extensions..................................................................................68
7.1.3 Algorithm Object Identifiers ........................................................................69
7.1.4 Name Forms.................................................................................................69
7.1.5 Name Constraints ........................................................................................69
7.1.6 Certificate Policy Object Identifier..............................................................69
7.1.7 Usage of Policy Constraints Extension .......................................................69
7.1.8 Policy Qualifiers Syntax and Semantics.......................................................70
7.1.9 Processing Semantics for the Critical Certificate Policy Extension............70
7.2 CRL PROFILE .......................................................................................................70
7.2.1 Version Number(s) .......................................................................................70
7.2.2 CRL and CRL Entry Extensions...................................................................70
8 SPECIFICATION ADMINISTRATION .............................................................. 71
8.1 SPECIFICATION CHANGE PROCEDURES..................................................................71
8.2 PUBLICATION AND NOTIFICATION POLICIES .........................................................71
8.3 CPS APPROVAL PROCEDURES ..............................................................................71
9 APPENDIX: ACES PRIVACY POLICY AND PROCEDURES........................... 1
9.1 ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS ................................1
9.1.1 Handling of Information ................................................................................2
9.1.2 Information Provided to Certificate Applicant..............................................3
9.1.3 Limitations on Collection, Maintenance and Dissemination of Data............3
v
9.1.4 Notice of Existence of Records ......................................................................4

9.1.5 Access to Records by Covered Individual ......................................................6
9.1.6 Amendment of Records ..................................................................................8
9.1.7 Disclosure Accounting..................................................................................13
9.1.8 Reports .........................................................................................................14
9.1.9 Certificate Issuance Warrants......................................................................14

vi
1 INTRODUCTION
1.1 CPS Overview
This Certification Practices Statement (CPS) documents the internal practices and procedures
used by Digital Signature Trust Co. (DST). It covers the operation of systems and management
of facilities used to provide public key infrastructure (PKI) services described in the DST
Concept of Operations, which include Certification Authority (CA), Registration Authority
(RA), and repository functionality.
As with every CPS, a Certificate Policy (CP) provides additional specification of policies and
procedures applicable to a particular project, to a contract or set of contracts or contract forms,
or to a class of certificates issued. DST has multiple CPs under which certificates are issued,
and this CPS provides practices that are common to many of these CPs.
1.2 Policy Identification
This CPS is referred to as the DST ACES CPS. This CPS alone is not intended to provide the
basis for any contractual obligations.
DST has registered an Object Identifier (OID) under which it assigns CPS OIDs. This OID is
{joint-iso-ccitt (2) country (16) USA (840) US-company (1) DST (113839) certification-
practices (1)}. The DST ACES Certification Practices Statement Version 3.2 is assigned a

1
separate OID under this arc of {joint-iso-ccitt (2) country (16) USA (840) US-company (1)
DST (113839) certification-practices (1) ACES (2)}.
1.3 Community and Applicability
The community of clients served by DST includes the following:
§ Clients of the DST CA service bureau requesting certificates issued under specific
certificate policies
§ Clients for SSL certificates requesting Web server certificates
§ Clients for repository services requesting certificates, certificate revocation lists
(CRLs), and other items from the DST directories.
People become clients of DST by signing contracts with DST that cover a set of services and
terms to be provided. For ACES, the ACES CP specifies three types of certificate holders:
Unaffiliated Individuals, Business Representatives and Qualified Relying Party Applications.
Thus, for each of the preceding communities, a subscriber contract exists (see 2.1.4), and, if
necessary, CAs, RAs, end entities, and repositories are created and run as desired by the client.
Many clients ask DST to run multiple CAs, RAs, and repositories on their behalf, while others
ask DST to only provide a repository and will perform CA and RA services themselves.
© 2001 Digital Signature Trust Co. All rights reserved. 2

1.3.1 Approved Applications
Since individual DST clients define their own requirements for their requested services, the list of
approved applications is determined differently for each type of certificate according to each
certificate policy. There is no general set of applications for which DST approves use of
certificates.
1.3.2 Prohibited Applications
Since individual DST clients define their own requirements for their requested services, the list of
prohibited applications is determined differently for each type of certificate. There are no
applications of certificate or repository services that DST strictly prohibits for certificates.
1.4 Contact Details
DST's Customer Service Center is available between 7 a.m. and 6 p.m. Mountain Standard
Time (MST), Monday through Friday, excluding Federal holidays. DST's Customer Service
Center assists subscribers with certificate- and key-related issues. Such issues include, but are
not limited to, problems with key generation and certificate installation. Problems and inquiries
received that are not certificate-related are directed to the relevant government agency for
resolution with the subscriber. Those concerns can include, but are not limited to, problems with
accessing information and inquiries of a general nature.
For questions concerning ACES certificates, DST operations or the DST ACES CPS please
contact: Digital Signature Trust Co.

255 North Admiral Byrd Road
Salt Lake City, Utah 84116-3703
Helpdesk@trustdst.com
www.trustdst.com
Tel: 1-888-248-4447
Tel: 1-801-326-5400
Fax: 1-801-326-5448
Otherwise, assistance is available at the Web site above, 24 hours per day, including Federal
holidays, to individual subscribers, business representatives, and individuals authorized to act on
behalf of agency applications.
2 GENERAL PROVISIONS
2.1 Rights and Obligations
2.1.1 CA Rights and Obligations
The CA’s rights and obligations are determined primarily by contracts with subscribers, relying
parties, registrars, and others (see 2.1.4). Statutes include the Federal Privacy Act,
Appendices I and III of OMB Circular A-130, the Utah Digital Signature Act, regulations, and
general common or civil law. DST has standard forms for contracts with different classes of
subscribers and relying parties.
2.1.1.1 CAs Authorized to Issue Certificates under this Policy
Additional policies and procedures in this category are determined by client and by CP.
2.1.1.2 Subscribers Authorized to Receive Certificates
2.1.2 CA Right to Subcontract

to any person without your prior consent, unless otherwise required by law, or except as may be necessary
for the performance of DST services under its contract with GSA and for auditing requirements. DST also
agrees to protect your personal information in a manner designed to ensure its integrity and to make
available to you, following an appropriate request and for correction if necessary, any information collected.
However, information contained in your ACES certificate and related status information are not private.
(That would defeat the purpose of an ACES certificate, which is to establish your identity with Qualified
Relying Parties.) DST may disclose such certificate-related identification information to Qualified Relying
Parties in accordance with DST's contract with the GSA. Disclosure of system records to consumer
reporting systems is not permitted.
4. DST's Obligations as an ACES CA. In performing its duties as a government contractor under ACES,
DST warrants that:
(a) it has issued, and will manage, your ACES certificate in accordance with the requirements of the
CP;
(b) it has complied with all requirements of the CP when identifying You and issuing You an ACES
certificate;
(c) it knows of no misrepresentations of fact in the ACES certificate and that it has verified the
information in the ACES certificate;
(d) it has accurately transcribed information provided by You into the ACES certificate; and
(e) the ACES certificate meets the material requirements of the CP.
5. Your Obligations
5.1 Submit Correct Information. You represent and warrant to DST that all of the information You
submit in your application is accurate, current and complete and that You have provided DST with all
Material Facts (as defined in 10.4 below) necessary to confirm your identity and the reliability of the ACES
certificate to be issued. You further agree that for purposes of certificate issuance, certificate renewal and
certificate replacement, You will immediately inform DST if any Material Facts submitted by You change
(e.g., You have a change of address or a change in your legal name).
5.2. Binding Effect of Signed Message. For each electronic message that is digitally signed using
your Private Key corresponding to the Public Key listed in your ACES Certificate that was valid at the time
of such signing (“Message”), You represent and warrant, only to Qualified Relying Parties, that:
(a) for purposes of complying with any applicable law that requires a “writing,” such Message shall be
considered to be "in writing" or "written" to an extent no less than if it were in paper form;
(b) where Yo u intended the Digital Signature as a signature, such Message shall be considered to be
"signed" to an extent no less than if it were undertaken using pen and paper;
(c) if introduced as evidence in any judicial, arbitration, mediation, or administrative proceedings, such
Message shall be admissible to the same extent and under the same conditions as Messages originated and
maintained in paper form; and
(d) You will not contest the admissibility of the Message under either the business records exception to the
hearsay rule, the best evidence rule, or a comparable evidentiary rule on the basis that the Message was not
originated or maintained in paper form.
5.3. Protect Your Private Key. DST issues You an ACES Certificate based on a Public Key
that You send to DST. In Public Key Cryptography, a Key Pair of two mathematically related keys is
generated by computer software whereby a Public Key has a corresponding Private Key. The Key Pair is
stored on a computer, smart card, or some other cryptographic hardware device. To obtain an ACES
Certificate, You will need to submit a certificate request to DST containing your Public Key. (In most cases,
a Key Pair and certificate request will be generated by your Internet browser after You "Accept" this
may have been lost or otherwise compromised; (c) your ACES certificate has become unreliable; (d) a
Material Fact in your Certificate has changed or is no longer true; (e) You have violated any provision of
this Agreement or the CP; (f) You request revocation; (g) a governmental authority has lawfully ordered
DST to revoke your ACES certificate; (h) this Agreement terminates; or (i) there are any other grounds for
suspension or revocation. Your right to use your ACES certificate ceases immediately upon revocation of
your ACES certificate. If your certificate is revoked, DST will send you prompt notice of revocation. Once
your ACES certificate has been revoked, it cannot be used or reinstated.
5.6. Cease Using Your Certificate. You agree to immediately cease using your ACES certificate,
after notifying DST, in the following circumstances: (a) when You suspect or discover that the
private key corresponding to your ACES certificate has been or may be compromised; (b) when a
Material Fact in your ACES certificate has changed or is no longer true, (c) upon the revocation or
expiration of your ACES certificate, or (d) upon termination of this Agreement.
5.7. Indemnification. You agree to indemnify and hold DST and its affiliates harmless from any
and all liabilities, costs and expenses, including reasonable attorneys' fees, related to: any
misrepresentation or omission of Material Fact, whether intentional or not, made by You to DST;
any violation of this Agreement or the CP by You or authorized users of your Certificate; or any
misuse of your ACES certificate.
6. DISCLAIMER OF WARRANTIES. DST DISCLAIMS ANY AND ALL WARRANTIES OF ANY TYPE,
WHETHER EXPRESS OR IMPLIED, THAT ARE NOT SPECIFICALLY PROVIDED HEREIN OR ITS
CONTRACT WITH THE GSA, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NONINFRINGEMENT
WITH REGARD TO DST SERVICES OR ANY CERTIFICATE ISSUED HEREUNDER.
7. LIMITATION OF LIABILITY. DST SHALL NOT BE LIABLE FOR CONSEQUENTIAL, INDIRECT,

SPECIAL, OR INCIDENTAL DAMAGES, EVEN IF DST HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
8. Dispute Resolution Provisions. This Agreement shall be governed by, and interpreted and
construed under, the laws of the United States, and the parties agree that the United Nations Convention on
Contracts for the International Sale of Goods shall not apply to this Agreement.
If any provision of this Agreement is found to be invalid or unenforceable, then such documents
shall be deemed amended by modifying such provision to the extent necessary to make it valid and
enforceable while preserving its intent or, if that is not possible, by striking the provision and enforcing the
remainder of this Agreement.
Except for a controversy, claim, or dispute involving the federal government of the United States,
or where the federal government may ultimately be responsible for satisfaction of a judgment or claim, or a
"Core Proceeding" under the United States Bankruptcy Code, the parties agree to submit any controversy,
claim, or dispute, whether in tort, contract, or otherwise (and their respective employees, officers, directors,
attorneys, and other agents) arising out of or related in any way to this Agreement that cannot be resolved
by communications among the parties, for resolution by binding arbitration by a single arbitrator and
judgment upon the award rendered by the arbitrator may be entered in any court having jurisdiction over the
parties. The arbitrator shall have no authority to impose penalties or award punitive damages. Binding
arbitration will be governed by the Federal Arbitration Act (Title 9 of the United States Code) and be
conducted in accordance with the Commercial Arbitration Rules of the American Arbitration Association
("AAA"). Each party shall bear its costs for the arbitration; however, upon award of any judgment or
conclusion of arbitration, the arbitrator shall award the prevailing party the costs it expended in such
arbitration. Unless the arbitrator otherwise directs, the parties, their representatives, other participants, and
the arbitrator shall hold the existence, content, and result of the arbitration in confidence. This arbitration

requirement does not limit the right of either party to obtain provisional ancillary remedies such as injunctive
relief or the appointment of a receiver, before during or after the pendency or any arbitration proceeding.
This exclusion does not constitute a waiver of the right or obligation of either party to submit any dispute to
arbitration.
9. Survival. Sections 3, 4, 5, 6, 7 and 8 shall survive any termination or expiration of this Agreement.
10. Definitions
10.1 Certificate (ACES Certificate): A computer-based record or electronic message issued by DST
pursuant to its role as a Certification Authority that: (a) identifies DST as the Certification Authority issuing
it; (b) names or identifies a Subscriber; (c) contains the Public Key of the Subscriber; (d) identifies the
Certificate’s operational period; (e) is digitally signed by DST; and (f) has the meaning ascribed to it in
accordance with applicable standards. A Certificate includes not only its actual content but also all
documents expressly referenced or incorporated in it.
10.2 Digital Signature: A Digital Signature is a transformation of a Message using Public Key Cryptography
so that a person having the communication and the Subscriber's Public Key can accurately determine (1)
whether the transformation was created using the Private Key corresponding to the Subscriber's Public Key,
and (2) whether the communication has been altered since the transformation was made. It does not involve
a handwritten signature.
10.3 Key Pair: In Public Key Cryptography, a Key Pair is two mathematically related keys (a Private Key and
its corresponding Public Key), having the properties that (i) one key can be used to encrypt a message that
can only be decrypted using the other key, and (ii) even knowing one key, it is computationally infeasible to
discover the other key.
10.4 Material Fact: The phrase, "Material Fact," shall have the following meanings for the following
circumstances as used in this Agreement:
For Certificate Issuance (¶ ¶ 1 & 5.1): Material Facts are all facts requested by DST as part of the enrollment,
certificate issuance, certificate replacement and certificate renewal processes, which are relied upon by DST
to confirm a Subscriber's identity and to bind the Subscriber's identity to the Public/Private Key Pair
certified.
For Facts Contained in the Certificate and giving rise to the Subscriber's Duty to Request Revocation of the
Certificate (¶¶ 5.4 – 5.6): Material Facts are the Subscriber's Legal Name and Public/Private Key Pair.
For misrepresentations or omissions of Material Fact giving rise to the Subscriber's duty to idemnify DST
(¶5.7): "Material Fact" means all of the above.
10.5 Private Key: In Public Key Cryptography, a Private Key is the key of a Key Pair kept secret by its
holder and can be used by its holder to encrypt or decrypt messages corresponding to the Public Key. The
Private Key is used to create a Digital Signature.
10.6 Public Key: In Public Key Cryptography, a Public Key is the key of a Key Pair publicly disclosed by
the holder of the corresponding Private Key and is used by the recipient to encrypt or decrypt messages
corresponding to the Private Key. The Public Key is used to verify a Digital Signature.
10.7 Public Key Cryptography: A form of cryptography (a process of creating and deciphering
communications to keep them secure) in which two keys are used. One key encrypts a message, and the
other key decrypts the message. One key is kept secret (Private Key), and one is made available to others
(Public Key). These keys are, in essence, large mathematically related numbers that form a unique pair.
Either key may be used to encrypt a message, but only the other corresponding key may be used to decrypt
the message.

However, information contained in your ACES certificate and related status information are not private.
(That would defeat the purpose of an ACES certificate, which is to establish your identity with Qualified
Relying Parties.) DST may disclose such certificate-related identification information to Qualified Relying
Parties in accordance with DST's contract with the GSA. Disclosure of system records to consumer
reporting systems is not permitted.
4. DST's Obligations as an ACES CA. In performing its duties as a government contractor under
ACES, DST warrants that:
(a) it has issued, and will manage, your ACES Certificate in accordance with the requirements of the CP;
(b) it has complied with all requirements of the CP when identifying You and issuing You an ACES
Certificate;
(c) it knows of no misrepresentations of fact in the ACES Certificate and that it has verified the
information in the ACES Certificate;
(d) it has accurately transcribed information provided by You into the ACES Certificate; and
(e) the ACES Certificate meets the material requirements of the CP.
5. Your Obligations
5.1. Submit Correct Information. You represent and warrant to DST that all of the
information You submit in your application form – including but not limited to Your Organization
name – is accurate, current and complete and that You have provided DST with all Material Facts
(as defined in 10.4 below) necessary to confirm your identity and to the reliability of the Certificate
to be issued. You further agree that for purposes of certificate issuance, certificate renewal and
certificate replacement, You will immediately inform DST if any Material Facts submitted by You
change (e.g., You have a change of employment, change of address or a change in your legal
name).You also represent and warrant that You are authorized to use Your Organization’s name
that You designated in your application form. You also agree to inform Your Organization that You
have applied for a Certificate.
5.2. Binding Effect of Signed Message. For each electronic message that is digitally signed using
your Private Key corresponding to the Public Key listed in your Certificate that was valid at the time of
such signing (“Message”), You represent and warrant, only to Qualified Relying Parties, that:
(a) for purposes of complying with any applicable law that requires a “writi
considered to be "in writing" or "written" to an extent no less than if it were in paper form;
(b) where You intended the Digital Signature as a signature, such Message shall be considered to be
"signed" to an extent no less than if it were undertaken using pen and paper;
(c) if introduced as evidence in any judicial, arbitration, mediation, or administrative proceedings, such
Message shall be admissible to the same extent and under the same conditions as messages originated and
maintained in paper form; and
(d) You will not contest the admissibility of the Message under either the business records exception to the
hearsay rule, the best evidence rule, or a comparable evidentiary rule on the basis that the Message was not
originated or maintained in paper form.
5.3. Protect Your Private Key. DST issues You a Certificate based on a Public Key that You
send to DST. In Public Key Cryptography, a Key Pair of two mathematically related keys is generated by
computer software whereby a Public Key has a corresponding Private Key. The Key Pair is stored on a
computer, smart card, or some other cryptographic hardware device. To obtain a Certificate, You will need
to submit a certificate request to DST containing your Public Key. (In most cases, a Key Pair and certificate
request will be generated by your Web browser after You "Accept" this Agreement and click "Continue" on

discretion, determines that: (a) the Certificate was not properly issued or was obtained by fraud; (b) the
security of the Private Key corresponding to the Certificate has or may have been lost or otherwise
compromised; (c) the Certificate has become unreliable; (d) Material Facts in the Certificate have changed or
become untrue (e.g., You are no longer affiliated with Your Organization); (e) You or Your Organization have
violated any applicable agreement or obligation; (f) You or Your Organization requests revocation; (g) a
governmental authority has lawfully ordered DST to revoke your Certificate; (h) this Agreement terminates;
or (j) there are any other grounds for revocation. Your right to use your Certificate ceases immediately upon
revocation of your Certificate. Once Your Certificate has been revoked, it cannot be used or reinstated.
5.6. Cease Using Your ACES Business Representative Certificate. You agree to
immediately cease using your Certificate in the following circumstances: (a) when You suspect or
discover that the Private Key corresponding to your Certificate has been or may be compromised
or subjected to unauthorized use in any way; (b) when a Material Fact in the Certificate has
changed or is no longer true, (c) upon the revocation or expiration of your Certificate, or (d) upon
termination of this Agreement.
5.7. Indemnification. You agree to indemnify and hold DST and its affiliates harmless
from any and all liabilities, costs, and expenses, including reasonable attorneys' fees, related to:
any misrepresentation or omission of Material Fact, whether intentional or not, made by You or
Your Organization to DST; any violation of this Agreement or the CP by You or authorized users of
your Certificate; or any misuse of your ACES certificate.
6. DISCLAIMER OF WARRANTIES. DST DISCLAIMS ANY AND ALL WARRANTIES OF ANY TYPE,
WHETHER EXPRESS OR IMPLIED, THAT ARE NOT SPECIFICALLY PROVIDED HEREIN OR ITS
CONTRACT WITH THE GSA, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NONINFRINGEMENT
WITH REGARD TO DST SERVICES OR ANY ACES BUSINESS REPRESENTATIVE CERTIFICATE ISSUED
HEREUNDER.
7. Limitation of Liability. DST shall not be liable for any consequential, indirect, special, or incidental
damages, and in no event shall DST be liable to You or Your Organization for damages in excess of amounts
paid to DST by You or Your Organization under this Agreement, including, without limitation, damages
arising from loss of use or business interruption, even if DST has been advised of the possibility of such
loss.
8. Dispute Resolution Provisions. This Agreement shall be governed by, interpreted and construed
under the laws of the United States and the Parties agree that the United Nations Convention on Contracts
for the International Sale of Goods shall not apply to this Agreement. If any provision of this Agreement is
found to be invalid or unenforceable, then such document shall be deemed amended by modifying such
provision to the extent necessary to make it valid and enforceable while preserving its intent or, if that is not
possible, by striking the provision and enforcing the remainder of this Agreement.
Except for a controversy, claim, or dispute involving the federal government of the United States,
or where the federal government may ultimately be responsible for satisfaction of a judgment or claim, or a
"Core Proceeding" under the United States Bankruptcy Code, the parties agree to submit any controversy,
claim, or dispute, whether in tort, contract, or otherwise (and their respective employees, officers, directors,
attorneys, and other agents) arising out of or related in any way to this Agreement, that cannot be resolved
by communications among the parties, for resolution by binding arbitration by a single arbitrator and
judgment upon the award rendered by the arbitrator may be entered in any court having jurisdiction over the
parties. The arbitrator shall have no authority to impose penalties or award punitive damages. Binding
arbitration will be governed by the Federal Arbitration Act (Title 9 of the United States Code) and be
conducted in accordance with the Commercial Arbitration Rules of the American Arbitration Association
("AAA"). Each party shall bear its costs for the arbitration; however, upon award of any judgment or

conclusion of arbitration, the arbitrator shall award the prevailing party the costs it expended in such
arbitration. Unless the arbitrator otherwise directs, the parties, their representatives, other participants, and
the arbitrator shall hold the existence, content, and result of the arbitration in confidence. This arbitration
requirement does not limit the right of either party to obtain provisional ancillary remedies such as injunctive
relief or the appointment of a receiver, before during or after the pendency or any arbitration proceeding.
This exclusion does not constitute a waiver of the right or obligation of either party to submit any dispute to
arbitration.
9. Survival. Sections 4, 5, 6, 7, 8 and the Authorization Form provisions of this Agreement shall
survive any termination or expiration of this Agreement.
10. Definitions
10.1 Certificate (ACES Certificate): A computer-based record or electronic message issued by DST
pursuant to its role as a Certification Authority that: (a) identifies DST as the Certification Authority issuing
it; (b) names or identifies a Subscriber; (c) contains the Public Key of the Subscriber; (d) identifies the
Certificate’s operational period; (e) is digitally signed by DST; and (f) has the meaning ascribed to it in
accordance with applicable standards. A Certificate includes not only its actual content but also all
documents expressly referenced or incorporated in it.
10.4 Material Fact: The phrase, "Material Fact," shall have the following meanings for the following
circumstances as used in this Agreement:
For Certificate Issuance (¶ ¶ 1 & 5.1): Material Facts are all facts requested by DST as part of the enrollment,
certificate issuance, certificate replacement and certificate renewal processes, which are relied upon by DST
to confirm a Subscriber's identity and to bind the Subscriber's identity to the Public/Private Key Pair
certified.
For Facts Contained in the Certificate and giving rise to the Subscriber's Duty to Request Revocation of the
Certificate (¶¶ 5.4 – 5.6): Material Facts are the Subscriber's Legal Name, Organizational Affiliation and
Public/Private Key Pair.
For misrepresentations or omissions of Material Fact giving rise to the Subscriber's duty to idemnify DST
(¶5.7): "Material Fact" means all of the above.
10.5 Private Key: In Public Key Cryptography, a Private Key is the key of a Key Pair kept secret by its
holder and can be used by its holder to encrypt or decrypt messages corresponding to the Public Key. The
Private Key is used to create a Digital Signature.
10.6 Public Key: In Public Key Cryptography, a Public Key is the key of a Key Pair publicly disclosed by
the holder of the corresponding Private Key and is used by the recipient to encrypt or decrypt messages

the message.
10.8 Qualified Relying Party: A federal agency or other recipient of a digitally signed message authorized by
the CP to rely on an ACES Certificate and that has entered into a Memorandum of Understanding with the
General Services Administration to participate in the ACES Program to verify the digital signature on the
message.
10.9 Repository: A database containing information and data relating to ACES Certificates, including
information relating to ACES Certificate status as valid or revoked.
10.10 Subscriber: A person that (a) is named or identified in a certificate as the "subject" of the Certificate,
and (b) holds a Private Key that corresponds to a Public Key listed in that Certificate.
___________________________________________________
BY CLICKING ON THE “ACCEPT” BUTTON BELOW, YOU ARE AGREEING TO BE LEGALLY

BOUND BY THE TERMS AND CONDITIONS OF THIS AGREEMENT AS IF YOU HAD SIGNED
IT. IF YOU CHOOSE NOT TO ACCEPT THIS AGREEMENT, CLICK THE “DECLINE” BUTTON
BELOW, IN WHICH CASE YOU MAY NOT APPLY FOR AN ACES BUSINESS
REPRESENTATIVE CERTIFICATE.
BY CLICKING ON THE "ACCEPT" BUTTON BELOW, YOU REPRESENT AND WARRANT

THAT (1) YOU ARE AUTHORIZED TO HOLD A CERTIFICATE ASSOCIATING YOU WITH THE
ORGANIZATION IDENTIFIED IN YOUR APPLICATION, (2) YOUR ORGANIZATION IS THE
ENTITY THAT IT IS REPRESENTED TO BE IN THE APPLICATION, AND (3) YOU ARE
AUTHORIZED TO ENTER INTO THIS AGREEMENT WITH DST.
[ACCEPT] [DECLINE]
INSTRUCTIONS FOR ACES BUSINESS REPRESENTATIVE

AUTHORIZATION FORM
Thank you for choosing Digital Signature Trust Co. ("DST") to issue you an ACES business representative
certificate.
ACES business representative certificates are issued to individuals, such as employees, officers, and agents
(“Business Representatives”) who are authorized to act on behalf of business entities ("Sponsoring
Organizations") that have been validated by DST.
To complete your enrollment as an ACES Business Representative, you must complete the following steps:
Please take the following ACES Business Representative Authorization Form ("Authorization Form") – Part
I to an officer in your Organization who can sign on behalf of your Organization and represent to DST that
You are a duly-authorized representative, have them sign it and return it to you for submission to DST (a
Glossary of Terms is included at page 4 of this document to define some of the terms used in this Form);
Take Part II of the Authorization Form to a licensed Notary employed by your Organization or a financial
institution (most banks have notaries on staff);

Present the Notary with Part II of the Authorization Form and a current, valid driver's license or state-issued
ID card;
Sign the Form in the presence of the Notary;
Have the Notary verify your identity by reviewing and recording the information on the photo ID card;
Make sure the Notary has properly notarized your signature and affixed his or her raised seal or colored ink
stamp;
Record the name and place where you had the Form notarized; and
Make and keep a copy of both Part I and II of the Form and
send the signed originals by courier or mail to:
ACES
255 Admiral Byrd Road

Salt Lake City UT 84116
ACES Business Representative Authorization Form – Part I
THIS AUTHORIZATION is given by a Sponsoring Organization ("Organization"), identified below, to

Digital Signature Trust Co. ("DST"), a Utah corporation with its principal place of business at 255 Admiral
Byrd Road, Salt Lake City, Utah 84116 U.S.A (www.trustdst.com) and a Certification Authority
("CA") under contract with the federal government for the Access Certificates for Electronic Services
("ACES") program. Capitalized terms are defined in Part III of this Authorization Form.
WHEREAS Organization desires to authorize, and DST desires to perform (free of charge under its contract
with the General Services Administration), the issuance of an ACES Business Representative Certificate
("Certificate") that will identify "Subscriber," identified below, as being employed, associated, affiliated with
or authorized by Organization and will certify Subscriber's Public Key (in "Public Key Infrastructures" like
ACES, a Public/Private Key Pair is held by the Subscriber, the Private Key is kept secure and used to create
Digital Signatures, and the Public Key is held openly, certified by a CA, and used to authenticate network
access and Digital Signatures),
1. DST and Organization agree that:

(a) DST or Organization, in its sole discretion, may terminate this Authorization and revoke the Certificate
at any time and for any reason;
(b) DST will revoke the Certificate promptly upon confirming that the person making the revocation request
is authorized to do so or upon otherwise determining that the Certificate should be revoked; and
(c) Irrespective of the place of performance, this Authorization shall be construed, interpreted, and
enforced in accordance with the substantive laws of the State of Utah, without regard to its conflicts of
law rules.
2. Organization warrants, represents and agrees that:

(a) Organization is duly-organized and validly-existing under the laws of its state of organization and has
full right and authority to use the Organization's name, given below, to grant this authorization, and to
perform all obligations required of it hereunder;

(b) Subscriber is a duly-authorized representative of the Organization as an employee, partner, member,

agent, or other associate, and DST is hereby authorized to issue a Certificate to Subscriber that
identifies Subscriber as being employed, associated, affiliated with and/or authorized by Organization;
(c) Federal agencies, and other government-authorized recipients of messages signed with Subscriber's
Private Key, may rely on such messages to the same extent as though they were manually signed by the
Subscriber listed in a valid, unrevoked and unexpired Certificate issued by DST (Certificates have a two-
year lifetime);
(d) All information provided to DST by Organization will be accurate, current and complete and that
Organization will immediately notify DST and request that the Certificate be revoked if: (1) Organization
suspects any loss, disclosure, or other compromise of the Subscriber's Private Key; (2) information
contained in the Certificate is no longer accurate or current (e.g., the Subscriber changes his or her
name); or (3) Subscriber is no longer employed by, associated with, authorized by or affiliated with
Organization; and
(e) DST does not assume, nor should it be exposed to, the business and operational risks associated with
Organization's business, and Organization will hold DST, its subcontractors, affiliates, and employees
harmless from any and all liabilities, costs, and expenses, including reasonable attorneys' fees, related to
the services provided to Subscriber or in connection with any performance under this Authorization.
The undersigned personally warrants and represents that he or she has authority to accept the terms and
conditions of this Authorization and to bind the Organization by his or her signature.
_____________________________________ ___________________________________
Print Subscriber Name Organization Officer Signs Here
_____________________________________ By: ________________________________

Print Sponsoring Organization Name Print Name Here
_____________________________________ Its: ________________________________

Address Print Officer's Title Here
_____________________________________ Date: ___________________________________
ACES Business Representative Authorization Form – Part II
INSTRUCTIONS FOR NOTARY
FOR THE PURPOSES OF THIS DOCUMENT, PERSONAL ACQUAINTANCE WITH THE INDIVIDUAL IS
INSUFFICIENT. You must: 1) review a current government-issued ID containing the individual's name and
photograph, 2) verify that such photo ID information is protected against forgery, modification, or
substitution, and 3) record below the serial number and type of government-issued ID presented by the
applicant. You should also record in your “notary’s journal” the ID serial number of the identification that
was presented to you.
The undersigned applicant warrants, represents, and attests that all facts and information provided are
accurate, current and complete and that he or she: a) is authorized to receive, and has applied electronically
for, a digital certificate to be issued by DST; b) has read and accepts the personal identifying information to
be contained in the certificate; c) is who he or she represents himself or herself to be; and d) has read,
understood, and agrees to the responsibilities associated with being a certificate subscriber, including the
terms and conditions found in the on-line ACES Business Representative Certificate Agreement. The
applicant agrees to: 1) accurately represent him or herself in all communications with DST and Qualified
Relying Parties; 2) protect his or her private key at all times; 3) immediately notify DST if he or she suspects
his or her private key to have been compromised, stolen or lost; and 4) use his or her key only for authorized
business as allowed by the ACES Program.
Signed By: ______________________________________

(Sign Only In The Presence Of Notary)
Print ___________________________________ E-mail Address

________________________________
First Name, Middle Initial, Last Name
ACKNOWLEDGEMENT
State of ______________________
County of ____________________
I hereby certify that on this ___ day of ____________________, _______, personally appeared
before me the signer and subject of the above form, who signed or attested the same in my presence, and
presented the following government-issued photo ID card as proof of their identity:
________________________ ___________________ ______ ___________

Exact Name Listed on Photo ID Serial Number of Photo ID Expiration ID Type
Notary Public___________________________
Residing in: ___________________________
My Commission Expires: _______________
______________________________________
Street Address of Branch or Office
Space Reserved for Notary Seal

_________________________________
Name of Organization Employing Notary
PART III - TERMS USED IN THE BUSINESS REPRESENTATIVE AUTHORIZATION FORM
Agency: A federal agency, authorized federal contractor, agency-sponsored university or laboratory, or

when authorized by law or regulation, a state, local, or tribal government.
Application: A computer program or web-based interface used by an Agency to interact with Subscribers.
Business Representative: The Subscriber of a Certificate that identifies the Subscriber as being employed,
associated, affiliated with or authorized by a Sponsoring Organization.
Certificate: A computer-based record or electronic message issued by DST that: (a) identifies DST as the
Certification Authority issuing it; (b) names or identifies a Subscriber and the Subscriber's Organization; (c)
contains the Public Key of the Subscriber; (d) identifies the Certificate’s operational period; (e) is digitally
signed by DST; and (f) has the meaning ascribed to it in accordance with applicable standards. A Certificate
includes not only its actual content but also all documents expressly referenced or incorporated in it.
Certification Authority. A Certification Authority is an entity that is responsible for authorizing and causing
the issuance of a Certificate.
Certification Practice Statement. A “Certification Practice Statement” is a statement of the practices that a
Certification Authority employs in issuing, suspending, revoking, and renewing Certificates and providing
access to same, in accordance with the requirements of a contract for certificate services.
Digital Signature: A Digital Signature is a transformation of an electronic message using Public Key
Cryptography so that a person having the communication and the Subscriber's Public Key can accurately
determine (1) whether the transformation was created using the Private Key corresponding to the
Subscriber's Public Key, and (2) whether the communication has been altered since the transformation was
made. It does not involve a handwritten signature.
Key Pair: In Public Key Cryptography, a Key Pair is two mathematically related keys (a Private Key and its
corresponding Public Key), having the properties that (i) one key can be used to encrypt a message that can
only be decrypted using the other key, and (ii) even knowing one key, it is computationally infeasible to
Private Key: In Public Key Cryptography, a Private Key is the key of a Key Pair kept secret by its holder
and can be used by its holder to encrypt or decrypt messages corresponding to the Public Key. The Private
Key is used to create a Digital Signature.
Public Key: In Public Key Cryptography, a Public Key is the key of a Key Pair publicly disclosed by the
holder of the corresponding Private Key and is used by the recipient to encrypt or decrypt messages
Public Key Cryptography: A form of cryptography (a process of creating and deciphering communications
to keep them secure) in which two keys are used. One key encrypts a message, and the other key decrypts
the message. One key is kept secret (Private Key), and one is made available to others (Public Key). These
keys are, in essence, large mathematically-related numbers that form a unique pair. Either key may be used to
encrypt a message, but only the other corresponding key may be used to decrypt the message.
Qualified Relying Party: A federal agency or other recipient of a digitally signed message authorized by the
CP to rely on an ACES Certificate and that has entered into a Memorandum of Understanding with the
General Services Administration to participate in the ACES Program to verify the Digital Signature on the
message.
Responsible Individual. A trustworthy person designated by a Sponsoring Organization to authenticate

individual applicants seeking certificates on the basis of their affiliation with the Sponsoring Organization.
Sponsoring Organization. A business entity, government agency, or other organization with which a
Business Representative is affiliated (e.g., as an employee, agent, member, user of a service, business
partner, customer, etc.).
Subscriber: A person (e.g., a Business Representative) that (a) is named or identified in a Certificate as its
subject, and (b) holds a Private Key that corresponds to a Public Key listed in that Certificate.
2.1.4.3 Qualified Relying Party Applications
ACES QUALIFIED RELYING PARTY CERTIFICATE AGREEMENT
IMPORTANT NOTICE: Digital Signature Trust Co. ("DST," "Us," "We," or “Our”) provides Certificate
Services under the Access Certificates for Electronic Services ("ACES") program under Contract
#GS00T99ALD0006 with the General Services Administration ("the GSA Contract"). This ACES Qualified
confirmed that the person making the revocation request is authorized to do so. DST may also revoke the
Certificate without advance notice if DST, in its sole discretion, determines that: (a) the Certificate was not
properly issued or was obtained by fraud; (b) the security of the Private Key corresponding to the
Certificate has or may have been lost or otherwise compromised; (c) the Certificate has become unreliable;
(d) material information in the Certificate has changed (i.e., the name of the Application changes or the Key
Pair is no longer used with the Application); (e) You or Your Organization have violated any applicable
agreement or obligation; (f) You or Your Organization requests revocation; (g) a governmental authority has
lawfully ordered DST to revoke the Certificate; (h) this Agreement terminates; or (j) there are any other
grounds for revocation. Your Organization's right to use the Certificate ceases immediately upon revocation
of the Certificate. Once a Certificate has been revoked, it cannot be used or reinstated.
3.6. Cease Using the ACES Certificate. You agree to immediately cease using the Certificate in the
following circumstances: (a) when You suspect or discover that the Private Key corresponding to
the Certificate has been or may be compromised or subjected to unauthorized use in any way; (b)
when information contained in the Certificate is no longer accurate, current, or complete, (c) upon
the revocation or expiration of the Certificate, or (d) upon termination of this Agreement.
4. Other Agreements. Unless otherwise provided herein, DST's warranties and liabilities shall be limited as
provided in the GSA Contract, and any amendments or modifications thereto.
5. Definitions
5.1 Agency: A federal agency, authorized federal contractor, agency-sponsored university or laboratory,
or when authorized by law or regulation, a state, local, or tribal government.
5.2 Application: A computer program or web-based interface used by an Agency to interact with
Subscribers.
5.3 Authorized Certification Authority: A Certification Authority that meets the qualifications of Section
1.3.1 of the CP.
5.4 Business Representative: The Subscriber of a Certificate that identifies the Subscriber as being
employed, associated, affiliated with or authorized by a Sponsoring Organization.
5.5 Certificate (ACES Certificate): A computer-based record or electronic message issued by DST pursuant
to its role as a Certification Authority that: (a) identifies DST as the Certification Authority issuing it; (b)
names or identifies a Subscriber; (c) contains the Public Key of the Subscriber; (d) identifies the Certificate’s
operational period; (e) is digitally signed by DST; and (f) has the meaning ascribed to it in accordance with
applicable standards. A Certificate includes not only its actual content but also all documents expressly
referenced or incorporated in it.

5.8 Private Key: In Public Key Cryptography, a Private Key is the key of a Key Pair kept secret by its holder
5.9 Public Key: In Public Key Cryptography, a Public Key is the key of a Key Pair publicly disclosed by the
the message.
5.11 Qualified Relying Party: An Agency or other recipient of a digitally signed message authorized by the
General Services Administration to participate in the ACES Program to verify the digital signature on the
message.
5.12 Repository: A database containing information and data relating to ACES Certificates, including
information relating to ACES Certificate status as valid or revoked.
5.13 Sponsoring Organization. A business entity, government agency, or other organization with which a
Business Representative is affiliated (e.g., as an employee, agent, member, user of a service, business
partner, customer, etc.).
5.14 Subscriber: An Agency (or person) or an Application (software program or electronic device) that (a) is
named or identified in a certificate as the "subject" of the Certificate, and (b) holds a Private Key that
corresponds to a Public Key listed in that Certificate.
5.15 Unaffiliated Individuals: A class of Subscribers consisting of members of the general public (who are
not Business Representative Subscribers).
[ACCEPT] [DECLINE]
INSTRUCTIONS TO THE APPLICANT FOR AN ACES

QUALIFIED RELYING PARTY
Thank you for choosing Digital Signature Trust Co. ("DST") to issue your organization a Qualified Relying
Party Application ACES certificate ("ACES QRP certificate"). ACES QRP certificates are issued to
"Qualified Relying Parties" (i.e., federal agencies, authorized federal contractors, agency-sponsored
universities and laboratories, and, when authorized by law or regulation, state, local, and tribal governments)
that choose to use ACES, the U.S. General Services Administration's ("GSA's") "Access Certificates for
Electronic Services" ("ACES") program. Please note that a Qualified Relying Party must first enter into an
ACES Agreement with GSA to accept ACES Certificates and agree to be bound by the terms of the ACES
Certificate Policy.
An ACES QRP certificate is issued after DST has received an Authorization Form (this "Form") from the
Qualified Relying Party that indicates that you, "the Applicant," are authorized to manage the "Agency
Application" and describes your association or relationship with the Agency Application.

To complete your enrollment for an ACES QRP certificate, you must complete the following steps. A
Glossary of Terms is included below that explains some of the terms used in this Form.
After completing the informational sections, please take this Form to your supervisor or some other official
who can sign on behalf of the Qualified Relying Party and represent to DST that You are duly-authorized to
manage the Agency Application, and have them sign this Form.
Make and keep a copy of this Form and

send the signed original by courier or mail to:
ACES
255 Admiral Byrd Road
Salt Lake City UT 84116-3703
ACES Qualified Relying Party Authorization Form
THIS AUTHORIZATION is given by "Qualified Relying Party" and "Applicant," identified below, to Digital
Signature Trust Co. ("DST"), a Utah corporation and Certification Authority with its principal place of
business at 255 Admiral Byrd Road, Salt Lake City, Utah 84116-3703 (http://www.trustdst.com).
Qualified Relying Party authorizes DST to issue an ACES Qualified Relying Party Application Certificate
("Certificate") and deliver it to "Applicant," who has been authorized by Qualified Relying Party to manage
Qualified Relying Party's Agency Application.
1. Qualified Relying Party and Applicant warrant, represent and agree that:
(a) Applicant is duly-authorized by Qualified Relying Party to act on behalf of Qualified Relying Party and
to manage and control (1) Qualified Relying Party's Agency Application, (2) the Application's
Private/Public Key Pair, (3) the Certificate to be issued by DST and (4) communications between DST
and Qualified Relying Party's Application;
(b) Applicant has the association or relationship with Qualified Relying Party's Application identified
below;
(c) Qualified Relying Party and Applicant have read, understood, and agree to the responsibilities
associated with subscribing to Certificate, including the terms and conditions found in the online ACES
Qualified Relying Party Certificate Agreement;
(d) The Application's Private/Public Key Pair will only be used for purposes authorized by the GSA's ACES
Certificate Policy/the GSA Contract;
(e) Qualified Relying Party and Applicant will protect the Private Key at all times;
(f) Applicant shall ensure that any and all individuals who may have access to the Private Key are advised
of the responsibilities of Private Key safekeeping, along with the consequences that can accompany
the improper use or disclosure of a Private Key.
(g) All facts and information provided to DST by Qualified Relying Party and Applicant have been and will
be accurate, current and complete and that Qualified Relying Party and Applicant will immediately
notify DST and request that the Certificate be revoked if: (1) Qualified Relying Party or Applicant
suspects any loss, disclosure, or other compromise of the Application's Private Key; (2) information
contained in the Certificate is no longer accurate or current; or (3) the Private Key is no longer used by,
associated with, authorized by or affiliated with Qualified Relying Party or the Qualified Relying Party's
Application; and
(h) DST is hereby authorized to issue a Certificate and deliver it to Applicant for use with Qualified Relying
Party's Application.
Applicant (Person Authorized to Receive Certificate for Qualified Relying Party Application)
PRINT NAME___________________________________ SIGN HERE _______________________

LAST FIRST MI
AGENCY APPLICATION NAME

__________________________________________________________________________________
APPLICANT'S RELATIONSHIP TO APPLICATION

___________________________________________________________________________
QUALIFIED RELYING PARTY

NAME___________________________________________________________________________
IF AGENCY OR BUREAU, DEPT. NAME

_______________________________________________________________________________
MAILING
ADDRESS________________________________________________________________________
STREET ADDRESS SUITE/MAILSTOP
_________________________________________________________________________________
CITY STATE ZIP COUNTRY
TELEPHONE_____________________ FAX__________________________
E-MAIL________________
AUTHORIZING OFFICIAL OF QUALIFIED RELYING PARTY
PRINT NAME_________________________________ SIGN HERE ____________________________

LAST FIRST MI
MAILING ADDRESS (If different than

above)_____________________________________________________________________________
MAILING ADDRESS
__________________________________________________________________________________
___
CITY STATE ZIP COUNTRY

TELEPHONE__________________________FAX______________________
E-MAIL_______________________
GLOSSARY OF TERMS USED IN THE AUTHORIZATION
Agency: A federal agency, authorized federal contractor, agency-sponsored university or laboratory, or

when authorized by law or regulation, a state, local, or tribal government.
Application: A computer program or web-based interface used by an Agency to interact with Subscribers.
Certificate: A computer-based record or electronic message issued by DST that: (a) identifies DST as the
Certification Authority issuing it; (b) names or identifies a Subscriber and the Subscriber's Organization; (c)
contains the Public Key of the Subscriber; (d) identifies the Certificate’s operational period; (e) is digitally
signed by DST; and (f) has the meaning ascribed to it in accordance with applicable standards. A Certificate
includes not only its actual content but also all documents expressly referenced or incorporated in it.
Certification Authority. A Certification Authority is an entity that is responsible for authorizing and causing
the issuance of a Certificate.
Digital Signature: A Digital Signature is a transformation of an electronic message using Public Key
Cryptography so that a person having the communication and the Subscriber's Public Key can accurately
determine (1) whether the transformation was created using the Private Key corresponding to the
Subscriber's Public Key, and (2) whether the communication has been altered since the transformation was
made. It does not involve a handwritten signature.
Key Pair: In Public Key Cryptography, a Key Pair is two mathematically related keys (a Private Key and its
corresponding Public Key), having the properties that (i) one key can be used to encrypt a message that can
only be decrypted using the other key, and (ii) even knowing one key, it is computationally infeasible to
Private Key: In Public Key Cryptography, a Private Key is the key of a Key Pair kept secret by its holder
Public Key: In Public Key Cryptography, a Public Key is the key of a Key Pair publicly disclosed by the
Public Key Cryptography: A form of cryptography (a process of creating and deciphering communications
to keep them secure) in which two keys are used. One key encrypts a message, and the other key decrypts
the message. One key is kept secret (Private Key), and one is made available to others (Public Key). These
keys are, in essence, large mathematically-related numbers that form a unique pair. Either key may be used to
encrypt a message, but only the other corresponding key may be used to decrypt the message.
Qualified Relying Party: A federal agency or other recipient of a digitally signed message authorized by the
General Services Administration to participate in the ACES Program to verify the Digital Signature on the
message.
Responsible Individual. A trustworthy person designated by a Sponsoring Organization to authenticate

individual applicants seeking certificates on the basis of their affiliation with the Sponsoring Organization.

Subscriber: An Agency (or person) or an Application (software program or electronic device) that (a) is
named or identified in a Certificate as its subject, and (b) holds a Private Key that corresponds to a Public
Key listed in that Certificate.
2.1.5 Relying Party Rights and Obligations
Typically, DST will provide a limited level of assurance for each certificate. A relying party will
be required to sign appropriate contracts that detail any relying party rights and obligations.
Relying party rights and obligations may include the following:
§ Rely reasonably and in good faith in light of all the circumstances known to the
relying party at the time of reliance
§ Rely within the validity limits stated in the certificate
§ Check the authenticity of the certificate before relying
§ Check the status of the certificate prior to reliance.
2.1.6 Repository Obligations
The DST Repositories make obligations to subscribers to provide certain continuity of service
and availability of up-to-date certificates and CRLs. However, the level of service and the
remedies available to clients are described in the contracts signed by each client and DST.
2.2 Liability
Except as expressly provided in contracts with clients, and according to specific certificate
policies, DST disclaims all warranties and obligations of any type, including any warranty of

merchantability, any warranty of fitness for a particular purpose, and any warranty of accuracy
of information provided.
2.2.1 CA Liability
See the Subscriber Agreements set forth in 2.1.4.
2.2.2 RA Liability
2.2.3 Repository Liability
2.3 Financial Responsibility
2.4 Interpretation and Enforcement
2.4.1 Governing Law
The governing law for this CPS shall be the law of the State of Utah.
2.4.2 Severability, Survival, Merger, and Notice
If a particular provision of this CPS is terminated or determined to be invalid, illegal, or
unenforceable, the remaining provisions of this CPS shall remain in full force and effect.

2.4.3 Dispute Resolution Procedures
See the Subscriber Agreements set forth in 2.1.4.
2.5 Fees
There shall be no access controls or fees on the reading of this policy or authorized CA's CPS.
DST shall assess fees or impose access controls on certificates, certificate status, or CRLs at its
sole discretion, subject to agreement between DST and its clients, and in accordance with fee
schedules negotiated and detailed in contracts with the clients.
2.5.1 Certificate Issuance or Renewal Fees
2.5.2 Certificate Access Fees
2.5.3 Revocation or Status Information Access Fees
2.5.4 Fees for Other Services Such as Policy Information
2.5.5 Refund Policy

2.6 Publication and Repository
2.6.1 Publication of CA Information
Unless otherwise agreed by the subscriber and DST, DST shall publish each certificate issued
promptly upon acceptance of the certificate by the subscriber, in DST’s or another acceptable
repository. DST will not publish, or cause to be published, any certificate that has not been
expressly accepted by the subscriber.
DST shall also publish information regarding certificate revocation for every certificate that DST
issues and for every certificate processed for a CA that has a contract for this service.
2.6.2 Frequency of Publication
2.6.3 Access Controls
2.6.4 Repositories
2.7 Compliance Audit
DST operations are overseen at two levels: examination and regulation by the Office of the
Comptroller of the Currency (OCC), part of the U.S. Treasury Department, and audits
performed by independent auditors for compliance with DST policies and procedures.

DST is subject to OCC examination and supervision and has received OCC approval
for operations. As part of the examination process, OCC examiners evaluate and assess DST’s
activities and have defined OCC supervision over those activities.
In addition to supervision by the OCC, DST engages outside auditors to perform full
functionality and security reviews of DST operations and systems under a variety of standards
established by the accounting and information security professions. The results of these audits
are submitted to the OCC and other licensing authorities and made available to interested clients
under nondisclosure agreements.
DST notifies all clients in writing of the OCC’s examination and regulatory authority
c). If irregularities are found during compliance audits, the OCC may
require appropriate remedial action or terminate DST operations after appropriate notice to
existing clients. The results of compliance audits will not otherwise be made public.
2.8 Confidentiality and Privacy
DST will acquire information through CA, RA, and repository functions regarding subscribers,
their identity and case history, and transactions that subscribers are conducting using digital
signatures. This is possible to the extent that relying parties verify those signatures through the
repository or check for current validity and other information.
DST will protect all customer information acquired through such means as confidential.
While DST operations will automatically maintain audit trails of all CA, RA, and repository
services, DST has no intention of compiling this information in a manner that associates
particular relying parties with particular subscribers unless required to do so by warrant,

subpoena, or court order. DST will not sell subscriber or relying party information, but may
conduct and market statistical analysis, provided such analysis does not compromise the
confidentiality or privacy of subscribers or relying parties.
No confidential consumer information will be released in any manner with the following
exception: DST will release consumer information to Federal, state, and local law enforcement
authorities upon receipt of a relevant search warrant or subpoena, and will respond similarly to a
relevant discovery order or subpoena in a civil litigation setting. More restrictive privacy and
confidentiality requirements may be followed for certificates issued to subscribers under specific
CPs. CAs, RAs, and repository service agents shall not have access to the private keys of any
of the entities they certify or register.
For specific U.S. Federal Government customers with defined certificate policies, DST
follows additional privacy policies and procedures described in Section 9 of this CPS.
2.9 Intellectual Property Rights
Any intellectual property rights DST shall treat as follows:
§ Private and public keys shall be considered the property of the applicable rightful
private key holder.
§ Certificates shall be the property of the CA.

3 IDENTIFICATION AND AUTHENTICATION
DST negotiates specific Identification and Authentication (I&A) requirements with each type of
certificate issued. Any certificate issued by DST under a particular CP will follow the I&A
procedures specified in that CP.
NOTE: Topics in this chapter (Section 3) are not specified by general DST practices.
Instead, I&A is specified in the CPs under which certificates are issued, or client
agreements, where a CP is not specified in a certificate.
3.1 Initial Registration
3.1.1 Subscriber registration is initiated through a Web interface on DST's World Wide Web
site. The applicant for a certificate completes a registration form and acknowledges
acceptance of the terms and conditions of one of the online subscriber agreements
outlined in 2.1.4. This information is verified through database checks and other means
and placed in a customer information file used to track the applicant through the
certificate enrollment process. Types of Names
The subject name used for ACES Certificate applicants shall be the Subscriber’s authenticated
common name.
3.1.2 Need for Names to be Meaningful
In the case of Unaffiliated Individuals, the authenticated common name is a combination of first
name and/or initials and surname. In the case of Business Representatives, the authenticated
common name is a combination of first name and/or initials and surname and reflects the legal

name of the organization and/or unit. In the case of Qualified Relying Parties, the common name
is the authenticated name of the Qualified Relying Party application.
3.1.3 Rules for Interpreting Various Name Forms
3.1.4 Uniqueness of Names
3.1.5 Name Claim Dispute Resolution Procedure
3.1.6 Recognition, Authentication, and Role of Trademarks
Additional policies and procedure in this category are determined by client and by CP.
3.1.7 Verification of Possession of Key Pair
DST verifies that a certificate applicant possesses the private key corresponding to the public
key submitted with the application in accordance with secure protocols generally-accepted by
the CA industry, such as that described in the IETF PKIX Certificate Management Protocol
(e.g., by verifying that the request for certificate issuance was signed by the prospective
subscriber using his or her private key).

3.1.8 Authentication of Organizational Identity
DST verifies a Sponsoring Organization's validity, i.e., that the Organization exists and conducts
business at a particular location. In conducting its review and investigation, DST investigates
legal company name, type of entity, year of formation, names of directors and officers, address
(number and street, city, ZIP code), and telephone number.
3.1.9 Authentication of Individual Identity
DST authenticates a subscriber's identity by following the procedures of 3.1.9 in the ACES CP.
DST verifies an applicant's relationship to an Organization, in accordance with 3.1.9.2 and
3.1.9.3 of the ACES CP, by reviewing the information provided by the applicant on the printed
forms identified in 2.1.4.
3.2 Routine Rekey and Certificate Renewal
DST provides replacement certificates when a subscriber’s private key has not been
compromised and there are no changes to the certificate. However, in the event that there is a
suspected compromise of the key, or if subscriber information or key pair change DST, will
require subscribers to request a new certificate.
3.3 Rekey After Revocation
If a certificate is revoked or becomes invalid a new key must be generated, i.e., a subscriber
must "rekey after revocation."
3.4 Revocation Request

See 4.4.3, Procedure for Revocation Request.
4 OPERATIONAL REQUIREMENTS
4.1 Certificate Application
DST accepts certificate applications from subscribers in several instances:
4.1.1 Personal Appearance before DST or one of its Representatives (Employees)
If an individual appears in-person to an employee of DST, then the DST employee may conduct
an in-person registration of the individual after a verification of the individual's identity based on
a review of the individual's photo ID. This process requires the completion of a form, signed by
the DST employee conducting the in-person authentication. In accordance with section 3.1.9 of
the ACES CP, the DST employee reviews at least three separate forms of identification, one
consisting of information obtained by an antecedent in-person appearance (e.g., a photo ID),
and verifies the information through a multiple database cross-check performed by a
commercial service. The in-person identification process performed by an employee of DST
does not require the notarization of an application form.
4.1.2 Completion of a Registration Form Online with DST
If the individual registers online, DST will authenticate itself to the applicant using the American
Bankers Association (ABA) SiteCertain Seal. Once the individual has established the secure-
site, SSL session, he or she will enter personal identification information in the application form
and provide DST with a certificate request. In accordance with 3.1.9 of the ACES CP, DST

verifies the information through multiple database cross-checking performed by a commercial
service provider.
4.1.3 Submission of Registration Form via U.S. Postal System or Other Carrier
An individual may submit the registration form and certificate request to DST via the U.S. postal
system or other carrier. In accordance with 3.1.9 of the ACES CP, DST verifies the
information through multiple database cross-checking performed by a commercial service
provider.
4.1.4 Submission via a Qualified RA, i.e., Banks and licensed Notaries
DST may conduct the registration process through Registration Authorities (RAs) by contractual
arrangements with banks and other financial institutions or through the use of notaries ("Qualified
RAs"). In the case of an application submitted through the use of a qualified RA, the RA is
responsible for performing adequate identification and authentication of the information to be
listed in the certificate. Similar to in-person registration performed by DST employees, the
Qualified RA reviews at least three separate forms of identification, one consisting of information
obtained by an antecedent in-person appearance (e.g., a bank signature card, other bank
account information or photo ID), and cross-checks the identifying information through a
multiple database cross-check provided by a commercial service. This identification process
performed by a bank employee does not require notarization.
Once DST has received a complete certificate application, it will determine whether the
information provided is sufficiently accurate to approve certificate issuance. If DST determines
that the information provided by the applicant is insufficient to issue a certificate, DST will

suspend the registration process for the individual and inform him or her of the steps to take in
order to resume processing of the application.
4.2 Certificate Issuance
Once a certificate application is accepted and successfully verified, a certificate will be created
and digitally signed by the CA. The applicant will be given instructions on how and where to
retrieve the certificate. Unless otherwise agreed, the CA will then publish the certificate in
DST’s or another appropriate repository. This repository may be an X.500 directory, a
Lightweight Directory Access Protocol (LDAP) capable directory, or a proprietary database.
However, what is done with the certificate after the CA has issued it is specified in individual
subscriber agreements. In some situations, the certificate may be e-mailed or mailed back to
the subscriber or an address specified by the subscriber. Additional policies and procedures in
this category are determined by client and by CP.
4.3 Certificate Acceptance
In accordance with 4.3 of the ACES CP, Subscriber agreements establish requirements for
communicating certificate acceptance or rejection to DST. (See 2.1.4). Subscribers are
advised that they may reject the certificate by promptly notifying DST. Subscribers agree that
by downloading or using the ACES certificate (and failing to notify DST of any errors, defects
or problems) they expressly accept the certificate and its contents. Furthermore, prior to
actually downloading the certificate, a subscriber is given the opportunity to review the
information to be contained in the certificate in human-readable form and is advised that by

clicking to proceed he or she is accepting the certificate's contents. DST records the act of
certificate downloading.
4.4 Certificate Suspension and Revocation
4.4.1 Circumstances for Revocation
A subscriber may revoke his, her, or its certificate at any time for any reason. A sponsoring
organization (where applicable) may revoke the certificate of any affiliated individual at any time
for any reason. DST may also revoke a certificate upon failure of the subscriber (or the
sponsoring organization, where applicable) to meet its obligations under the applicable CP; this
CPS; or any other agreement, regulation, or law applicable to the certificate that may be in
force, including but not limited to circumstances in which DST, in its sole discretion, determines
that: (a) the certificate was not properly issued or was obtained by fraud; (b) the security of the
private key corresponding to the certificate has or may have been lost or otherwise
compromised; (c) the certificate has become unreliable; (d) material information in the
application for a certificate or in the certificate itself has changed or has become false or
misleading (e.g., the subscriber changes his or her name); (e) a governmental authority has
lawfully ordered DST to revoke the certificate; or (f) there are any other grounds for revocation.
The agreement with the sponsoring organization may limit or extend these circumstances for
revocation.

4.4.2 Who Can Request Revocation
The following entities may request the CA to revoke a certificate issued:
§ The subscriber
§ An authorized agent of the subscriber (or sponsoring organization)
§ The issuing CA.

4.4.3 Procedure for Revocation Request
4.4.4 Upon receiving a revocation request, DST places the certificate on suspended status
and notifies the subscriber of the request. DST assists the requester in identifying the
specific certificate(s) to be revoked by supplying a list of all certificates issued to the
requester, as appropriate. DST then verifies the revocation request through procedures
similar to those originally used for certificate issuance. If DST is able to adequately
confirm that the person making the revocation request is authorized to do so, the
certificate is revoked and the repository is updated. The subscriber is notified of the
certificate's status using an out-of-band notification process linked to the subscriber’s
physical postal mail address. In the case of suspected fraud or compromise of a
certificate, DST includes information regarding the possibility of unauthorized use of the
certificate and instructions for the applicant to receive a new certificate. Incidents of
suspected fraud are also submitted to the GSA in a Waste, Fraud and Abuse
Report.Circumstances for Suspension
Immediately upon receiving a revocation request, DST places the certificate on suspended
status pending verification of the request per section 4.4.3.
4.4.5 Who Can Request Suspension
If any person suspects that (a) a certificate was not properly issued or was obtained by fraud;
(b) the security of the private key corresponding to the certificate has or may have been lost or
otherwise compromised; (c) the certificate has become unreliable; (d) material information in a

certificate has changed or become false or misleading, he or she may contact DST and provide
with the information forming the basis of the suspicion.
4.4.6 Procedure for Suspension Request
DST will process a Suspension Request in accordance with the procedures of 4.4.3.
4.4.7 Limits on Suspension Period
4.4.8 CRL Issuance Frequency (If Applicable)
4.4.9 Online Revocation/Status Checking Availability
DST provides on-line, near-real-time certificate status in response to Certificate Validation
Request messages. Upon receipt of a signed Certificate Validation Request message from an
agency application, DST:
(a) Verifies the signature on the Certificate Validation Request,
(b) Generates and returns a signed Certificate Status Response message, and
(c) Indicates the certificate status as one of the following:
(1) Valid. Indicates that the certificate is usable
(2) Invalid. Indicates that the certificate either has been revoked or is beyond its
operational period
(3) Suspended. Indicates that the certificate has been placed in a temporary,

unusable state
4.4.10 Online Revocation Checking Requirements
Qualified Relying Parties are required to validate every ACES Certificate they receive in
connection with a transaction.
4.4.11 Other Forms of Revocation Advertisements Available
4.4.12 Checking Requirements for Other Forms of Revocation Advertisements
4.4.13 Special Requirements Rekey Compromise
4.5 Security Audit Procedures
All significant security events on the CA system are automatically recorded in audit log files.
The backup operators back up all relevant system files and the audit logs at regular intervals
daily, weekly, and monthly and deliver copies of the audit logs to DST management.

4.6 Records Archival
4.6.1 Types of Events Recorded
Audit information will be recorded as it is available from the commercial certificate authority
software that is being used. All audit information available is recorded for archive. Audit
information includes records of issuance, acceptance, and any suspension or revocation of a
certificate. Network information at the packet level coming in and going out of the DST
network segment containing the CA may be recorded for routine or non-routine purposes. The
following data is recorded for the following types of transactions:
4.6.1.1 Certificate Issuance
(a) Applicant’s name as it appears in the certificate’s “Common Name” field
(b) Method of application (i.e., on-line, in-person)
(c) For each data element accepted for proofing, including electronic forms:
(1) Name of document presented for identity proofing
(2) Issuing authority
(3) Date of issuance
(4) Date of expiration
(5) All fields verified
(6) Source of verification (i.e., which databases used for cross-checks)
(7) Method of verification (i.e., on-line, in-person)

(8) Date/time of verification
(d) Names of the ACES contractor, including subcontractors, if any
(e) All associated error messages and codes
(f) Date/time of process completion
(g) Names (IDs) of ACES contractor’s processes, including subcontractors’ processes, if any
4.6.1.2 Certificate Replacement
(a) Certificate serial number
(b)Certificate common name
(c) Certificate policy OID
(d)Date/time of completion of replacement process
(e) Name (ID) of ACES contractor process(es)
(f) All associated replacement data
4.6.1.3 Certificate Validation
(b) Certificate status with reason code
(c) Requesting agency application certificate serial number
(d) All validation data

(e) All associated error messages and codes
(f) Date/time of all certificate validation requests
(g) Date/time of transmission of certificate status request responses
(h) Name (ID) of ACES contractor’s process(es)
4.6.1.4 Certificate Suspension and Revocation
(a) Date/time
(b) Names of ACES contractor and RA, if any
(c) Subscriber’s common name
(d) Certificate policy Object Identifier (OID)
(e) Status of certificate at end of suspension
(f) Reason code for revocation request
(g) Certificate serial number
(h) All associated verification request, suspension, and revocation data
4.6.1.5 Certificate Renewal
(b) Certificate common name
(c) Certificate policy OID
(d) New operational period dates

(e) Date/time of completion of renewal process
(f) Name (ID) of ACES contractor process(es)
(g) All associated renewal data
4.6.2 Retention Period for Archive
In accordance with Utah regulations, DST retains archive records for a minimum of ten (10)
years past the expiration date of any certificate information in the records and may retain
records for a much longer period. DST archives its records on the current de facto standard
backup medium using a best practices approach. As the digital storage medium evolves, DST
will commit to upgrading all of its existing archives to the next generation medium. In
accordance with section 4.9(c) of the ACES CP (7/15/99), all current and archived ACES identity
proofing, certificate, validation, revocation/suspension, renewal, policy and practices, billing, and
audit data shall be transferred to GSA within 24 hours of DST's cessation of business.
Transferred data will not include any non-ACES data.
4.6.3 Protection of Archive
The DST management group maintains responsibility of all off-site backups of archive data.
The archive data is sealed in tamper evident containers and stored off site away from the CA. It
is the DST management group’s responsibility to maintain the archives in a secure and protected
manner. No other group has access to the archives, and only the DST management group has
the authority to request an archive from the remote site.

4.6.4 Archive Backup Procedures
The backup group is responsible for making sure that all archive files are backed up and
transferred to the bonded courier in a secure manner. All archive files are sealed in a tamper-
evident container, placed in a double locked box, and given to a bonded courier for
transportation to the off-site archive. The courier then reports the transfer of the archives to the
management group.
4.6.5 Archive Collection System (Internal or External)
Archives are produced by DST backup operators on a periodic basis (daily, weekly, and
monthly) and given to an external courier service for secure delivery to management. Hence
archive collection is external to some trusted roles, but internal to DST as a whole.
4.6.6 Procedures to Obtain and Verify Archive Information
Only the management group has the authority to request archives from the off-site storage,
which will be delivered via bonded courier to an officer of DST.
4.7 Key Changeover
4.8 Compromise and Disaster Recovery

4.9 CA Termination
DST will notify all current certificate holders in the event of termination of the CA. Notification
will be made via U.S. postal mail, e-mail, Web postings, or other methods as appropriate. If
possible, all certificates will be revoked prior to termination of CA operations.
5 PHYSICAL, PROCEDURAL, AND PERSONNEL SECURITY

CONTROLS
5.1 Physical Controls
All DST production CAs are located in secure, cement/masonry hardened buildings. The
building(s)' exterior and interior rooms housing equipment are equipped with cipher locks on the
doors. The facility is designed to provide top of the line data security and continuity services and
has been designed to provide a high level of physical and operational security for mission-critical
applications. The building is enclosed by an 8-foot-high steel fence with sharp edges at the top.
An 8-foot iron gate at the front of the facility, with access controlled through a keycard, is within
30 yards of a security kiosk and is visible at all times. In addition, the perimeter of the building
is secured with surveillance cameras 24 hours a day, 7 days a week.
To enter the building, personnel must first pass through a mantrap. The first door in the
trap requires keycard access; the second door requires both a keycard and a PIN number to
gain access to the building. The lobby of the building is also monitored with surveillance
cameras. To gain access to the offices and work area, a keycard is required. All keycard
accesses in the facility are logged.

In addition to the four layers of security implemented in the facility, a fifth layer of
security protects the room containing the CA equipment. Limited to authorized personnel,
access to this room is gained by two individuals simultaneously with a PIN and a biometric
device. This secure computer room is monitored at all times with surveillance cameras. Finally,
all CA and repository equipment is stored in secure locked cabinets that require physical or
electronic keys for access.
The building has been designed to augment the security and safety of the facility. To
withstand a 7.5 magnitude earthquake, the building is constructed on top of nine large springs.
In addition, the building is equipped with an Inergen fire detection and suppression system.
The computer room is built like a vault with some modifications for fire prevention and
ventilation requirements, and for enhanced security. The ceiling is secured with a 2-inch by 2-
inch steel grid that allows ventilation and fire prevention chemicals to flow throughout the room.
In addition, chain link fencing has been laid to prevent under-floor access to the room.
Air conditioning is provided in a fully redundant fashion around the perimeter of the
computer room. A 4-inch concrete moat, equipped with water sensors, isolates the air
conditioning water pipes from the rest of the computer room and signals an operator console
that is staffed 24 hours a day, 7 days a week.
Communications are provided through dual conduit access points on opposite sides of
the building backed up through a microwave system. The facility maintains its own UPS and
backup diesel generator that are tested weekly. Flood exposure is minimal to non-existent at the
site.

5.2 Procedural Controls
There are seven trusted roles identified by DST in this CPS:
§ Operating system administrators
§ CA operators
§ Directory/repository administrators
§ Help desk infrastructure personnel
§ Network infrastructure personnel (hubs, routers, firewalls, and network wiring)
§ Backup operators
§ DST Management Group.
Each of these roles is outlined below.
5.2.1 Operating System Administrators
Operating system administrators are responsible for the maintenance and operation of the
machines used to run the CA, RA, and repository software. They perform all tasks required to
keep the hardware and operating system functional and are expected to maintain Windows NT,
UNIX, and Sun Solaris operating systems and hardware. To accomplish this task, the system
administrators will possess system passwords to the operating system and will have keycard or
biometric access to the computer rooms. Their role includes allowing CA operators physical
access to the CA, RA, and repository systems. The system administrators are never in
possession of the CA private key and password or hardware token that enables operation of a
CA software system.

5.2.2 CA Operators
The CA operator responsibilities encompass operation of CA and RA software and protection
of critical CA and RA private keys. To perform these tasks, CA operators possess the CA
and RA passwords and/or private key PINs (if applicable). CA operators do not have keycard
access to the computer rooms and are required to be with an operating system administrator to
gain access to the machine. CA operators do not have root operating system passwords. All
CA and RA functions can only be performed on the console of the system that is running the
CA or RA.
5.2.3 Directory/Repository Administrators
The role of repository administrator encompasses responsibility for the operation of the X.500
directory and associated database software needed by any of the CA software packages. To
perform these tasks the repository administrator possesses the passwords and/or private key
PINs (if applicable) needed for configuration and maintenance of the directory/repository.
Repository administrators do not have keycard access to the computer rooms and are required
to be with an operating system administrator to gain access to the machine. Repository
administrators do not have root operating system passwords or CA passwords. All
directory/repository functions can only be performed on the console of the system that is running
the directory/repository.

5.2.4 Help Desk Infrastructure Personnel
Help desk infrastructure personnel answer user questions and troubleshoot user problems either
in-person, or by telephone or e-mail. They have user-level access to the OS on CA machines
but do not have physical access to the machines or computer rooms. They are able to assist
users with information regarding certificate issuance, account information, and other
administrative functions. Help desk personnel are also able to assist users with problems they
are experiencing with their certificates that have been issued. Infrastructure personnel are also
responsible for maintaining the firewalls and routers that provide network security and access to
the CA.
5.2.5 Network Infrastructure Personnel
The network infrastructure personnel will install, configure, maintain, and troubleshoot the
network infrastructure including the network hubs, routers, switches, and firewalls. They will
have system or root-level access to these devices but will not have any operating system, CA,
or directory password access.
5.2.6 Backup Operators
Backup operators are responsible for backing up the CAs and associated software. They
receive the minimum level of system access required to fulfill this role. In addition, backup
operators are responsible for sealing the backup tapes in sequentially numbered tamper-proof
containers, and for sealing the containers with nylon ties. These containers are then placed in a
dual-locking carrying case and given to the bonded courier. This courier then transports the

sealed backup tapes to an off-site storage facility with the only point of access being the
Management Group.
5.2.7 DST Management Group
The Management Group is responsible for providing independent oversight and supervision of
the other roles. This role is accomplished by allowing the Management Group to have sole
control of surveillance tapes (24 hours a day, 7 days a week surveillance camera video tapes of
DST operations), maintenance of backup tapes (sequentially numbered and tamper-proof
sealed and delivered), and audit logs (archived audit logs from the CA, RA, and repository
systems). The Management Group also controls and archives any network flight recorder
media (logs guide all network traffic coming in or out of the CA, RA, and repository-to-
WORM drive media).
5.3 Personnel Controls
DST CAs, RAs, and repositories will implement adequate security controls to ensure that the
staff associated with the operation of these systems can be placed in a position of trust. The
following sections describe how this requirement is implemented. In addition to the following
measures, all DST personnel in the trusted roles submit to periodic drug testing and are required
to be bonded.
5.3.1 Background, Qualifications, Experience, and Clearance Requirements

5.3.2 Background Check Procedures
All candidates for employment in a DST trusted role must agree to and undergo initial and
periodic financial and criminal background investigation as a condition of employment.
Investigations are conducted by agents chosen by DST, and the results of initial investigations
are releasable only to DST, and not to the subject of investigation.
Another condition of employment is if, at DST’s sole discretion, results from an initial
investigation are deemed unsatisfactory, DST will not hire the personnel in question for a trusted
role. In addition, if results from a periodic investigation are deemed unsatisfactory, DST will
remove that employee from any trusted role, and will apply other appropriate personnel actions
as allowed or required.
5.3.3 Training Requirements
All trusted personnel receive training as required to ensure they are competent to perform duties
in a trusted position including the following:
§ All trusted personnel receive a copy of each CP under which DST issues
certificates and the CPS.
§ All trusted personnel are instructed on the policies and procedures for operating in
their specific role.
§ All CA operators are instructed in the policies and procedures for maintaining the
confidentiality of private keying material.

5.3.4 Retraining Frequency and Requirements
All trusted personnel undergo a retraining session every six months including a review of each
CP under which DST is currently issuing certificates, and a full review of all DST policies and
procedures.
5.3.5 Job Rotation Frequency and Sequence
5.3.6 Sanctions for Unauthorized Actions
Any employees performing trusted roles who are cited by DST management for unauthorized
actions, inappropriate actions, or unsatisfactory investigation results are immediately removed
from their trusted role pending management review. Following further management review and
discussion of actions or investigation results with employees, employees may be reassigned to
their positions, transferred to non-trusted roles, or dismissed from employment, as appropriate.
5.3.7 Contracting Personnel Requirements
The personnel requirements of this CPS apply equally to DST employees, contractors, and
subcontractors.
5.3.8 Documentation Supplied to Personnel
All personnel operating in a trusted position are given copies of the relevant CPs and the CPS.
In addition, they have access to manuals for the operation of their components of the system.

6 TECHNICAL SECURITY CONTROLS
6.1 Key Pair Generation and Installation
6.1.1 Key pair generation
For nearly all ACES implementations (see 6.1.2), key pairs for end users are generated in either
hardware or software under the sole possession and control of the applicant / end user. The
private key is never in the possession of anyone else. For all DST operations, key pairs will be
generated in such a way that the private key is not known by anyone other than the authorized
user of the key pair. Acceptable ways of accomplishing this include:
§ Requiring all users (CAs, CMAs, RAs, RSAs, and subscribers) to generate their
own keys on a trustworthy system, and not reveal the private keys to anyone else.
§ Requiring keys to be generated in hardware tokens from which the private key
cannot be extracted. DST supports this process for subscriber key pair generation.
CA keys are generated in hardware tokens, unless specifically excepted by a client contract and
CP. Key pairs for RAs or end-entities are generated in either hardware or software as defined
by client contract and CP.
6.1.2 Private Key Delivery to Entity
If DST participates with or assists the applicant with key pair generation, the applicant’s private
key shall remain only in volatile memory (only when necessary) until delivered to the applicant.
DST shall not retain any copies of an applicant’s private key. If DST generates the private key

1 Digital Signature Trust Co. All rights reserved.
away from its ultimate user (e.g., in a hardware token at the CA or RA workstation), the key
generation must be performed and the key transferred to the user in such a way that undetected
compromise of the private key is precluded (e.g., the key generation event is witnessed and
DST immediately delivers the key by insured, certified mail or by bonded, private courier
service to the subscriber, and the events are sufficiently documented, in writing or by other
means, to enable interested parties to determine afterwards in a provable manner that such did
occur).
6.1.3 Public Key Delivery to Certificate Issuer
If DST generates a key pair, the public key is loaded directly into PKI management hardware
and/or software. No intermediate storage subject to substitution or corruption is used. If the
key pair is generated outside DST facilities (e.g., on the user’s workstation), the public key is
transferred to the RA or CA in a way that ensures that:
§ It has not been changed during transit.
§ The sender of the public key is the legitimate user claimed in the request.
§ The sender of the public key possesses the private key that corresponds to the
transferred public key.
The transfer is accomplished through the inclusion of digital signatures on submissions from end
users. End-entity signatures will prove possession of a private key, and will be verified in
accordance with 3.1.7.
6.1.4 CA Public Key Delivery to Users

DST delivers CA public keys to end entities via an on-line transaction in accordance with IETF
PKIX Part 3, or via other appropriate mechanisms.
6.1.5 Key Sizes
All public key technology used by DST for digital signatures is of equivalent or higher work
factor to 1024-bit RSA keys. This includes 1024-bit DSA keys, and 160-bit ECDSA keys.
Where software and hardware capabilities allow, DST uses public key technology with work
factor equivalent to 2048-bit RSA keys for CAs, RA, and repositories. DST recognizes that
existing standardized algorithms, particularly hashing algorithms, do not yet provide for this level
of work factor.
6.1.6 Public Key Parameters Generation
6.1.7 Parameter Quality Checking
6.1.8 Hardware/Software Key Generation
Where system capabilities allow, DST uses hardware for generation of CA, RA, and repository
private and public keys.
6.1.9 Key Usage Purposes (As Per X.509 v3 Key-Usage Field)

6.2 Private Key Protection
6.2.1 Standards for Cryptographic Module

Where available, DST preferentially uses hardware cryptographic modules for key generation,
and storage and signing operations that have been certified at least
FIPS140-1 Level 3-compliant. When commercial products do not support FIPS140-1
validated modules, DST may use non-validated modules under certain certificate policies and
client agreements.
6.2.2 Private Key (n out of m) Multiperson Control
6.2.3 Private Key Escrow
6.2.4 Private Key Backup
6.2.5 Private Key Archival
6.2.6 Private Key Entry into Cryptographic Module
6.2.7 Method of Activating Private Key

When supported by the commercial hardware and software systems in use, private keys are
activated by PIN or password entry through trusted paths by CA operators. However, subject
to the procedures in specific CPs, software CA operators may employ various methods for
activation of private keys (such as password-based encryption of software tokens). In all
cases, activation data is controlled via multiparty control by the CA operators.
6.2.8 Method of Deactivating Private Key
6.2.9 Method of Destroying Private Key
Private keys for DST CAs, RAs, and repositories are destroyed by using FIPS140-1 zeroing
methods when available for cryptographic hardware, and active electronic erasure for software
(and hardware when zeroing is unavailable), or incineration of the storage media.
6.3 Other Aspects of Key Pair Management
6.3.1 Public Key Archival
6.3.2 Usage Periods for the Public and Private Keys
6.4 Activation Data

6.4.1 Activation Data Generation and Installation
6.4.2 Activation Data Protection
6.4.3 Other Aspects of Activation Data
6.5 Computer Security Controls
DST operates a variety of commercial software and hardware systems to provide CA, RA, and
repository services. DST operates these software systems on Sun Solaris, UNIX, and
Windows NT platforms. These systems are regularly scanned for potential security
compromises and software is run locally to prevent such compromises. Systems that require a
Windows NT platform are not operated in the TCSEC C2 evaluated configuration.
Passwords for these systems are changed every 35 days. In addition, password crackers are
run weekly against these systems to test for weak or obvious passwords.
6.6 Life-Cycle Technical Controls
6.6.1 System Development Controls

6.6.2 Security Management Controls
6.6.3 Life-Cycle Security Ratings
6.7 Network Security Controls
All DST production CAs, RAs, and repositories are protected by firewalls. Separate ports of a
filtering firewall allow access to each separate system, and are configured to allow only the
addresses, ports, protocols, and commands required for the PKI services provided by that
system. DST has engaged an independent contractor to perform penetration analysis of these
firewalls in order to harden them.
6.8 Cryptographic Module Engineering Controls
7 CERTIFICATE AND CRL PROFILES
7.1 Certificate Profile
Certificates that are issued by DST operating under the CPS are used for a variety of reasons,
to be defined by the customer. Possible uses are:
§ Digital signature

§ SSL Web access
§ Data encryption
§ Key agreement/exchange.
It is intended that all certificates issued by DST be compliant with X.509 version 3, PKIX Part
1, and the ISO Banking—Certificate Management Part 1. However, due to the current
limitations of commercially available CAs and customer application requirements, full
compliance may not be feasible at this time. If a customer requests a certificate profile that
differs from that specified in the CPS or divergent from the aforementioned standards, the
client’s needs will be accommodated with a specific CP detailing the divergent CP.
7.1.1 Version Number(s)
All certificates that reference this CPS will be issued in the X.509 version 3 format.
7.1.2 Certificate Extensions
The CPS imposes no additional requirements for certificate extensions over and above what is
contained in ISO/15782-1 Banking—Certificate Management Part 1: Public Key Certificates.
However, in recognition of the fact that the customer’s needs may vary and the commercial
availability of CAs and certificate-aware applications may vary, full compliance with this
standard may not be achieved initially. It is intended that all certificates created will conform as
closely as possible to the standard, while still meeting customer requirements.

Specific certificate extension use and population is specified in particular CPs, under which
certificates are issued, or in client agreements and contracts when a CP extension is not included
in a certificate.
7.1.3 Algorithm Object Identifiers
DST supports, at a minimum, RSA in accordance with FIPS PUB 186-1, NIST,
December 1998. The following signature algorithms may be supported, at DST's option:
(a) DSA in accordance with FIPS PUB 186-1, DSS, NIST, December 1998
(b) ECDSA in accordance with Draft ANSI Standard X9.62
For alternate algorithms, only Government-approved signature algorithms will be used.
7.1.4 Name Forms
7.1.5 Name Constraints
7.1.6 Certificate Policy Object Identifier
Certificates issued by DST operating under this CPS will preferentially include a reference to the
OID for a certificate policy within the certificate policies extension field.
7.1.7 Usage of Policy Constraints Extension

7.1.8 Policy Qualifiers Syntax and Semantics
7.1.9 Processing Semantics for the Critical Certificate Policy Extension
7.2 CRL Profile
It is intended that all certificate revocation lists issued by DST operating under this CPS be
compliant with Version 2 CRLs and their recommended used as specified in X.509 version 3,
PKIX Part 1, and the ISO Banking—Certificate Management Part 1. However, due to the
current limitations of commercially available CAs and customer application requirements, full
compliance may not be feasible at this time. If a client requests a certificate revocation list
profile that differs from that specified in this CPS or divergent from the aforementioned
standards, the client’s needs will be accommodated with a specific CP detailing the divergent
certificate profile.
7.2.1 Version Number(s)
All CRLs will be issued in the X.509 Version 2 format.
7.2.2 CRL and CRL Entry Extensions
As with certificate extensions, the CPS imposes no additional requirements for certificate
revocation list extensions or certificate revocation entry extensions over and above what is
contained in ISO/15782-1 Banking—Certificate Management Part 1: Public Key Certificates.

However, in recognition of the fact that the client’s needs may vary and the commercial
availability of CAs and certificate-aware applications may vary, full compliance with this
standard may not be achieved initially. It is intended that all CRLs created will conform as
closely as possible to the standard, while still meeting client requirements.
8 SPECIFICATION ADMINISTRATION
8.1 Specification Change Procedures
All proposed changes to the CPS that may materially impact DST clients (other than editorial or
typographical corrections, or changes to the contact details) will be posted to the DST Web
site. DST will allow clients a minimum of 45 days to provide comments on proposed changes.
If the proposed changes are modified as a result of such comments, a new notice of the
modified proposed change will be given.
8.2 Publication and Notification Policies
This CPS is copyright 2001 by Digital Signature Trust Co. For information on availability of the
CPS, please contact DST through the contact information listed in Section 1.4.
8.3 CPS Approval Procedures
Approval of a changed CPS is subject to signature of the president of DST, subsequent to
notification of DST clients.

9 Appendix: ACES Privacy Policy and Procedures
DST follows the privacy policies and procedures described below for the Access Certificates
for Electronic Services (ACES) contract. These policies and procedures are in addition to
those described elsewhere in the CPS, and apply to all ACES certificates issued by DST.
DST handles customer information covered by the Privacy Act of 1974 in accordance with the
requirements of 5 U.S.C. 552a and Appendix I to OMB Circular A-130. In addition, it is
DST’s policy that all officers and employees working with ACES information read and
understand the DST CPS and its privacy policies and procedures. After reading this CPS,
officers and employees must sign a letter indicating that they have read and understood the CPS
and its privacy policies and procedures.
9.1 Administrative, Technical, and Physical Safeguards
DST’s Privacy Policies and Procedures and CPS include provisions for the administrative,
technical, and physical safeguards necessary to ensure integrity, confidentiality, and availability
of records, systems of records, and reports containing data covered by the Privacy Act of
1974. The administrative, technical, and physical safeguards described elsewhere in this CPS
apply equally to the ACES contract. The following additional safeguards apply specifically to
the ACES contract.

1
9.1.1 Handling of Information

Each officer or employee of DST to whom information may be made available or disclosed shall
be notified in writing by DST that information disclosed to such officer or employee can be used
only for a purpose and to the extent authorized in the ACES contract and this CPS.
Any GSA or Government information collected by DST will be used only for the purpose of
carrying out the provisions of the ACES contract and will not be divulged or made known in
any manner to any person except as may be necessary in the performance of the contract and in
accordance with (IAW) the Privacy Act of 1974, and Appendix III to Office of
Management and Budget (OMB) Circular A-130.
In performance of the ACES contract, DST assumes responsibility for protecting the
confidentiality of Government records and for ensuring that all work is performed under the
supervision of DST or DST’s responsible employees.
DST promulgates and maintains written Privacy Policies and Procedures designed to ensure
compliance with the requirements of 5 U.S.C. 552a, and Appendix I to OMB Circular A-130,
and the ACES contract. These policies and procedures have been incorporated into this CPS
and contain the rules of conduct that are used to instruct DST’s officers and employees in
compliance requirements and penalties for noncompliance.

9.1.2 Information Provided to Certificate Applicant
Each applicant for an ACES certificate must first be provided, on a Government-approved form
that can be retained by the individual applicant, the information set forth below:
(a) The principal purposes of the ACES program
(b) DST’s authority for collection of the information
(c) That participation in the ACES program is strictly voluntary
(d) That provision of the identity information requested is a mandatory prerequisite to
being issued an ACES certificate
(e) That the information provided is covered by the Privacy Act of 1974, and the
protections therein provided
(f) The routine uses that will be made of the information provided
(g) The limitations on the uses of the information provided
(h) The procedures for requesting access to the individuals’ own records
(i) The possible consequences of failing to provide all or part of the requested
information, or intentionally providing false information.
9.1.3 Limitations on Collection, Maintenance and Dissemination of Data
Collection, maintenance, and dissemination of data is limited as follows:
(a) DST limits the collection and maintenance of data to that which is specifically
authorized in the ACES contract, or otherwise approved in writing by the GSA
Administrative Contracting Officer (ACO).

(b) DST limits the dissemination of data to that which is specifically authorized in the
contract, or otherwise approved in writing by the GSA ACO.
(a) DST collects, to the maximum extent practicable, the required information directly from the
individual to whom the record pertains, except where the purpose of the system of records
is to verify the information provided by the individual
(b) DST does not compile, maintain or disseminate any information describing how an individual
or a group of individuals uses ACES certificates, except as specifically authorized in the
contract, or otherwise approved in writing by the GSA ACO, to reasonably facilitate
prevention and detection of fraud, waste, and abuse.
9.1.4 Notice of Existence of Records
An individual can be notified, in response to his/her written request, if any system of records
named by the individual contains a record pertaining to him/her. Individuals must provide a
signed, written request to DST as described on the DST Web site or by the DST customer
service center. Except pursuant to a written request by, or with the prior written consent of, the
individual to whom the record pertains, these privacy policies and procedures prohibit access to
and/or disclosure of ACES information unless such access and/or disclosure is consistent with
one of the exceptions set forth below:
(a) Routine access by and disclosures to officers and employees of DST are permitted,
when the officer or employee is required such access and/or disclosure in order to
perform his/her assigned duties under the ACES contract

(b) Routine accesses, disclosures, and uses are permitted when accomplished in
accordance with the routine uses described in the ACES solicitation and ACES
contract, or as otherwise approved in writing by the GSA Administrative Contracting
Officer
(c) Disclosure is permitted to any agency or instrumentality of any governmental jurisdiction
within or under the control of the United States for a civil or criminal law enforcement
activity, if the activity is authorized by law, and if the head of the agency or
instrumentality has made a written request to DST specifying the particular portion of
the record desired and the law enforcement activity for which the record is sought
(d) Routine access by and disclosures to third party Quality Assurance Inspectors hired by
DST to provide an independent assessment of DST’s compliance with the requirements
set forth in the ACES solicitation
(e) Disclosure is permitted pursuant to the order of a court of competent jurisdiction.
DST will not permit an individual to access any information that has been compiled in
reasonable anticipation of a civil or criminal action or proceeding, except as authorized in writing
by the GSA ACO.

DST will make reasonable efforts to serve notice to an individual when any record on such
individual is made available to any person under compulsory legal process, when such process
becomes a matter of public record.
In the event of any disclosure of any record occurring after the filing of a statement of
disagreement by the individual that is the subject of the record, DST will clearly note any portion
of the record that is in dispute, will provide copies of the statement of disagreement filed by the
individual, and will provide a concise statement of its reasons for not making the amendments
requested by the individual.
9.1.5 Access to Records by Covered Individual
DST provides for receipt, granting, responding to, and monitoring of requests from ACES
individuals for notification of, access to, review of, and copies of their records. For purposes of
notification of the existence of and granting access to records, DST permits the parent of any
minor, or the legal guardian of any individual declared to be incompetent by a court of
competent jurisdiction, to act on behalf of such individual. The following discusses an
individual’s ability to access ACES records:
(a) An ACES individual may request disclosure of the existence of any records pertaining
to him/her by the following procedure. Individuals must provide a signed, written
request to DST as described on the DST Web site or by the DST customer service
center.

(b) The identity of the individual must be proven before notification of the existence of a
record or granting access to such record through the inclusion of a notarized letter. This
letter must identify the individual submitting the request to DST as described on the DST
Web site or by the DST customer service center.
(c) DST will maintain documentation establishing and verifying the individual's identity prior
to disclosing that there is a record on that individual.
(d) DST will maintain a copy of the individual’s written request for notice of any record of
him or her in a system of records maintained by DST.
(e) DST will maintain a copy of any notice forwarded to any individual in response to
his/her request for notification of the existence of any record(s) pertaining to that
individual.
(f) An individual will be granted access to his/her record for the purposes of reviewing
and/or copying that record after submitting a request in writing to DST as described on
the DST Web site or by the DST customer service center.
(g) DST will maintain a copy of the individual’s written request for access to any record(s)
pertaining to him/her.
(h) DST will maintain a copy of any response to the individual’s request for access to
his/her record(s).

(i) Prior to granting an individual access to his/her record(s) the individual must prove
his/her identity by providing a notarized letter as described on the DST Web site or by
the DST customer service center.
(j) DST will maintain documentation establishing and verifying the individual’s identity.
(k) An individual does not need accompaniment while reviewing his/her record(s), and
instead will be provided a copy of his/her records in a secure e-mail format, or through
the U.S. mail.
(l) Maintenance documentation establishing the identity of the individual accompanying the
individual to whom the record pertains will not be required since record copies will be
provided directly.
(m) DST’s process as described above eliminates the need for monitoring individuals.
(n) Fees to be charged to any individual for making copies of his/her records are described
on the DST Web site and are provided upon request by the DST customer service
center. These fees exclude the cost of any search for and review of the record.
9.1.6 Amendment of Records
DST has defined and maintains a process for reviewing a request from an individual concerning
the amendment of any record or information pertaining to that individual, for making a
determination on that request, for an appeal within the contractor’s organization of an initial

1 Digital Signature Trust Co. All rights reserved.
adverse contractor determination, and for an appeal to GSA of any continuing adverse
contractor determination. This process includes the following provisions.
9.1.6.1 Handling of Request to Amend Record
The following discusses how to handle a request to amend an ACES record:
§ DST maintains a record of each request for amendment that it receives, including
the date and time the request was received, the name of the record, and the name of
the requestor.
§ DST will provide, to the requesting individual, written acknowledgment of the
receipt of his/her request for amendment of his/her record, within ten (10) working
days of the date of receipt of that request. A copy of this written acknowledgment
will be made a part of the record of the request for amendment.
§ DST will notify the GSA ACO of the receipt of a request for amendment of a
record, in writing, within ten (10) working days of the date of receipt of that
request. A copy of this written notification will be made a part of the record of the
request for amendment.

§ DST will make any corrections to any record or portion thereof that are required to
ensure that the record is accurate, relevant, timely, and/or complete, within twenty
(20) working days of the date of receipt of a request for amendment of that record.
A copy of the corrections made, if any, will be made a part of the record of the
request for amendment and a copy of which will be forwarded to the GSA ACO.
§ In the event that DST makes any corrections to any record or portion thereof, it will
so notify any person or agency to which that record was previously disclosed, in
writing, within ten (10) working days of the date of making such corrections. A
copy of such notification(s) will be made a part of the record of the request for
amendment.
§ In the event that DST refuses to amend a record in accordance with the individual’s
request, DST will so notify the requesting individual and the GSA ACO, in writing,
within twenty (20) working days of the date of receipt of that request. This
notification will include the reason for the refusal, the procedures established by the
contractor for the individual to request a review of that refusal by a higher authority
in DST’s organization, and the name and business address of that higher authority
figure. A copy of such notification will by made a part of the record of the request
for amendment.

§ In the event that DST refuses to make the amendments requested, it will notify the
GSA ACO and any person or agency to which that record was previously
disclosed that there is an unresolved dispute relating to that record, in writing, within
twenty (20) working days of the date of receipt of that request. A copy of such
notification will be made a part of the record of the request for amendment.
9.1.6.2 Handling of Request to Review Refusal to Amend Record
ACES applicants may request to review any refusal to amend records according to the
following provisions and procedures. The following discusses how to handle a request to
review a refusal to amend an ACES record:
§ DST maintains a record of the date and time of receipt of any request for review of
a refusal to amend a record, which includes a copy of the request. This information
will be made a part of the record of the original request for amendment.
§ DST will provide, to the requesting individual, written acknowledgement of the
receipt of his/her request for review of a refusal to amend his/her record, in writing,
within ten (10) working days of the date of receipt of that request. A copy of that
acknowledgment will be made a part of the record of the original request for
amendment.

§ DST will notify the GSA ACO of the receipt of a request for review of a refusal to
amend a record, in writing, within ten (10) working days of the date of receipt of
that request. A copy of such notification will be made a part of the record of the
original request for amendment.
§ DST will complete the requested review of a refusal to amend a record and make a
final determination not later than thirty (30) working days from the date of receipt of
the request for review.
§ If DST, for good cause shown, is unable to complete its review and determination
relating to a request for review of its initial refusal to amend a record, it will submit a
written request for extension to the GSA ACO not later than twenty-five (25)
working days from the date of receipt of the request. If the request for extension is
not approved by the GSA ACO and/or DST is unable to make a final determination
within the time allotted, DST will process the request for review of refusal to amend
as if its determination was to continue to refuse to amend the record.
§ In the event that DST’s review of its initial refusal to amend results in a
determination to amend the record as requested, DST will resume processing of the
amendment as set forth above.
9.1.6.3 Notification of Right to Appeal to GSA

In the event that DST’s review of its initial refusal to amend results in a determination to continue
to refuse to amend the record, DST will so notify the requesting individual and the GSA ACO
of its determination, the individual’s right to appeal directly to GSA, and the individual’s right to
file a concise statement with the GSA ACO setting forth the reasons for his/her disagreement
with the contractor’s continuing refusal to amend the record. This notification will be made a
part of the record of the initial request for amendment.
9.1.7 Disclosure Accounting
DST maintains records of all disclosures of information covered by the Privacy Act of 1974
according to the following provisions:
§ The minimum disclosure accounting data that will be collected and maintained by
DST, for each disclosure, include but are not limited to:
(a) The name of the individual to whom the disclosed record pertains
(b) The system of records from which the disclosure was made
(c) The data disclosed
(d) The date, nature, and purpose of the disclosure
(e) The name, address, and telephone number of the person or agency to whom the
disclosure was made.
§ DST will retain the disclosure accounting data for at least five (5) years after the
date of the disclosure for which the accounting was made.

§ Except for disclosures made for a civil or criminal law enforcement activity pursuant
to the requirements set forth above, DST will make the disclosure accounting data
available to the individual named in the record disclosed, at his/her written request.
§ DST will make reasonable efforts to serve written notice to an individual when any
record on such individual is made available to any person or agency under a
compulsory legal process, once such process becomes a matter of public record.
9.1.8 Reports
DST will submit a written request to the GSA ACO for approval to establish any new system of
records or make a significant change in any existing system of records not less than sixty
working days prior to the requested implementation date.
9.1.9 Certificate Issuance Warrants
Upon successful completion of the Subscriber identification and authentication process in
accordance with the GSA ACES contract, the DST will create the requested ACES Certificate,
notify the applicant thereof, and make the ACES Certificate available to the applicant. DST will
use an out-of-band notification process linked to the ACES Certificate applicant’s physical U.S.
postal mail address and deliver the ACES Certificate only to the Subscriber.


Department of Labor: Aces Cps

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Department of Labor: Aces Cps

Uploaded by

Copyright:

Available Formats

© 2001 Digital Signature Trust Co. All rights reserved.

Certification Practices Statement

Digital Signature Trust Co.

Certification Practices Statement

Copyright 2001 Digital Signature Trust Co. All rights reserved.

This document is subject to change without notice.

© 2001 Digital Signature Trust Co. All rights reserved.

2.9 INTELLECTUAL PROPERTY RIGHTS ........................................................................36

3 IDENTIFICATION AND AUTHENTICATION.................................................. 37

4.6.6 Procedures to Obtain and Verify Archive Information................................52

6.2.7 Method of Activating Private Key ...............................................................64

9.1.4 Notice of Existence of Records ......................................................................4

© 2001 Digital Signature Trust Co. All rights reserved.

1.1 CPS Overview

Concept of Operations, which include Certification Authority (CA), Registration Authority

(RA), and repository functionality.

procedures applicable to a particular project, to a contract or set of contracts or contract forms,

1.2 Policy Identification

basis for any contractual obligations.

© 2001 Digital Signature Trust Co. All rights reserved.

DST (113839) certification-practices (1) ACES (2)}.

1.3 Community and Applicability

The community of clients served by DST includes the following:

§ Clients for SSL certificates requesting Web server certificates

§ Clients for repository services requesting certificates, certificate revocation lists

(CRLs), and other items from the DST directories.

Unaffiliated Individuals, Business Representatives and Qualified Relying Party Applications.

© 2001 Digital Signature Trust Co. All rights reserved. 2

1.3.1 Approved Applications

1.3.2 Prohibited Applications

1.4 Contact Details

accessing information and inquiries of a general nature.

contact: Digital Signature Trust Co.

holidays, to individual subscribers, business representatives, and individuals authorized to act on

behalf of agency applications.

2.1 Rights and Obligations

2.1.1 CA Rights and Obligations

subscribers and relying parties.

2.1.1.1 CAs Authorized to Issue Certificates under this Policy

2.1.1.2 Subscribers Authorized to Receive Certificates

2.1.2 CA Right to Subcontract

© 2001 Digital Signature Trust Co. All rights reserved. 4

7. LIMITATION OF LIABILITY. DST SHALL NOT BE LIABLE FOR CONSEQUENTIAL, INDIRECT,

© 2001 Digital Signature Trust Co. All rights reserved. 10

© 2001 Digital Signature Trust Co. All rights reserved. 11

© 2001 Digital Signature Trust Co. All rights reserved. 15

© 2001 Digital Signature Trust Co. All rights reserved. 17

© 2001 Digital Signature Trust Co. All rights reserved. 18

BY CLICKING ON THE “ACCEPT” BUTTON BELOW, YOU ARE AGREEING TO BE LEGALLY

BY CLICKING ON THE "ACCEPT" BUTTON BELOW, YOU REPRESENT AND WARRANT

INSTRUCTIONS FOR ACES BUSINESS REPRESENTATIVE

© 2001 Digital Signature Trust Co. All rights reserved. 19

Sign the Form in the presence of the Notary;

send the signed originals by courier or mail to:

255 Admiral Byrd Road

ACES Business Representative Authorization Form – Part I

THIS AUTHORIZATION is given by a Sponsoring Organization ("Organization"), identified below, to

1. DST and Organization agree that:

2. Organization warrants, represents and agrees that:

© 2001 Digital Signature Trust Co. All rights reserved. 20

(b) Subscriber is a duly-authorized representative of the Organization as an employee, partner, member,

_____________________________________ By: ________________________________

_____________________________________ Its: ________________________________

_____ By:

_____ Its:

___ Date: _

______________ _ _____

PRINT NAME_____________ SIGN HERE _

PRINT NAME_____ SIGN HERE