Professional Documents
Culture Documents
Version 3.2
Table of Contents
1 INTRODUCTION .................................................................................................... 1
1.1 CPS OVERVIEW .....................................................................................................1
1.2 POLICY IDENTIFICATION .........................................................................................1
1.3 COMMUNITY AND APPLICABILITY ..........................................................................2
1.3.1 Approved Applications...................................................................................3
1.3.2 Prohibited Applications..................................................................................3
1.4 CONTACT DETAILS ................................................................................................3
2 GENERAL PROVISIONS ....................................................................................... 4
2.1 RIGHTS AND OBLIGATIONS .....................................................................................4
2.1.1 CA Rights and Obligations.............................................................................4
2.1.2 CA Right to Subcontract ................................................................................4
2.1.3 RA Obligations ...............................................................................................5
2.1.4 Subscriber Contractual Obligations...............................................................5
2.1.5 Applicant (Person Authorized to Receive Certificate for Qualified Relying
Party Application) .....................................................................................................29
AUTHORIZING OFFICIAL OF QUALIFIED RELYING PARTY.............................29
2.1.6 Relying Party Rights and Obligations ..........................................................31
2.1.6 Repository Obligations ....................................................................................31
2.2 LIABILITY.............................................................................................................31
2.2.1 CA Liability..................................................................................................32
2.2.2 RA Liability...................................................................................................32
2.2.3 Repository Liability ......................................................................................32
2.3 FINANCIAL RESPONSIBILITY .................................................................................32
2.4 INTERPRETATION AND ENFORCEMENT ..................................................................32
2.4.1 Governing Law ............................................................................................32
2.4.2 Severability, Survival, Merger, and Notice..................................................32
2.4.3 Dispute Resolution Procedures ....................................................................33
2.5 FEES .....................................................................................................................33
2.5.1 Certificate Issuance or Renewal Fees ..........................................................33
2.5.2 Certificate Access Fees ................................................................................33
2.5.3 Revocation or Status Information Access Fees............................................33
2.5.4 Fees for Other Services Such as Policy Information ...................................33
2.5.5 Refund Policy ...............................................................................................33
2.6 PUBLICATION AND REPOSITORY ...........................................................................34
2.6.1 Publication of CA Information ....................................................................34
2.6.2 Frequency of Publication.............................................................................34
2.6.3 Access Controls............................................................................................34
2.6.4 Repositories ..................................................................................................34
2.7 COMPLIANCE AUDIT ............................................................................................34
2.8 CONFIDENTIALITY AND PRIVACY..........................................................................35
© 2001 Digital Signature Trust Co. All rights reserved.
Certification Practices Statement
ii
© 2001 Digital Signature Trust Co. All rights reserved.
Certification Practices Statement
1 INTRODUCTION
This Certification Practices Statement (CPS) documents the internal practices and procedures
used by Digital Signature Trust Co. (DST). It covers the operation of systems and management
of facilities used to provide public key infrastructure (PKI) services described in the DST
As with every CPS, a Certificate Policy (CP) provides additional specification of policies and
or to a class of certificates issued. DST has multiple CPs under which certificates are issued,
and this CPS provides practices that are common to many of these CPs.
This CPS is referred to as the DST ACES CPS. This CPS alone is not intended to provide the
DST has registered an Object Identifier (OID) under which it assigns CPS OIDs. This OID is
{joint-iso-ccitt (2) country (16) USA (840) US-company (1) DST (113839) certification-
practices (1)}. The DST ACES Certification Practices Statement Version 3.2 is assigned a
separate OID under this arc of {joint-iso-ccitt (2) country (16) USA (840) US-company (1)
§ Clients of the DST CA service bureau requesting certificates issued under specific
certificate policies
People become clients of DST by signing contracts with DST that cover a set of services and
terms to be provided. For ACES, the ACES CP specifies three types of certificate holders:
Thus, for each of the preceding communities, a subscriber contract exists (see 2.1.4), and, if
necessary, CAs, RAs, end entities, and repositories are created and run as desired by the client.
Many clients ask DST to run multiple CAs, RAs, and repositories on their behalf, while others
ask DST to only provide a repository and will perform CA and RA services themselves.
Since individual DST clients define their own requirements for their requested services, the list of
approved applications is determined differently for each type of certificate according to each
certificate policy. There is no general set of applications for which DST approves use of
certificates.
Since individual DST clients define their own requirements for their requested services, the list of
prohibited applications is determined differently for each type of certificate. There are no
applications of certificate or repository services that DST strictly prohibits for certificates.
DST's Customer Service Center is available between 7 a.m. and 6 p.m. Mountain Standard
Time (MST), Monday through Friday, excluding Federal holidays. DST's Customer Service
Center assists subscribers with certificate- and key-related issues. Such issues include, but are
not limited to, problems with key generation and certificate installation. Problems and inquiries
received that are not certificate-related are directed to the relevant government agency for
resolution with the subscriber. Those concerns can include, but are not limited to, problems with
For questions concerning ACES certificates, DST operations or the DST ACES CPS please
Tel: 1-888-248-4447
Tel: 1-801-326-5400
Fax: 1-801-326-5448
Otherwise, assistance is available at the Web site above, 24 hours per day, including Federal
2 GENERAL PROVISIONS
The CA’s rights and obligations are determined primarily by contracts with subscribers, relying
parties, registrars, and others (see 2.1.4). Statutes include the Federal Privacy Act,
Appendices I and III of OMB Circular A-130, the Utah Digital Signature Act, regulations, and
general common or civil law. DST has standard forms for contracts with different classes of
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
to any person without your prior consent, unless otherwise required by law, or except as may be necessary
for the performance of DST services under its contract with GSA and for auditing requirements. DST also
agrees to protect your personal information in a manner designed to ensure its integrity and to make
available to you, following an appropriate request and for correction if necessary, any information collected.
However, information contained in your ACES certificate and related status information are not private.
(That would defeat the purpose of an ACES certificate, which is to establish your identity with Qualified
Relying Parties.) DST may disclose such certificate-related identification information to Qualified Relying
Parties in accordance with DST's contract with the GSA. Disclosure of system records to consumer
reporting systems is not permitted.
4. DST's Obligations as an ACES CA. In performing its duties as a government contractor under ACES,
DST warrants that:
(a) it has issued, and will manage, your ACES certificate in accordance with the requirements of the
CP;
(b) it has complied with all requirements of the CP when identifying You and issuing You an ACES
certificate;
(c) it knows of no misrepresentations of fact in the ACES certificate and that it has verified the
information in the ACES certificate;
(d) it has accurately transcribed information provided by You into the ACES certificate; and
(e) the ACES certificate meets the material requirements of the CP.
5. Your Obligations
5.1 Submit Correct Information. You represent and warrant to DST that all of the information You
submit in your application is accurate, current and complete and that You have provided DST with all
Material Facts (as defined in 10.4 below) necessary to confirm your identity and the reliability of the ACES
certificate to be issued. You further agree that for purposes of certificate issuance, certificate renewal and
certificate replacement, You will immediately inform DST if any Material Facts submitted by You change
(e.g., You have a change of address or a change in your legal name).
5.2. Binding Effect of Signed Message. For each electronic message that is digitally signed using
your Private Key corresponding to the Public Key listed in your ACES Certificate that was valid at the time
of such signing (“Message”), You represent and warrant, only to Qualified Relying Parties, that:
(a) for purposes of complying with any applicable law that requires a “writing,” such Message shall be
considered to be "in writing" or "written" to an extent no less than if it were in paper form;
(b) where Yo u intended the Digital Signature as a signature, such Message shall be considered to be
"signed" to an extent no less than if it were undertaken using pen and paper;
(c) if introduced as evidence in any judicial, arbitration, mediation, or administrative proceedings, such
Message shall be admissible to the same extent and under the same conditions as Messages originated and
maintained in paper form; and
(d) You will not contest the admissibility of the Message under either the business records exception to the
hearsay rule, the best evidence rule, or a comparable evidentiary rule on the basis that the Message was not
originated or maintained in paper form.
5.3. Protect Your Private Key. DST issues You an ACES Certificate based on a Public Key
that You send to DST. In Public Key Cryptography, a Key Pair of two mathematically related keys is
generated by computer software whereby a Public Key has a corresponding Private Key. The Key Pair is
stored on a computer, smart card, or some other cryptographic hardware device. To obtain an ACES
Certificate, You will need to submit a certificate request to DST containing your Public Key. (In most cases,
a Key Pair and certificate request will be generated by your Internet browser after You "Accept" this
© 2001 Digital Signature Trust Co. All rights reserved. 8
Certification Practices Statement
© 2001 Digital Signature Trust Co. All rights reserved.
Certification Practices Statement
may have been lost or otherwise compromised; (c) your ACES certificate has become unreliable; (d) a
Material Fact in your Certificate has changed or is no longer true; (e) You have violated any provision of
this Agreement or the CP; (f) You request revocation; (g) a governmental authority has lawfully ordered
DST to revoke your ACES certificate; (h) this Agreement terminates; or (i) there are any other grounds for
suspension or revocation. Your right to use your ACES certificate ceases immediately upon revocation of
your ACES certificate. If your certificate is revoked, DST will send you prompt notice of revocation. Once
your ACES certificate has been revoked, it cannot be used or reinstated.
5.6. Cease Using Your Certificate. You agree to immediately cease using your ACES certificate,
after notifying DST, in the following circumstances: (a) when You suspect or discover that the
private key corresponding to your ACES certificate has been or may be compromised; (b) when a
Material Fact in your ACES certificate has changed or is no longer true, (c) upon the revocation or
expiration of your ACES certificate, or (d) upon termination of this Agreement.
5.7. Indemnification. You agree to indemnify and hold DST and its affiliates harmless from any
and all liabilities, costs and expenses, including reasonable attorneys' fees, related to: any
misrepresentation or omission of Material Fact, whether intentional or not, made by You to DST;
any violation of this Agreement or the CP by You or authorized users of your Certificate; or any
misuse of your ACES certificate.
6. DISCLAIMER OF WARRANTIES. DST DISCLAIMS ANY AND ALL WARRANTIES OF ANY TYPE,
WHETHER EXPRESS OR IMPLIED, THAT ARE NOT SPECIFICALLY PROVIDED HEREIN OR ITS
CONTRACT WITH THE GSA, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NONINFRINGEMENT
WITH REGARD TO DST SERVICES OR ANY CERTIFICATE ISSUED HEREUNDER.
8. Dispute Resolution Provisions. This Agreement shall be governed by, and interpreted and
construed under, the laws of the United States, and the parties agree that the United Nations Convention on
Contracts for the International Sale of Goods shall not apply to this Agreement.
If any provision of this Agreement is found to be invalid or unenforceable, then such documents
shall be deemed amended by modifying such provision to the extent necessary to make it valid and
enforceable while preserving its intent or, if that is not possible, by striking the provision and enforcing the
remainder of this Agreement.
Except for a controversy, claim, or dispute involving the federal government of the United States,
or where the federal government may ultimately be responsible for satisfaction of a judgment or claim, or a
"Core Proceeding" under the United States Bankruptcy Code, the parties agree to submit any controversy,
claim, or dispute, whether in tort, contract, or otherwise (and their respective employees, officers, directors,
attorneys, and other agents) arising out of or related in any way to this Agreement that cannot be resolved
by communications among the parties, for resolution by binding arbitration by a single arbitrator and
judgment upon the award rendered by the arbitrator may be entered in any court having jurisdiction over the
parties. The arbitrator shall have no authority to impose penalties or award punitive damages. Binding
arbitration will be governed by the Federal Arbitration Act (Title 9 of the United States Code) and be
conducted in accordance with the Commercial Arbitration Rules of the American Arbitration Association
("AAA"). Each party shall bear its costs for the arbitration; however, upon award of any judgment or
conclusion of arbitration, the arbitrator shall award the prevailing party the costs it expended in such
arbitration. Unless the arbitrator otherwise directs, the parties, their representatives, other participants, and
the arbitrator shall hold the existence, content, and result of the arbitration in confidence. This arbitration
requirement does not limit the right of either party to obtain provisional ancillary remedies such as injunctive
relief or the appointment of a receiver, before during or after the pendency or any arbitration proceeding.
This exclusion does not constitute a waiver of the right or obligation of either party to submit any dispute to
arbitration.
9. Survival. Sections 3, 4, 5, 6, 7 and 8 shall survive any termination or expiration of this Agreement.
10. Definitions
10.1 Certificate (ACES Certificate): A computer-based record or electronic message issued by DST
pursuant to its role as a Certification Authority that: (a) identifies DST as the Certification Authority issuing
it; (b) names or identifies a Subscriber; (c) contains the Public Key of the Subscriber; (d) identifies the
Certificate’s operational period; (e) is digitally signed by DST; and (f) has the meaning ascribed to it in
accordance with applicable standards. A Certificate includes not only its actual content but also all
documents expressly referenced or incorporated in it.
10.2 Digital Signature: A Digital Signature is a transformation of a Message using Public Key Cryptography
so that a person having the communication and the Subscriber's Public Key can accurately determine (1)
whether the transformation was created using the Private Key corresponding to the Subscriber's Public Key,
and (2) whether the communication has been altered since the transformation was made. It does not involve
a handwritten signature.
10.3 Key Pair: In Public Key Cryptography, a Key Pair is two mathematically related keys (a Private Key and
its corresponding Public Key), having the properties that (i) one key can be used to encrypt a message that
can only be decrypted using the other key, and (ii) even knowing one key, it is computationally infeasible to
discover the other key.
10.4 Material Fact: The phrase, "Material Fact," shall have the following meanings for the following
circumstances as used in this Agreement:
For Certificate Issuance (¶ ¶ 1 & 5.1): Material Facts are all facts requested by DST as part of the enrollment,
certificate issuance, certificate replacement and certificate renewal processes, which are relied upon by DST
to confirm a Subscriber's identity and to bind the Subscriber's identity to the Public/Private Key Pair
certified.
For Facts Contained in the Certificate and giving rise to the Subscriber's Duty to Request Revocation of the
Certificate (¶¶ 5.4 – 5.6): Material Facts are the Subscriber's Legal Name and Public/Private Key Pair.
For misrepresentations or omissions of Material Fact giving rise to the Subscriber's duty to idemnify DST
(¶5.7): "Material Fact" means all of the above.
10.5 Private Key: In Public Key Cryptography, a Private Key is the key of a Key Pair kept secret by its
holder and can be used by its holder to encrypt or decrypt messages corresponding to the Public Key. The
Private Key is used to create a Digital Signature.
10.6 Public Key: In Public Key Cryptography, a Public Key is the key of a Key Pair publicly disclosed by
the holder of the corresponding Private Key and is used by the recipient to encrypt or decrypt messages
corresponding to the Private Key. The Public Key is used to verify a Digital Signature.
10.7 Public Key Cryptography: A form of cryptography (a process of creating and deciphering
communications to keep them secure) in which two keys are used. One key encrypts a message, and the
other key decrypts the message. One key is kept secret (Private Key), and one is made available to others
(Public Key). These keys are, in essence, large mathematically related numbers that form a unique pair.
Either key may be used to encrypt a message, but only the other corresponding key may be used to decrypt
the message.
However, information contained in your ACES certificate and related status information are not private.
(That would defeat the purpose of an ACES certificate, which is to establish your identity with Qualified
Relying Parties.) DST may disclose such certificate-related identification information to Qualified Relying
Parties in accordance with DST's contract with the GSA. Disclosure of system records to consumer
reporting systems is not permitted.
4. DST's Obligations as an ACES CA. In performing its duties as a government contractor under
ACES, DST warrants that:
(a) it has issued, and will manage, your ACES Certificate in accordance with the requirements of the CP;
(b) it has complied with all requirements of the CP when identifying You and issuing You an ACES
Certificate;
(c) it knows of no misrepresentations of fact in the ACES Certificate and that it has verified the
information in the ACES Certificate;
(d) it has accurately transcribed information provided by You into the ACES Certificate; and
(e) the ACES Certificate meets the material requirements of the CP.
5. Your Obligations
5.1. Submit Correct Information. You represent and warrant to DST that all of the
information You submit in your application form – including but not limited to Your Organization
name – is accurate, current and complete and that You have provided DST with all Material Facts
(as defined in 10.4 below) necessary to confirm your identity and to the reliability of the Certificate
to be issued. You further agree that for purposes of certificate issuance, certificate renewal and
certificate replacement, You will immediately inform DST if any Material Facts submitted by You
change (e.g., You have a change of employment, change of address or a change in your legal
name).You also represent and warrant that You are authorized to use Your Organization’s name
that You designated in your application form. You also agree to inform Your Organization that You
have applied for a Certificate.
5.2. Binding Effect of Signed Message. For each electronic message that is digitally signed using
your Private Key corresponding to the Public Key listed in your Certificate that was valid at the time of
such signing (“Message”), You represent and warrant, only to Qualified Relying Parties, that:
(a) for purposes of complying with any applicable law that requires a “writi
considered to be "in writing" or "written" to an extent no less than if it were in paper form;
(b) where You intended the Digital Signature as a signature, such Message shall be considered to be
"signed" to an extent no less than if it were undertaken using pen and paper;
(c) if introduced as evidence in any judicial, arbitration, mediation, or administrative proceedings, such
Message shall be admissible to the same extent and under the same conditions as messages originated and
maintained in paper form; and
(d) You will not contest the admissibility of the Message under either the business records exception to the
hearsay rule, the best evidence rule, or a comparable evidentiary rule on the basis that the Message was not
originated or maintained in paper form.
5.3. Protect Your Private Key. DST issues You a Certificate based on a Public Key that You
send to DST. In Public Key Cryptography, a Key Pair of two mathematically related keys is generated by
computer software whereby a Public Key has a corresponding Private Key. The Key Pair is stored on a
computer, smart card, or some other cryptographic hardware device. To obtain a Certificate, You will need
to submit a certificate request to DST containing your Public Key. (In most cases, a Key Pair and certificate
request will be generated by your Web browser after You "Accept" this Agreement and click "Continue" on
discretion, determines that: (a) the Certificate was not properly issued or was obtained by fraud; (b) the
security of the Private Key corresponding to the Certificate has or may have been lost or otherwise
compromised; (c) the Certificate has become unreliable; (d) Material Facts in the Certificate have changed or
become untrue (e.g., You are no longer affiliated with Your Organization); (e) You or Your Organization have
violated any applicable agreement or obligation; (f) You or Your Organization requests revocation; (g) a
governmental authority has lawfully ordered DST to revoke your Certificate; (h) this Agreement terminates;
or (j) there are any other grounds for revocation. Your right to use your Certificate ceases immediately upon
revocation of your Certificate. Once Your Certificate has been revoked, it cannot be used or reinstated.
5.6. Cease Using Your ACES Business Representative Certificate. You agree to
immediately cease using your Certificate in the following circumstances: (a) when You suspect or
discover that the Private Key corresponding to your Certificate has been or may be compromised
or subjected to unauthorized use in any way; (b) when a Material Fact in the Certificate has
changed or is no longer true, (c) upon the revocation or expiration of your Certificate, or (d) upon
termination of this Agreement.
5.7. Indemnification. You agree to indemnify and hold DST and its affiliates harmless
from any and all liabilities, costs, and expenses, including reasonable attorneys' fees, related to:
any misrepresentation or omission of Material Fact, whether intentional or not, made by You or
Your Organization to DST; any violation of this Agreement or the CP by You or authorized users of
your Certificate; or any misuse of your ACES certificate.
6. DISCLAIMER OF WARRANTIES. DST DISCLAIMS ANY AND ALL WARRANTIES OF ANY TYPE,
WHETHER EXPRESS OR IMPLIED, THAT ARE NOT SPECIFICALLY PROVIDED HEREIN OR ITS
CONTRACT WITH THE GSA, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NONINFRINGEMENT
WITH REGARD TO DST SERVICES OR ANY ACES BUSINESS REPRESENTATIVE CERTIFICATE ISSUED
HEREUNDER.
7. Limitation of Liability. DST shall not be liable for any consequential, indirect, special, or incidental
damages, and in no event shall DST be liable to You or Your Organization for damages in excess of amounts
paid to DST by You or Your Organization under this Agreement, including, without limitation, damages
arising from loss of use or business interruption, even if DST has been advised of the possibility of such
loss.
8. Dispute Resolution Provisions. This Agreement shall be governed by, interpreted and construed
under the laws of the United States and the Parties agree that the United Nations Convention on Contracts
for the International Sale of Goods shall not apply to this Agreement. If any provision of this Agreement is
found to be invalid or unenforceable, then such document shall be deemed amended by modifying such
provision to the extent necessary to make it valid and enforceable while preserving its intent or, if that is not
possible, by striking the provision and enforcing the remainder of this Agreement.
Except for a controversy, claim, or dispute involving the federal government of the United States,
or where the federal government may ultimately be responsible for satisfaction of a judgment or claim, or a
"Core Proceeding" under the United States Bankruptcy Code, the parties agree to submit any controversy,
claim, or dispute, whether in tort, contract, or otherwise (and their respective employees, officers, directors,
attorneys, and other agents) arising out of or related in any way to this Agreement, that cannot be resolved
by communications among the parties, for resolution by binding arbitration by a single arbitrator and
judgment upon the award rendered by the arbitrator may be entered in any court having jurisdiction over the
parties. The arbitrator shall have no authority to impose penalties or award punitive damages. Binding
arbitration will be governed by the Federal Arbitration Act (Title 9 of the United States Code) and be
conducted in accordance with the Commercial Arbitration Rules of the American Arbitration Association
("AAA"). Each party shall bear its costs for the arbitration; however, upon award of any judgment or
conclusion of arbitration, the arbitrator shall award the prevailing party the costs it expended in such
arbitration. Unless the arbitrator otherwise directs, the parties, their representatives, other participants, and
the arbitrator shall hold the existence, content, and result of the arbitration in confidence. This arbitration
requirement does not limit the right of either party to obtain provisional ancillary remedies such as injunctive
relief or the appointment of a receiver, before during or after the pendency or any arbitration proceeding.
This exclusion does not constitute a waiver of the right or obligation of either party to submit any dispute to
arbitration.
9. Survival. Sections 4, 5, 6, 7, 8 and the Authorization Form provisions of this Agreement shall
survive any termination or expiration of this Agreement.
10. Definitions
10.1 Certificate (ACES Certificate): A computer-based record or electronic message issued by DST
pursuant to its role as a Certification Authority that: (a) identifies DST as the Certification Authority issuing
it; (b) names or identifies a Subscriber; (c) contains the Public Key of the Subscriber; (d) identifies the
Certificate’s operational period; (e) is digitally signed by DST; and (f) has the meaning ascribed to it in
accordance with applicable standards. A Certificate includes not only its actual content but also all
documents expressly referenced or incorporated in it.
10.2 Digital Signature: A Digital Signature is a transformation of a Message using Public Key Cryptography
so that a person having the communication and the Subscriber's Public Key can accurately determine (1)
whether the transformation was created using the Private Key corresponding to the Subscriber's Public Key,
and (2) whether the communication has been altered since the transformation was made. It does not involve
a handwritten signature.
10.3 Key Pair: In Public Key Cryptography, a Key Pair is two mathematically related keys (a Private Key and
its corresponding Public Key), having the properties that (i) one key can be used to encrypt a message that
can only be decrypted using the other key, and (ii) even knowing one key, it is computationally infeasible to
discover the other key.
10.4 Material Fact: The phrase, "Material Fact," shall have the following meanings for the following
circumstances as used in this Agreement:
For Certificate Issuance (¶ ¶ 1 & 5.1): Material Facts are all facts requested by DST as part of the enrollment,
certificate issuance, certificate replacement and certificate renewal processes, which are relied upon by DST
to confirm a Subscriber's identity and to bind the Subscriber's identity to the Public/Private Key Pair
certified.
For Facts Contained in the Certificate and giving rise to the Subscriber's Duty to Request Revocation of the
Certificate (¶¶ 5.4 – 5.6): Material Facts are the Subscriber's Legal Name, Organizational Affiliation and
Public/Private Key Pair.
For misrepresentations or omissions of Material Fact giving rise to the Subscriber's duty to idemnify DST
(¶5.7): "Material Fact" means all of the above.
10.5 Private Key: In Public Key Cryptography, a Private Key is the key of a Key Pair kept secret by its
holder and can be used by its holder to encrypt or decrypt messages corresponding to the Public Key. The
Private Key is used to create a Digital Signature.
10.6 Public Key: In Public Key Cryptography, a Public Key is the key of a Key Pair publicly disclosed by
the holder of the corresponding Private Key and is used by the recipient to encrypt or decrypt messages
corresponding to the Private Key. The Public Key is used to verify a Digital Signature.
10.7 Public Key Cryptography: A form of cryptography (a process of creating and deciphering
communications to keep them secure) in which two keys are used. One key encrypts a message, and the
other key decrypts the message. One key is kept secret (Private Key), and one is made available to others
(Public Key). These keys are, in essence, large mathematically related numbers that form a unique pair.
Either key may be used to encrypt a message, but only the other corresponding key may be used to decrypt
the message.
10.8 Qualified Relying Party: A federal agency or other recipient of a digitally signed message authorized by
the CP to rely on an ACES Certificate and that has entered into a Memorandum of Understanding with the
General Services Administration to participate in the ACES Program to verify the digital signature on the
message.
10.9 Repository: A database containing information and data relating to ACES Certificates, including
information relating to ACES Certificate status as valid or revoked.
10.10 Subscriber: A person that (a) is named or identified in a certificate as the "subject" of the Certificate,
and (b) holds a Private Key that corresponds to a Public Key listed in that Certificate.
___________________________________________________
[ACCEPT] [DECLINE]
Thank you for choosing Digital Signature Trust Co. ("DST") to issue you an ACES business representative
certificate.
ACES business representative certificates are issued to individuals, such as employees, officers, and agents
(“Business Representatives”) who are authorized to act on behalf of business entities ("Sponsoring
Organizations") that have been validated by DST.
To complete your enrollment as an ACES Business Representative, you must complete the following steps:
Please take the following ACES Business Representative Authorization Form ("Authorization Form") – Part
I to an officer in your Organization who can sign on behalf of your Organization and represent to DST that
You are a duly-authorized representative, have them sign it and return it to you for submission to DST (a
Glossary of Terms is included at page 4 of this document to define some of the terms used in this Form);
Take Part II of the Authorization Form to a licensed Notary employed by your Organization or a financial
institution (most banks have notaries on staff);
Present the Notary with Part II of the Authorization Form and a current, valid driver's license or state-issued
ID card;
Have the Notary verify your identity by reviewing and recording the information on the photo ID card;
Make sure the Notary has properly notarized your signature and affixed his or her raised seal or colored ink
stamp;
Record the name and place where you had the Form notarized; and
Make and keep a copy of both Part I and II of the Form and
ACES
Digital Signature Trust Co.
WHEREAS Organization desires to authorize, and DST desires to perform (free of charge under its contract
with the General Services Administration), the issuance of an ACES Business Representative Certificate
("Certificate") that will identify "Subscriber," identified below, as being employed, associated, affiliated with
or authorized by Organization and will certify Subscriber's Public Key (in "Public Key Infrastructures" like
ACES, a Public/Private Key Pair is held by the Subscriber, the Private Key is kept secure and used to create
Digital Signatures, and the Public Key is held openly, certified by a CA, and used to authenticate network
access and Digital Signatures),
The undersigned personally warrants and represents that he or she has authority to accept the terms and
conditions of this Authorization and to bind the Organization by his or her signature.
_____________________________________ ___________________________________
Print Subscriber Name Organization Officer Signs Here
FOR THE PURPOSES OF THIS DOCUMENT, PERSONAL ACQUAINTANCE WITH THE INDIVIDUAL IS
INSUFFICIENT. You must: 1) review a current government-issued ID containing the individual's name and
photograph, 2) verify that such photo ID information is protected against forgery, modification, or
substitution, and 3) record below the serial number and type of government-issued ID presented by the
applicant. You should also record in your “notary’s journal” the ID serial number of the identification that
was presented to you.
The undersigned applicant warrants, represents, and attests that all facts and information provided are
accurate, current and complete and that he or she: a) is authorized to receive, and has applied electronically
for, a digital certificate to be issued by DST; b) has read and accepts the personal identifying information to
be contained in the certificate; c) is who he or she represents himself or herself to be; and d) has read,
understood, and agrees to the responsibilities associated with being a certificate subscriber, including the
terms and conditions found in the on-line ACES Business Representative Certificate Agreement. The
applicant agrees to: 1) accurately represent him or herself in all communications with DST and Qualified
Relying Parties; 2) protect his or her private key at all times; 3) immediately notify DST if he or she suspects
his or her private key to have been compromised, stolen or lost; and 4) use his or her key only for authorized
© 2001 Digital Signature Trust Co. All rights reserved. 21
Certification Practices Statement
© 2001 Digital Signature Trust Co. All rights reserved.
Certification Practices Statement
ACKNOWLEDGEMENT
State of ______________________
County of ____________________
I hereby certify that on this ___ day of ____________________, _______, personally appeared
before me the signer and subject of the above form, who signed or attested the same in my presence, and
presented the following government-issued photo ID card as proof of their identity:
Notary Public___________________________
Residing in: ___________________________
My Commission Expires: _______________
______________________________________
Application: A computer program or web-based interface used by an Agency to interact with Subscribers.
Business Representative: The Subscriber of a Certificate that identifies the Subscriber as being employed,
associated, affiliated with or authorized by a Sponsoring Organization.
Certificate: A computer-based record or electronic message issued by DST that: (a) identifies DST as the
Certification Authority issuing it; (b) names or identifies a Subscriber and the Subscriber's Organization; (c)
contains the Public Key of the Subscriber; (d) identifies the Certificate’s operational period; (e) is digitally
signed by DST; and (f) has the meaning ascribed to it in accordance with applicable standards. A Certificate
includes not only its actual content but also all documents expressly referenced or incorporated in it.
Certification Authority. A Certification Authority is an entity that is responsible for authorizing and causing
the issuance of a Certificate.
© 2001 Digital Signature Trust Co. All rights reserved. 22
Certification Practices Statement
© 2001 Digital Signature Trust Co. All rights reserved.
Certification Practices Statement
Certification Practice Statement. A “Certification Practice Statement” is a statement of the practices that a
Certification Authority employs in issuing, suspending, revoking, and renewing Certificates and providing
access to same, in accordance with the requirements of a contract for certificate services.
Digital Signature: A Digital Signature is a transformation of an electronic message using Public Key
Cryptography so that a person having the communication and the Subscriber's Public Key can accurately
determine (1) whether the transformation was created using the Private Key corresponding to the
Subscriber's Public Key, and (2) whether the communication has been altered since the transformation was
made. It does not involve a handwritten signature.
Key Pair: In Public Key Cryptography, a Key Pair is two mathematically related keys (a Private Key and its
corresponding Public Key), having the properties that (i) one key can be used to encrypt a message that can
only be decrypted using the other key, and (ii) even knowing one key, it is computationally infeasible to
discover the other key.
Private Key: In Public Key Cryptography, a Private Key is the key of a Key Pair kept secret by its holder
and can be used by its holder to encrypt or decrypt messages corresponding to the Public Key. The Private
Key is used to create a Digital Signature.
Public Key: In Public Key Cryptography, a Public Key is the key of a Key Pair publicly disclosed by the
holder of the corresponding Private Key and is used by the recipient to encrypt or decrypt messages
corresponding to the Private Key. The Public Key is used to verify a Digital Signature.
Public Key Cryptography: A form of cryptography (a process of creating and deciphering communications
to keep them secure) in which two keys are used. One key encrypts a message, and the other key decrypts
the message. One key is kept secret (Private Key), and one is made available to others (Public Key). These
keys are, in essence, large mathematically-related numbers that form a unique pair. Either key may be used to
encrypt a message, but only the other corresponding key may be used to decrypt the message.
Qualified Relying Party: A federal agency or other recipient of a digitally signed message authorized by the
CP to rely on an ACES Certificate and that has entered into a Memorandum of Understanding with the
General Services Administration to participate in the ACES Program to verify the Digital Signature on the
message.
Sponsoring Organization. A business entity, government agency, or other organization with which a
Business Representative is affiliated (e.g., as an employee, agent, member, user of a service, business
partner, customer, etc.).
Subscriber: A person (e.g., a Business Representative) that (a) is named or identified in a Certificate as its
subject, and (b) holds a Private Key that corresponds to a Public Key listed in that Certificate.
IMPORTANT NOTICE: Digital Signature Trust Co. ("DST," "Us," "We," or “Our”) provides Certificate
Services under the Access Certificates for Electronic Services ("ACES") program under Contract
#GS00T99ALD0006 with the General Services Administration ("the GSA Contract"). This ACES Qualified
© 2001 Digital Signature Trust Co. All rights reserved. 23
Certification Practices Statement
© 2001 Digital Signature Trust Co. All rights reserved.
Certification Practices Statement
confirmed that the person making the revocation request is authorized to do so. DST may also revoke the
Certificate without advance notice if DST, in its sole discretion, determines that: (a) the Certificate was not
properly issued or was obtained by fraud; (b) the security of the Private Key corresponding to the
Certificate has or may have been lost or otherwise compromised; (c) the Certificate has become unreliable;
(d) material information in the Certificate has changed (i.e., the name of the Application changes or the Key
Pair is no longer used with the Application); (e) You or Your Organization have violated any applicable
agreement or obligation; (f) You or Your Organization requests revocation; (g) a governmental authority has
lawfully ordered DST to revoke the Certificate; (h) this Agreement terminates; or (j) there are any other
grounds for revocation. Your Organization's right to use the Certificate ceases immediately upon revocation
of the Certificate. Once a Certificate has been revoked, it cannot be used or reinstated.
3.6. Cease Using the ACES Certificate. You agree to immediately cease using the Certificate in the
following circumstances: (a) when You suspect or discover that the Private Key corresponding to
the Certificate has been or may be compromised or subjected to unauthorized use in any way; (b)
when information contained in the Certificate is no longer accurate, current, or complete, (c) upon
the revocation or expiration of the Certificate, or (d) upon termination of this Agreement.
4. Other Agreements. Unless otherwise provided herein, DST's warranties and liabilities shall be limited as
provided in the GSA Contract, and any amendments or modifications thereto.
5. Definitions
5.1 Agency: A federal agency, authorized federal contractor, agency-sponsored university or laboratory,
or when authorized by law or regulation, a state, local, or tribal government.
5.2 Application: A computer program or web-based interface used by an Agency to interact with
Subscribers.
5.3 Authorized Certification Authority: A Certification Authority that meets the qualifications of Section
1.3.1 of the CP.
5.4 Business Representative: The Subscriber of a Certificate that identifies the Subscriber as being
employed, associated, affiliated with or authorized by a Sponsoring Organization.
5.5 Certificate (ACES Certificate): A computer-based record or electronic message issued by DST pursuant
to its role as a Certification Authority that: (a) identifies DST as the Certification Authority issuing it; (b)
names or identifies a Subscriber; (c) contains the Public Key of the Subscriber; (d) identifies the Certificate’s
operational period; (e) is digitally signed by DST; and (f) has the meaning ascribed to it in accordance with
applicable standards. A Certificate includes not only its actual content but also all documents expressly
referenced or incorporated in it.
5.6 Digital Signature: A Digital Signature is a transformation of a Message using Public Key Cryptography
so that a person having the communication and the Subscriber's Public Key can accurately determine (1)
whether the transformation was created using the Private Key corresponding to the Subscriber's Public Key,
and (2) whether the communication has been altered since the transformation was made. It does not involve
a handwritten signature.
5.7 Key Pair: In Public Key Cryptography, a Key Pair is two mathematically related keys (a Private Key and
its corresponding Public Key), having the properties that (i) one key can be used to encrypt a message that
can only be decrypted using the other key, and (ii) even knowing one key, it is computationally infeasible to
discover the other key.
5.8 Private Key: In Public Key Cryptography, a Private Key is the key of a Key Pair kept secret by its holder
and can be used by its holder to encrypt or decrypt messages corresponding to the Public Key. The Private
Key is used to create a Digital Signature.
5.9 Public Key: In Public Key Cryptography, a Public Key is the key of a Key Pair publicly disclosed by the
holder of the corresponding Private Key and is used by the recipient to encrypt or decrypt messages
corresponding to the Private Key. The Public Key is used to verify a Digital Signature.
5.10 Public Key Cryptography: A form of cryptography (a process of creating and deciphering
communications to keep them secure) in which two keys are used. One key encrypts a message, and the
other key decrypts the message. One key is kept secret (Private Key), and one is made available to others
(Public Key). These keys are, in essence, large mathematically related numbers that form a unique pair.
Either key may be used to encrypt a message, but only the other corresponding key may be used to decrypt
the message.
5.11 Qualified Relying Party: An Agency or other recipient of a digitally signed message authorized by the
CP to rely on an ACES Certificate and that has entered into a Memorandum of Understanding with the
General Services Administration to participate in the ACES Program to verify the digital signature on the
message.
5.12 Repository: A database containing information and data relating to ACES Certificates, including
information relating to ACES Certificate status as valid or revoked.
5.13 Sponsoring Organization. A business entity, government agency, or other organization with which a
Business Representative is affiliated (e.g., as an employee, agent, member, user of a service, business
partner, customer, etc.).
5.14 Subscriber: An Agency (or person) or an Application (software program or electronic device) that (a) is
named or identified in a certificate as the "subject" of the Certificate, and (b) holds a Private Key that
corresponds to a Public Key listed in that Certificate.
5.15 Unaffiliated Individuals: A class of Subscribers consisting of members of the general public (who are
not Business Representative Subscribers).
[ACCEPT] [DECLINE]
Thank you for choosing Digital Signature Trust Co. ("DST") to issue your organization a Qualified Relying
Party Application ACES certificate ("ACES QRP certificate"). ACES QRP certificates are issued to
"Qualified Relying Parties" (i.e., federal agencies, authorized federal contractors, agency-sponsored
universities and laboratories, and, when authorized by law or regulation, state, local, and tribal governments)
that choose to use ACES, the U.S. General Services Administration's ("GSA's") "Access Certificates for
Electronic Services" ("ACES") program. Please note that a Qualified Relying Party must first enter into an
ACES Agreement with GSA to accept ACES Certificates and agree to be bound by the terms of the ACES
Certificate Policy.
An ACES QRP certificate is issued after DST has received an Authorization Form (this "Form") from the
Qualified Relying Party that indicates that you, "the Applicant," are authorized to manage the "Agency
Application" and describes your association or relationship with the Agency Application.
To complete your enrollment for an ACES QRP certificate, you must complete the following steps. A
Glossary of Terms is included below that explains some of the terms used in this Form.
After completing the informational sections, please take this Form to your supervisor or some other official
who can sign on behalf of the Qualified Relying Party and represent to DST that You are duly-authorized to
manage the Agency Application, and have them sign this Form.
THIS AUTHORIZATION is given by "Qualified Relying Party" and "Applicant," identified below, to Digital
Signature Trust Co. ("DST"), a Utah corporation and Certification Authority with its principal place of
business at 255 Admiral Byrd Road, Salt Lake City, Utah 84116-3703 (http://www.trustdst.com).
Qualified Relying Party authorizes DST to issue an ACES Qualified Relying Party Application Certificate
("Certificate") and deliver it to "Applicant," who has been authorized by Qualified Relying Party to manage
Qualified Relying Party's Agency Application.
1. Qualified Relying Party and Applicant warrant, represent and agree that:
(a) Applicant is duly-authorized by Qualified Relying Party to act on behalf of Qualified Relying Party and
to manage and control (1) Qualified Relying Party's Agency Application, (2) the Application's
Private/Public Key Pair, (3) the Certificate to be issued by DST and (4) communications between DST
and Qualified Relying Party's Application;
(b) Applicant has the association or relationship with Qualified Relying Party's Application identified
below;
(c) Qualified Relying Party and Applicant have read, understood, and agree to the responsibilities
associated with subscribing to Certificate, including the terms and conditions found in the online ACES
Qualified Relying Party Certificate Agreement;
(d) The Application's Private/Public Key Pair will only be used for purposes authorized by the GSA's ACES
Certificate Policy/the GSA Contract;
(e) Qualified Relying Party and Applicant will protect the Private Key at all times;
(f) Applicant shall ensure that any and all individuals who may have access to the Private Key are advised
of the responsibilities of Private Key safekeeping, along with the consequences that can accompany
the improper use or disclosure of a Private Key.
(g) All facts and information provided to DST by Qualified Relying Party and Applicant have been and will
be accurate, current and complete and that Qualified Relying Party and Applicant will immediately
notify DST and request that the Certificate be revoked if: (1) Qualified Relying Party or Applicant
suspects any loss, disclosure, or other compromise of the Application's Private Key; (2) information
contained in the Certificate is no longer accurate or current; or (3) the Private Key is no longer used by,
associated with, authorized by or affiliated with Qualified Relying Party or the Qualified Relying Party's
Application; and
© 2001 Digital Signature Trust Co. All rights reserved. 28
Certification Practices Statement
© 2001 Digital Signature Trust Co. All rights reserved.
Certification Practices Statement
(h) DST is hereby authorized to issue a Certificate and deliver it to Applicant for use with Qualified Relying
Party's Application.
Applicant (Person Authorized to Receive Certificate for Qualified Relying Party Application)
MAILING
ADDRESS________________________________________________________________________
STREET ADDRESS SUITE/MAILSTOP
_________________________________________________________________________________
CITY STATE ZIP COUNTRY
TELEPHONE_____________________ FAX__________________________
E-MAIL________________
__________________________________________________________________________________
___
CITY STATE ZIP COUNTRY
TELEPHONE__________________________FAX______________________
E-MAIL_______________________
Application: A computer program or web-based interface used by an Agency to interact with Subscribers.
Certificate: A computer-based record or electronic message issued by DST that: (a) identifies DST as the
Certification Authority issuing it; (b) names or identifies a Subscriber and the Subscriber's Organization; (c)
contains the Public Key of the Subscriber; (d) identifies the Certificate’s operational period; (e) is digitally
signed by DST; and (f) has the meaning ascribed to it in accordance with applicable standards. A Certificate
includes not only its actual content but also all documents expressly referenced or incorporated in it.
Certification Authority. A Certification Authority is an entity that is responsible for authorizing and causing
the issuance of a Certificate.
Digital Signature: A Digital Signature is a transformation of an electronic message using Public Key
Cryptography so that a person having the communication and the Subscriber's Public Key can accurately
determine (1) whether the transformation was created using the Private Key corresponding to the
Subscriber's Public Key, and (2) whether the communication has been altered since the transformation was
made. It does not involve a handwritten signature.
Key Pair: In Public Key Cryptography, a Key Pair is two mathematically related keys (a Private Key and its
corresponding Public Key), having the properties that (i) one key can be used to encrypt a message that can
only be decrypted using the other key, and (ii) even knowing one key, it is computationally infeasible to
discover the other key.
Private Key: In Public Key Cryptography, a Private Key is the key of a Key Pair kept secret by its holder
and can be used by its holder to encrypt or decrypt messages corresponding to the Public Key. The Private
Key is used to create a Digital Signature.
Public Key: In Public Key Cryptography, a Public Key is the key of a Key Pair publicly disclosed by the
holder of the corresponding Private Key and is used by the recipient to encrypt or decrypt messages
corresponding to the Private Key. The Public Key is used to verify a Digital Signature.
Public Key Cryptography: A form of cryptography (a process of creating and deciphering communications
to keep them secure) in which two keys are used. One key encrypts a message, and the other key decrypts
the message. One key is kept secret (Private Key), and one is made available to others (Public Key). These
keys are, in essence, large mathematically-related numbers that form a unique pair. Either key may be used to
encrypt a message, but only the other corresponding key may be used to decrypt the message.
Qualified Relying Party: A federal agency or other recipient of a digitally signed message authorized by the
CP to rely on an ACES Certificate and that has entered into a Memorandum of Understanding with the
General Services Administration to participate in the ACES Program to verify the Digital Signature on the
message.
Subscriber: An Agency (or person) or an Application (software program or electronic device) that (a) is
named or identified in a Certificate as its subject, and (b) holds a Private Key that corresponds to a Public
Key listed in that Certificate.
Typically, DST will provide a limited level of assurance for each certificate. A relying party will
be required to sign appropriate contracts that detail any relying party rights and obligations.
§ Rely reasonably and in good faith in light of all the circumstances known to the
The DST Repositories make obligations to subscribers to provide certain continuity of service
and availability of up-to-date certificates and CRLs. However, the level of service and the
remedies available to clients are described in the contracts signed by each client and DST.
2.2 Liability
Except as expressly provided in contracts with clients, and according to specific certificate
policies, DST disclaims all warranties and obligations of any type, including any warranty of
merchantability, any warranty of fitness for a particular purpose, and any warranty of accuracy
of information provided.
2.2.1 CA Liability
2.2.2 RA Liability
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
The governing law for this CPS shall be the law of the State of Utah.
unenforceable, the remaining provisions of this CPS shall remain in full force and effect.
Additional policies and procedures in this category are determined by client and by CP.
2.5 Fees
There shall be no access controls or fees on the reading of this policy or authorized CA's CPS.
DST shall assess fees or impose access controls on certificates, certificate status, or CRLs at its
sole discretion, subject to agreement between DST and its clients, and in accordance with fee
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
Unless otherwise agreed by the subscriber and DST, DST shall publish each certificate issued
promptly upon acceptance of the certificate by the subscriber, in DST’s or another acceptable
repository. DST will not publish, or cause to be published, any certificate that has not been
DST shall also publish information regarding certificate revocation for every certificate that DST
issues and for every certificate processed for a CA that has a contract for this service.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
2.6.4 Repositories
Additional policies and procedures in this category are determined by client and by CP.
DST operations are overseen at two levels: examination and regulation by the Office of the
Comptroller of the Currency (OCC), part of the U.S. Treasury Department, and audits
performed by independent auditors for compliance with DST policies and procedures.
DST is subject to OCC examination and supervision and has received OCC approval
for operations. As part of the examination process, OCC examiners evaluate and assess DST’s
In addition to supervision by the OCC, DST engages outside auditors to perform full
functionality and security reviews of DST operations and systems under a variety of standards
established by the accounting and information security professions. The results of these audits
are submitted to the OCC and other licensing authorities and made available to interested clients
DST notifies all clients in writing of the OCC’s examination and regulatory authority
c). If irregularities are found during compliance audits, the OCC may
require appropriate remedial action or terminate DST operations after appropriate notice to
existing clients. The results of compliance audits will not otherwise be made public.
DST will acquire information through CA, RA, and repository functions regarding subscribers,
their identity and case history, and transactions that subscribers are conducting using digital
signatures. This is possible to the extent that relying parties verify those signatures through the
DST will protect all customer information acquired through such means as confidential.
While DST operations will automatically maintain audit trails of all CA, RA, and repository
services, DST has no intention of compiling this information in a manner that associates
subpoena, or court order. DST will not sell subscriber or relying party information, but may
conduct and market statistical analysis, provided such analysis does not compromise the
No confidential consumer information will be released in any manner with the following
exception: DST will release consumer information to Federal, state, and local law enforcement
authorities upon receipt of a relevant search warrant or subpoena, and will respond similarly to a
relevant discovery order or subpoena in a civil litigation setting. More restrictive privacy and
confidentiality requirements may be followed for certificates issued to subscribers under specific
CPs. CAs, RAs, and repository service agents shall not have access to the private keys of any
For specific U.S. Federal Government customers with defined certificate policies, DST
follows additional privacy policies and procedures described in Section 9 of this CPS.
§ Private and public keys shall be considered the property of the applicable rightful
DST negotiates specific Identification and Authentication (I&A) requirements with each type of
certificate issued. Any certificate issued by DST under a particular CP will follow the I&A
NOTE: Topics in this chapter (Section 3) are not specified by general DST practices.
Instead, I&A is specified in the CPs under which certificates are issued, or client
3.1.1 Subscriber registration is initiated through a Web interface on DST's World Wide Web
site. The applicant for a certificate completes a registration form and acknowledges
acceptance of the terms and conditions of one of the online subscriber agreements
outlined in 2.1.4. This information is verified through database checks and other means
and placed in a customer information file used to track the applicant through the
The subject name used for ACES Certificate applicants shall be the Subscriber’s authenticated
common name.
In the case of Unaffiliated Individuals, the authenticated common name is a combination of first
name and/or initials and surname. In the case of Business Representatives, the authenticated
common name is a combination of first name and/or initials and surname and reflects the legal
name of the organization and/or unit. In the case of Qualified Relying Parties, the common name
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedure in this category are determined by client and by CP.
DST verifies that a certificate applicant possesses the private key corresponding to the public
key submitted with the application in accordance with secure protocols generally-accepted by
the CA industry, such as that described in the IETF PKIX Certificate Management Protocol
(e.g., by verifying that the request for certificate issuance was signed by the prospective
DST verifies a Sponsoring Organization's validity, i.e., that the Organization exists and conducts
business at a particular location. In conducting its review and investigation, DST investigates
legal company name, type of entity, year of formation, names of directors and officers, address
DST authenticates a subscriber's identity by following the procedures of 3.1.9 in the ACES CP.
3.1.9.3 of the ACES CP, by reviewing the information provided by the applicant on the printed
DST provides replacement certificates when a subscriber’s private key has not been
compromised and there are no changes to the certificate. However, in the event that there is a
suspected compromise of the key, or if subscriber information or key pair change DST, will
If a certificate is revoked or becomes invalid a new key must be generated, i.e., a subscriber
4 OPERATIONAL REQUIREMENTS
If an individual appears in-person to an employee of DST, then the DST employee may conduct
an in-person registration of the individual after a verification of the individual's identity based on
a review of the individual's photo ID. This process requires the completion of a form, signed by
the DST employee conducting the in-person authentication. In accordance with section 3.1.9 of
the ACES CP, the DST employee reviews at least three separate forms of identification, one
If the individual registers online, DST will authenticate itself to the applicant using the American
Bankers Association (ABA) SiteCertain Seal. Once the individual has established the secure-
site, SSL session, he or she will enter personal identification information in the application form
and provide DST with a certificate request. In accordance with 3.1.9 of the ACES CP, DST
service provider.
4.1.3 Submission of Registration Form via U.S. Postal System or Other Carrier
An individual may submit the registration form and certificate request to DST via the U.S. postal
system or other carrier. In accordance with 3.1.9 of the ACES CP, DST verifies the
provider.
4.1.4 Submission via a Qualified RA, i.e., Banks and licensed Notaries
DST may conduct the registration process through Registration Authorities (RAs) by contractual
arrangements with banks and other financial institutions or through the use of notaries ("Qualified
RAs"). In the case of an application submitted through the use of a qualified RA, the RA is
listed in the certificate. Similar to in-person registration performed by DST employees, the
Qualified RA reviews at least three separate forms of identification, one consisting of information
obtained by an antecedent in-person appearance (e.g., a bank signature card, other bank
account information or photo ID), and cross-checks the identifying information through a
Once DST has received a complete certificate application, it will determine whether the
that the information provided by the applicant is insufficient to issue a certificate, DST will
suspend the registration process for the individual and inform him or her of the steps to take in
Once a certificate application is accepted and successfully verified, a certificate will be created
and digitally signed by the CA. The applicant will be given instructions on how and where to
retrieve the certificate. Unless otherwise agreed, the CA will then publish the certificate in
However, what is done with the certificate after the CA has issued it is specified in individual
subscriber agreements. In some situations, the certificate may be e-mailed or mailed back to
the subscriber or an address specified by the subscriber. Additional policies and procedures in
In accordance with 4.3 of the ACES CP, Subscriber agreements establish requirements for
advised that they may reject the certificate by promptly notifying DST. Subscribers agree that
by downloading or using the ACES certificate (and failing to notify DST of any errors, defects
or problems) they expressly accept the certificate and its contents. Furthermore, prior to
actually downloading the certificate, a subscriber is given the opportunity to review the
clicking to proceed he or she is accepting the certificate's contents. DST records the act of
certificate downloading.
Additional policies and procedures in this category are determined by client and by CP.
A subscriber may revoke his, her, or its certificate at any time for any reason. A sponsoring
organization (where applicable) may revoke the certificate of any affiliated individual at any time
for any reason. DST may also revoke a certificate upon failure of the subscriber (or the
sponsoring organization, where applicable) to meet its obligations under the applicable CP; this
CPS; or any other agreement, regulation, or law applicable to the certificate that may be in
force, including but not limited to circumstances in which DST, in its sole discretion, determines
that: (a) the certificate was not properly issued or was obtained by fraud; (b) the security of the
private key corresponding to the certificate has or may have been lost or otherwise
compromised; (c) the certificate has become unreliable; (d) material information in the
application for a certificate or in the certificate itself has changed or has become false or
misleading (e.g., the subscriber changes his or her name); (e) a governmental authority has
lawfully ordered DST to revoke the certificate; or (f) there are any other grounds for revocation.
The agreement with the sponsoring organization may limit or extend these circumstances for
revocation.
§ The subscriber
4.4.4 Upon receiving a revocation request, DST places the certificate on suspended status
and notifies the subscriber of the request. DST assists the requester in identifying the
requester, as appropriate. DST then verifies the revocation request through procedures
similar to those originally used for certificate issuance. If DST is able to adequately
confirm that the person making the revocation request is authorized to do so, the
certificate is revoked and the repository is updated. The subscriber is notified of the
certificate, DST includes information regarding the possibility of unauthorized use of the
certificate and instructions for the applicant to receive a new certificate. Incidents of
suspected fraud are also submitted to the GSA in a Waste, Fraud and Abuse
Immediately upon receiving a revocation request, DST places the certificate on suspended
If any person suspects that (a) a certificate was not properly issued or was obtained by fraud;
(b) the security of the private key corresponding to the certificate has or may have been lost or
otherwise compromised; (c) the certificate has become unreliable; (d) material information in a
certificate has changed or become false or misleading, he or she may contact DST and provide
DST will process a Suspension Request in accordance with the procedures of 4.4.3.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
Request messages. Upon receipt of a signed Certificate Validation Request message from an
(b) Generates and returns a signed Certificate Status Response message, and
(2) Invalid. Indicates that the certificate either has been revoked or is beyond its
operational period
(3) Suspended. Indicates that the certificate has been placed in a temporary,
unusable state
Qualified Relying Parties are required to validate every ACES Certificate they receive in
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
All significant security events on the CA system are automatically recorded in audit log files.
The backup operators back up all relevant system files and the audit logs at regular intervals
daily, weekly, and monthly and deliver copies of the audit logs to DST management.
Audit information will be recorded as it is available from the commercial certificate authority
software that is being used. All audit information available is recorded for archive. Audit
certificate. Network information at the packet level coming in and going out of the DST
network segment containing the CA may be recorded for routine or non-routine purposes. The
(c) For each data element accepted for proofing, including electronic forms:
(g) Names (IDs) of ACES contractor’s processes, including subcontractors’ processes, if any
(a) Date/time
In accordance with Utah regulations, DST retains archive records for a minimum of ten (10)
years past the expiration date of any certificate information in the records and may retain
records for a much longer period. DST archives its records on the current de facto standard
backup medium using a best practices approach. As the digital storage medium evolves, DST
will commit to upgrading all of its existing archives to the next generation medium. In
accordance with section 4.9(c) of the ACES CP (7/15/99), all current and archived ACES identity
proofing, certificate, validation, revocation/suspension, renewal, policy and practices, billing, and
audit data shall be transferred to GSA within 24 hours of DST's cessation of business.
The DST management group maintains responsibility of all off-site backups of archive data.
The archive data is sealed in tamper evident containers and stored off site away from the CA. It
is the DST management group’s responsibility to maintain the archives in a secure and protected
manner. No other group has access to the archives, and only the DST management group has
The backup group is responsible for making sure that all archive files are backed up and
transferred to the bonded courier in a secure manner. All archive files are sealed in a tamper-
evident container, placed in a double locked box, and given to a bonded courier for
transportation to the off-site archive. The courier then reports the transfer of the archives to the
management group.
Archives are produced by DST backup operators on a periodic basis (daily, weekly, and
monthly) and given to an external courier service for secure delivery to management. Hence
archive collection is external to some trusted roles, but internal to DST as a whole.
Only the management group has the authority to request archives from the off-site storage,
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
4.9 CA Termination
DST will notify all current certificate holders in the event of termination of the CA. Notification
will be made via U.S. postal mail, e-mail, Web postings, or other methods as appropriate. If
All DST production CAs are located in secure, cement/masonry hardened buildings. The
building(s)' exterior and interior rooms housing equipment are equipped with cipher locks on the
doors. The facility is designed to provide top of the line data security and continuity services and
has been designed to provide a high level of physical and operational security for mission-critical
applications. The building is enclosed by an 8-foot-high steel fence with sharp edges at the top.
An 8-foot iron gate at the front of the facility, with access controlled through a keycard, is within
30 yards of a security kiosk and is visible at all times. In addition, the perimeter of the building
To enter the building, personnel must first pass through a mantrap. The first door in the
trap requires keycard access; the second door requires both a keycard and a PIN number to
gain access to the building. The lobby of the building is also monitored with surveillance
cameras. To gain access to the offices and work area, a keycard is required. All keycard
In addition to the four layers of security implemented in the facility, a fifth layer of
security protects the room containing the CA equipment. Limited to authorized personnel,
access to this room is gained by two individuals simultaneously with a PIN and a biometric
device. This secure computer room is monitored at all times with surveillance cameras. Finally,
all CA and repository equipment is stored in secure locked cabinets that require physical or
The building has been designed to augment the security and safety of the facility. To
withstand a 7.5 magnitude earthquake, the building is constructed on top of nine large springs.
In addition, the building is equipped with an Inergen fire detection and suppression system.
The computer room is built like a vault with some modifications for fire prevention and
ventilation requirements, and for enhanced security. The ceiling is secured with a 2-inch by 2-
inch steel grid that allows ventilation and fire prevention chemicals to flow throughout the room.
In addition, chain link fencing has been laid to prevent under-floor access to the room.
Air conditioning is provided in a fully redundant fashion around the perimeter of the
computer room. A 4-inch concrete moat, equipped with water sensors, isolates the air
conditioning water pipes from the rest of the computer room and signals an operator console
Communications are provided through dual conduit access points on opposite sides of
the building backed up through a microwave system. The facility maintains its own UPS and
backup diesel generator that are tested weekly. Flood exposure is minimal to non-existent at the
site.
§ CA operators
§ Directory/repository administrators
§ Backup operators
Operating system administrators are responsible for the maintenance and operation of the
machines used to run the CA, RA, and repository software. They perform all tasks required to
keep the hardware and operating system functional and are expected to maintain Windows NT,
UNIX, and Sun Solaris operating systems and hardware. To accomplish this task, the system
administrators will possess system passwords to the operating system and will have keycard or
biometric access to the computer rooms. Their role includes allowing CA operators physical
access to the CA, RA, and repository systems. The system administrators are never in
possession of the CA private key and password or hardware token that enables operation of a
CA software system.
5.2.2 CA Operators
of critical CA and RA private keys. To perform these tasks, CA operators possess the CA
and RA passwords and/or private key PINs (if applicable). CA operators do not have keycard
access to the computer rooms and are required to be with an operating system administrator to
gain access to the machine. CA operators do not have root operating system passwords. All
CA and RA functions can only be performed on the console of the system that is running the
CA or RA.
The role of repository administrator encompasses responsibility for the operation of the X.500
directory and associated database software needed by any of the CA software packages. To
perform these tasks the repository administrator possesses the passwords and/or private key
PINs (if applicable) needed for configuration and maintenance of the directory/repository.
Repository administrators do not have keycard access to the computer rooms and are required
directory/repository functions can only be performed on the console of the system that is running
the directory/repository.
Help desk infrastructure personnel answer user questions and troubleshoot user problems either
but do not have physical access to the machines or computer rooms. They are able to assist
users with information regarding certificate issuance, account information, and other
administrative functions. Help desk personnel are also able to assist users with problems they
are experiencing with their certificates that have been issued. Infrastructure personnel are also
responsible for maintaining the firewalls and routers that provide network security and access to
the CA.
The network infrastructure personnel will install, configure, maintain, and troubleshoot the
network infrastructure including the network hubs, routers, switches, and firewalls. They will
have system or root-level access to these devices but will not have any operating system, CA,
Backup operators are responsible for backing up the CAs and associated software. They
receive the minimum level of system access required to fulfill this role. In addition, backup
operators are responsible for sealing the backup tapes in sequentially numbered tamper-proof
containers, and for sealing the containers with nylon ties. These containers are then placed in a
dual-locking carrying case and given to the bonded courier. This courier then transports the
sealed backup tapes to an off-site storage facility with the only point of access being the
Management Group.
The Management Group is responsible for providing independent oversight and supervision of
the other roles. This role is accomplished by allowing the Management Group to have sole
control of surveillance tapes (24 hours a day, 7 days a week surveillance camera video tapes of
sealed and delivered), and audit logs (archived audit logs from the CA, RA, and repository
systems). The Management Group also controls and archives any network flight recorder
media (logs guide all network traffic coming in or out of the CA, RA, and repository-to-
DST CAs, RAs, and repositories will implement adequate security controls to ensure that the
staff associated with the operation of these systems can be placed in a position of trust. The
following sections describe how this requirement is implemented. In addition to the following
measures, all DST personnel in the trusted roles submit to periodic drug testing and are required
to be bonded.
Additional policies and procedures in this category are determined by client and by CP.
All candidates for employment in a DST trusted role must agree to and undergo initial and
Investigations are conducted by agents chosen by DST, and the results of initial investigations
Another condition of employment is if, at DST’s sole discretion, results from an initial
investigation are deemed unsatisfactory, DST will not hire the personnel in question for a trusted
role. In addition, if results from a periodic investigation are deemed unsatisfactory, DST will
remove that employee from any trusted role, and will apply other appropriate personnel actions
as allowed or required.
All trusted personnel receive training as required to ensure they are competent to perform duties
§ All trusted personnel receive a copy of each CP under which DST issues
§ All trusted personnel are instructed on the policies and procedures for operating in
§ All CA operators are instructed in the policies and procedures for maintaining the
All trusted personnel undergo a retraining session every six months including a review of each
CP under which DST is currently issuing certificates, and a full review of all DST policies and
procedures.
Additional policies and procedures in this category are determined by client and by CP.
Any employees performing trusted roles who are cited by DST management for unauthorized
from their trusted role pending management review. Following further management review and
The personnel requirements of this CPS apply equally to DST employees, contractors, and
subcontractors.
All personnel operating in a trusted position are given copies of the relevant CPs and the CPS.
In addition, they have access to manuals for the operation of their components of the system.
For nearly all ACES implementations (see 6.1.2), key pairs for end users are generated in either
hardware or software under the sole possession and control of the applicant / end user. The
private key is never in the possession of anyone else. For all DST operations, key pairs will be
generated in such a way that the private key is not known by anyone other than the authorized
§ Requiring all users (CAs, CMAs, RAs, RSAs, and subscribers) to generate their
own keys on a trustworthy system, and not reveal the private keys to anyone else.
§ Requiring keys to be generated in hardware tokens from which the private key
cannot be extracted. DST supports this process for subscriber key pair generation.
CA keys are generated in hardware tokens, unless specifically excepted by a client contract and
CP. Key pairs for RAs or end-entities are generated in either hardware or software as defined
If DST participates with or assists the applicant with key pair generation, the applicant’s private
key shall remain only in volatile memory (only when necessary) until delivered to the applicant.
DST shall not retain any copies of an applicant’s private key. If DST generates the private key
away from its ultimate user (e.g., in a hardware token at the CA or RA workstation), the key
generation must be performed and the key transferred to the user in such a way that undetected
compromise of the private key is precluded (e.g., the key generation event is witnessed and
DST immediately delivers the key by insured, certified mail or by bonded, private courier
service to the subscriber, and the events are sufficiently documented, in writing or by other
means, to enable interested parties to determine afterwards in a provable manner that such did
occur).
If DST generates a key pair, the public key is loaded directly into PKI management hardware
key pair is generated outside DST facilities (e.g., on the user’s workstation), the public key is
§ The sender of the public key is the legitimate user claimed in the request.
§ The sender of the public key possesses the private key that corresponds to the
The transfer is accomplished through the inclusion of digital signatures on submissions from end
users. End-entity signatures will prove possession of a private key, and will be verified in
DST delivers CA public keys to end entities via an on-line transaction in accordance with IETF
All public key technology used by DST for digital signatures is of equivalent or higher work
factor to 1024-bit RSA keys. This includes 1024-bit DSA keys, and 160-bit ECDSA keys.
Where software and hardware capabilities allow, DST uses public key technology with work
factor equivalent to 2048-bit RSA keys for CAs, RA, and repositories. DST recognizes that
existing standardized algorithms, particularly hashing algorithms, do not yet provide for this level
of work factor.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
Where system capabilities allow, DST uses hardware for generation of CA, RA, and repository
Additional policies and procedures in this category are determined by client and by CP.
and storage and signing operations that have been certified at least
validated modules, DST may use non-validated modules under certain certificate policies and
client agreements.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
When supported by the commercial hardware and software systems in use, private keys are
activated by PIN or password entry through trusted paths by CA operators. However, subject
to the procedures in specific CPs, software CA operators may employ various methods for
Additional policies and procedures in this category are determined by client and by CP.
Private keys for DST CAs, RAs, and repositories are destroyed by using FIPS140-1 zeroing
methods when available for cryptographic hardware, and active electronic erasure for software
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
DST operates a variety of commercial software and hardware systems to provide CA, RA, and
repository services. DST operates these software systems on Sun Solaris, UNIX, and
Windows NT platforms. These systems are regularly scanned for potential security
compromises and software is run locally to prevent such compromises. Systems that require a
Passwords for these systems are changed every 35 days. In addition, password crackers are
run weekly against these systems to test for weak or obvious passwords.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
All DST production CAs, RAs, and repositories are protected by firewalls. Separate ports of a
filtering firewall allow access to each separate system, and are configured to allow only the
addresses, ports, protocols, and commands required for the PKI services provided by that
system. DST has engaged an independent contractor to perform penetration analysis of these
Additional policies and procedures in this category are determined by client and by CP.
Certificates that are issued by DST operating under the CPS are used for a variety of reasons,
§ Digital signature
§ Data encryption
§ Key agreement/exchange.
It is intended that all certificates issued by DST be compliant with X.509 version 3, PKIX Part
1, and the ISO Banking—Certificate Management Part 1. However, due to the current
compliance may not be feasible at this time. If a customer requests a certificate profile that
differs from that specified in the CPS or divergent from the aforementioned standards, the
client’s needs will be accommodated with a specific CP detailing the divergent CP.
All certificates that reference this CPS will be issued in the X.509 version 3 format.
The CPS imposes no additional requirements for certificate extensions over and above what is
However, in recognition of the fact that the customer’s needs may vary and the commercial
availability of CAs and certificate-aware applications may vary, full compliance with this
standard may not be achieved initially. It is intended that all certificates created will conform as
Specific certificate extension use and population is specified in particular CPs, under which
certificates are issued, or in client agreements and contracts when a CP extension is not included
in a certificate.
DST supports, at a minimum, RSA in accordance with FIPS PUB 186-1, NIST,
December 1998. The following signature algorithms may be supported, at DST's option:
(a) DSA in accordance with FIPS PUB 186-1, DSS, NIST, December 1998
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
Certificates issued by DST operating under this CPS will preferentially include a reference to the
OID for a certificate policy within the certificate policies extension field.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
Additional policies and procedures in this category are determined by client and by CP.
It is intended that all certificate revocation lists issued by DST operating under this CPS be
compliant with Version 2 CRLs and their recommended used as specified in X.509 version 3,
PKIX Part 1, and the ISO Banking—Certificate Management Part 1. However, due to the
current limitations of commercially available CAs and customer application requirements, full
compliance may not be feasible at this time. If a client requests a certificate revocation list
profile that differs from that specified in this CPS or divergent from the aforementioned
standards, the client’s needs will be accommodated with a specific CP detailing the divergent
certificate profile.
As with certificate extensions, the CPS imposes no additional requirements for certificate
revocation list extensions or certificate revocation entry extensions over and above what is
However, in recognition of the fact that the client’s needs may vary and the commercial
availability of CAs and certificate-aware applications may vary, full compliance with this
standard may not be achieved initially. It is intended that all CRLs created will conform as
8 SPECIFICATION ADMINISTRATION
All proposed changes to the CPS that may materially impact DST clients (other than editorial or
typographical corrections, or changes to the contact details) will be posted to the DST Web
site. DST will allow clients a minimum of 45 days to provide comments on proposed changes.
If the proposed changes are modified as a result of such comments, a new notice of the
This CPS is copyright 2001 by Digital Signature Trust Co. For information on availability of the
CPS, please contact DST through the contact information listed in Section 1.4.
DST follows the privacy policies and procedures described below for the Access Certificates
for Electronic Services (ACES) contract. These policies and procedures are in addition to
those described elsewhere in the CPS, and apply to all ACES certificates issued by DST.
DST handles customer information covered by the Privacy Act of 1974 in accordance with the
DST’s policy that all officers and employees working with ACES information read and
understand the DST CPS and its privacy policies and procedures. After reading this CPS,
officers and employees must sign a letter indicating that they have read and understood the CPS
DST’s Privacy Policies and Procedures and CPS include provisions for the administrative,
technical, and physical safeguards necessary to ensure integrity, confidentiality, and availability
of records, systems of records, and reports containing data covered by the Privacy Act of
1974. The administrative, technical, and physical safeguards described elsewhere in this CPS
apply equally to the ACES contract. The following additional safeguards apply specifically to
be notified in writing by DST that information disclosed to such officer or employee can be used
only for a purpose and to the extent authorized in the ACES contract and this CPS.
Any GSA or Government information collected by DST will be used only for the purpose of
carrying out the provisions of the ACES contract and will not be divulged or made known in
any manner to any person except as may be necessary in the performance of the contract and in
accordance with (IAW) the Privacy Act of 1974, and Appendix III to Office of
In performance of the ACES contract, DST assumes responsibility for protecting the
confidentiality of Government records and for ensuring that all work is performed under the
DST promulgates and maintains written Privacy Policies and Procedures designed to ensure
compliance with the requirements of 5 U.S.C. 552a, and Appendix I to OMB Circular A-130,
and the ACES contract. These policies and procedures have been incorporated into this CPS
and contain the rules of conduct that are used to instruct DST’s officers and employees in
Each applicant for an ACES certificate must first be provided, on a Government-approved form
that can be retained by the individual applicant, the information set forth below:
(e) That the information provided is covered by the Privacy Act of 1974, and the
(f) The routine uses that will be made of the information provided
(h) The procedures for requesting access to the individuals’ own records
(i) The possible consequences of failing to provide all or part of the requested
(a) DST limits the collection and maintenance of data to that which is specifically
(b) DST limits the dissemination of data to that which is specifically authorized in the
(a) DST collects, to the maximum extent practicable, the required information directly from the
individual to whom the record pertains, except where the purpose of the system of records
(b) DST does not compile, maintain or disseminate any information describing how an individual
An individual can be notified, in response to his/her written request, if any system of records
named by the individual contains a record pertaining to him/her. Individuals must provide a
signed, written request to DST as described on the DST Web site or by the DST customer
service center. Except pursuant to a written request by, or with the prior written consent of, the
individual to whom the record pertains, these privacy policies and procedures prohibit access to
and/or disclosure of ACES information unless such access and/or disclosure is consistent with
(a) Routine access by and disclosures to officers and employees of DST are permitted,
when the officer or employee is required such access and/or disclosure in order to
(b) Routine accesses, disclosures, and uses are permitted when accomplished in
accordance with the routine uses described in the ACES solicitation and ACES
Officer
within or under the control of the United States for a civil or criminal law enforcement
activity, if the activity is authorized by law, and if the head of the agency or
instrumentality has made a written request to DST specifying the particular portion of
the record desired and the law enforcement activity for which the record is sought
(d) Routine access by and disclosures to third party Quality Assurance Inspectors hired by
DST will not permit an individual to access any information that has been compiled in
DST will make reasonable efforts to serve notice to an individual when any record on such
individual is made available to any person under compulsory legal process, when such process
In the event of any disclosure of any record occurring after the filing of a statement of
disagreement by the individual that is the subject of the record, DST will clearly note any portion
of the record that is in dispute, will provide copies of the statement of disagreement filed by the
individual, and will provide a concise statement of its reasons for not making the amendments
DST provides for receipt, granting, responding to, and monitoring of requests from ACES
individuals for notification of, access to, review of, and copies of their records. For purposes of
notification of the existence of and granting access to records, DST permits the parent of any
(a) An ACES individual may request disclosure of the existence of any records pertaining
request to DST as described on the DST Web site or by the DST customer service
center.
(b) The identity of the individual must be proven before notification of the existence of a
record or granting access to such record through the inclusion of a notarized letter. This
letter must identify the individual submitting the request to DST as described on the DST
(c) DST will maintain documentation establishing and verifying the individual's identity prior
(d) DST will maintain a copy of the individual’s written request for notice of any record of
(e) DST will maintain a copy of any notice forwarded to any individual in response to
his/her request for notification of the existence of any record(s) pertaining to that
individual.
(f) An individual will be granted access to his/her record for the purposes of reviewing
and/or copying that record after submitting a request in writing to DST as described on
(g) DST will maintain a copy of the individual’s written request for access to any record(s)
pertaining to him/her.
(h) DST will maintain a copy of any response to the individual’s request for access to
his/her record(s).
(i) Prior to granting an individual access to his/her record(s) the individual must prove
his/her identity by providing a notarized letter as described on the DST Web site or by
(j) DST will maintain documentation establishing and verifying the individual’s identity.
(k) An individual does not need accompaniment while reviewing his/her record(s), and
instead will be provided a copy of his/her records in a secure e-mail format, or through
(l) Maintenance documentation establishing the identity of the individual accompanying the
individual to whom the record pertains will not be required since record copies will be
provided directly.
(m) DST’s process as described above eliminates the need for monitoring individuals.
(n) Fees to be charged to any individual for making copies of his/her records are described
on the DST Web site and are provided upon request by the DST customer service
center. These fees exclude the cost of any search for and review of the record.
DST has defined and maintains a process for reviewing a request from an individual concerning
the amendment of any record or information pertaining to that individual, for making a
determination on that request, for an appeal within the contractor’s organization of an initial
adverse contractor determination, and for an appeal to GSA of any continuing adverse
§ DST maintains a record of each request for amendment that it receives, including
the date and time the request was received, the name of the record, and the name of
the requestor.
receipt of his/her request for amendment of his/her record, within ten (10) working
days of the date of receipt of that request. A copy of this written acknowledgment
§ DST will notify the GSA ACO of the receipt of a request for amendment of a
record, in writing, within ten (10) working days of the date of receipt of that
request. A copy of this written notification will be made a part of the record of the
§ DST will make any corrections to any record or portion thereof that are required to
ensure that the record is accurate, relevant, timely, and/or complete, within twenty
(20) working days of the date of receipt of a request for amendment of that record.
A copy of the corrections made, if any, will be made a part of the record of the
request for amendment and a copy of which will be forwarded to the GSA ACO.
§ In the event that DST makes any corrections to any record or portion thereof, it will
so notify any person or agency to which that record was previously disclosed, in
writing, within ten (10) working days of the date of making such corrections. A
copy of such notification(s) will be made a part of the record of the request for
amendment.
§ In the event that DST refuses to amend a record in accordance with the individual’s
request, DST will so notify the requesting individual and the GSA ACO, in writing,
within twenty (20) working days of the date of receipt of that request. This
notification will include the reason for the refusal, the procedures established by the
contractor for the individual to request a review of that refusal by a higher authority
in DST’s organization, and the name and business address of that higher authority
figure. A copy of such notification will by made a part of the record of the request
for amendment.
§ In the event that DST refuses to make the amendments requested, it will notify the
GSA ACO and any person or agency to which that record was previously
disclosed that there is an unresolved dispute relating to that record, in writing, within
twenty (20) working days of the date of receipt of that request. A copy of such
notification will be made a part of the record of the request for amendment.
ACES applicants may request to review any refusal to amend records according to the
following provisions and procedures. The following discusses how to handle a request to
§ DST maintains a record of the date and time of receipt of any request for review of
a refusal to amend a record, which includes a copy of the request. This information
will be made a part of the record of the original request for amendment.
receipt of his/her request for review of a refusal to amend his/her record, in writing,
within ten (10) working days of the date of receipt of that request. A copy of that
acknowledgment will be made a part of the record of the original request for
amendment.
§ DST will notify the GSA ACO of the receipt of a request for review of a refusal to
amend a record, in writing, within ten (10) working days of the date of receipt of
that request. A copy of such notification will be made a part of the record of the
§ DST will complete the requested review of a refusal to amend a record and make a
final determination not later than thirty (30) working days from the date of receipt of
§ If DST, for good cause shown, is unable to complete its review and determination
relating to a request for review of its initial refusal to amend a record, it will submit a
written request for extension to the GSA ACO not later than twenty-five (25)
working days from the date of receipt of the request. If the request for extension is
not approved by the GSA ACO and/or DST is unable to make a final determination
within the time allotted, DST will process the request for review of refusal to amend
§ In the event that DST’s review of its initial refusal to amend results in a
determination to amend the record as requested, DST will resume processing of the
In the event that DST’s review of its initial refusal to amend results in a determination to continue
to refuse to amend the record, DST will so notify the requesting individual and the GSA ACO
of its determination, the individual’s right to appeal directly to GSA, and the individual’s right to
file a concise statement with the GSA ACO setting forth the reasons for his/her disagreement
with the contractor’s continuing refusal to amend the record. This notification will be made a
DST maintains records of all disclosures of information covered by the Privacy Act of 1974
§ The minimum disclosure accounting data that will be collected and maintained by
DST, for each disclosure, include but are not limited to:
(a) The name of the individual to whom the disclosed record pertains
(b) The system of records from which the disclosure was made
(e) The name, address, and telephone number of the person or agency to whom the
§ DST will retain the disclosure accounting data for at least five (5) years after the
§ Except for disclosures made for a civil or criminal law enforcement activity pursuant
to the requirements set forth above, DST will make the disclosure accounting data
available to the individual named in the record disclosed, at his/her written request.
§ DST will make reasonable efforts to serve written notice to an individual when any
compulsory legal process, once such process becomes a matter of public record.
9.1.8 Reports
DST will submit a written request to the GSA ACO for approval to establish any new system of
records or make a significant change in any existing system of records not less than sixty
accordance with the GSA ACES contract, the DST will create the requested ACES Certificate,
notify the applicant thereof, and make the ACES Certificate available to the applicant. DST will
use an out-of-band notification process linked to the ACES Certificate applicant’s physical U.S.
postal mail address and deliver the ACES Certificate only to the Subscriber.