FPKI Lessons Learned

• Creation of Concept of Operations, Certificate Policy, Certificate Practices Statement is critical before deployment of PKI

• Documents are time-consuming to create, but not impossible

  • Who’s responsible for what?

• Requires independent Audit – the CA must be above suspicion

• The InfoSec Policy group and the Implementers must be like Chang and Eng

Previous slide

Next slide

Back to first slide

View graphic version