Chapter 3. Policies and PKI

A public key infrastructure (PKI) is only as secure as the policies and procedures that are implemented by an organization in conjunction with its PKI. Three policy documents directly affect the design of an organization’s PKI:

  • Security policy. A security policy is a document that defines an organization’s standards in regard to security. The policy usually includes the assets an organization considers valuable, potential threats to those assets, and, in general terms, measures that must be taken to protect these resources.

  • Certification policy. A certification policy (CP) is a document that describes the measures an organization will use to validate the identity of a certificate’s subject and for what purposes a certificate ...

Get Windows Server® 2008 PKI and Certificate Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.