HKU Grid Certificate Authority Self Audit & Status Report

hku grid certificate authority hku grid ca n.w
1 / 7
Embed
Share

"Learn about the HKU Grid Certificate Authority's self-audit and status report, including operational details, issued certificates, auditing guidelines, and inspection items. Get insights into their offline CA operations and key personnel involved in managing the CA tasks. Stay informed about the organization's certification processes and security measures. Explore materials used for auditing and the infrastructure ensuring privacy and security compliance."

  • HKU Grid
  • Certificate Authority
  • Audit
  • Security
  • Compliance
rayaanacharya
alan454 Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. HKU Grid Certificate Authority (HKU Grid CA) Self Audit & Status Report Bill Yau (billyau_hpc@hku.hk) IGTF All-Hands Meeting 23rdAPGrid PMA F2F meeting, 1stApril 2019

  2. Operating Organization HKU Grid CA ~ Classical offline CA operates since 2009 Pui Tak HO Wing Keung KWAN CA Manager Examines subscriber s information Approve CA and RA operator to operate affairs Helpdesk RA Operator CA Operator Accept subscribing request Check subscribers information for consideration of approval Help users related to HKU Grid CA operation Operate and maintain the CA signing server & CA web server Manage CA private key and its copy Operate CA tasks: issue/revoke/rekey certificate and issue CRL Update CP/CPS, operation manuals and security documents Wing Keung KWAN Lilian CHAN Bill Yau Pui Tak HO, Wing Keung KWAN, Lilian CHAN , Bill Yau IGTF All-Hands Meeting 23rdAPGrid PMA F2F meeting, 1stApril 2019 2

  3. Issued Certificates (As of 25thMar, 2019) Valid CN=HKU Grid CA User certificates 0 Expired/Revoked 44 Valid Host Certificates 6 Expired/Revoked 118 Valid HKU GridCA 2 User certificates 3 Expired/Revoked 2 Valid Host Certificates 26 Expired/Revoked 0 IGTF All-Hands Meeting 23rdAPGrid PMA F2F meeting, 1stApril 2019 3

  4. Materials Used for Auditing Guidelines for auditing Grid CAs version 1.1 Relevant IGTF Authentication Profile version 5.0 HKU Grid CA CP/CPS v3.0 (RFC 3647) CA Repository: http://ca.grid.hku.hk/ CA Certificate, CRL, End-Entity certificates Document published on the web repository: Certificate application procedure Certificate renew and revocation procedure IGTF All-Hands Meeting 23rdAPGrid PMA F2F meeting, 1stApril 2019 4

  5. Operation Inspection Items CA room Located in the HKU ITS server room. Restricted to authorized people can access and all events are recorded. RA and CA machines Both are running on dedicated machines. CA signing machine is dedicated to CA operation and is completely offline. Backup media of the CA private key and its place Media storage of archived logs and other documents and their place Locked in safe deposit box which is located at another room where access control is restricted. Logs of RA and CA servers Records of operation of the RA and CA Access log to the CA room IGTF All-Hands Meeting 23rdAPGrid PMA F2F meeting, 1stApril 2019 5

  6. Summary of Self Audit Result Score A (Good) 63 Score B (Minor Change) Score C (Major Change) 1 0 Score D (Must Change) 0 Score X (Could not evaluate) 3 IGTF All-Hands Meeting 23rdAPGrid PMA F2F meeting, 1stApril 2019 6

  7. Score B (Minor Change) CA Key (14) Copies of the encrypted private key must be kept on offline media and only in secure places where access is controlled. During the auditing, we found that we have forgotten to create a paper-based backup of the private key as specified in the CP/CPS. CD-ROM based copy of the private key is safe and secure. IGTF All-Hands Meeting 23rdAPGrid PMA F2F meeting, 1stApril 2019 The University of Hong Kong 7

Related


No related presentations.

More Related Content