certificate |
A digitally signed representation of information that 1) identifies the authority issuing it, 2) identifies the subscriber, 3) identifies its valid operational period (date issued / expiration date). In the information assurance (IA) community, certificate usually implies public key certificate and can have the following types: |
certificate authority workstation |
The computer system or systems that process certification authority (CA) software and/or have access to the CA private keys, end entity keys, or end entity public keys prior to certification. |
certificate management |
Process whereby certificates (as defined above) are generated, stored, protected, transferred, loaded, used, and destroyed. |
certificate policy (CP) |
1. A specialized form of administrative policy tuned to electronic transactions performed during certificate management. A certificate policy addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery, and administration of digital certificates. Indirectly, a certificate policy can also govern the transactions conducted using a communications system protected by a certificate-based security system. By controlling critical certificate extensions, such policies and associated enforcement technology can support provision of the security services required by particular applications. |
certificate revocation list (CRL) |
1. A list of revoked public key certificates created and digitally signed by a Certificate Authority. |
certificate status authority (CSA) |
A trusted entity that provides on-line verification to a relying party of a subject certificate's trustworthiness, and may also provide additional attribute information for the subject certificate. |
certificate status server (CSS) |
An authority that provides status information about certificates on behalf of the CA through online transactions (e.g., an online certificate status protocol (OCSP) responder). |
certificate-related information |
Information, such as subscriber’s postal address, that is not included in a certificate. May be used by a certification authority (CA) managing certificates. |
certification |
Comprehensive evaluation of an information system component that establishes the extent to which a particular design and implementation meets a set of specified security requirements. |
certification analyst (C.F.D.) |
The independent technical liaison for all stakeholders involved in the certification and accreditation (C&A) process responsible for objectively and independently evaluating a system as part of the risk management process. Based on the security requirements documented in the security plan, performs a technical and non-technical review of potential vulnerabilities in the system and determines if the security controls (management, operational, and technical) are correctly implemented and effective. |
certification authority (CA) |
An entity authorized to create, sign, issue, and revoke public key certificates. |
certification authority workstation (CAW) (C.F.D.) |
Commercial-off-the-shelf (COTS) workstation with a trusted operating system and special purpose application software that is used to issue certificates. |
certification package (C.F.D.) |
Product of the certification effort documenting the detailed results of the certification activities. |
certification practice statement (CPS) |
A statement of the practices that a certification authority (CA) employs in issuing, suspending, revoking, and renewing certificates and providing access to them, in accordance with specific requirements (i.e., requirements specified in this Certificate Policy, or requirements specified in a contract for services). |
certification test and evaluation |
Software and hardware security tests conducted during development of an information system component. |