who does a PKI audit?

who does a PKI audit?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
who does a PKI audit? Kristin Griffin 01-31-2008
Posted by Kristin Griffin on January 31, 2008, 3:40 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Who deems the need for a PKI audit and who would actually do this audit? Is
this enforced by law?

Thanks,

Kristin



Posted by Tom [Pepper] Willett on January 31, 2008, 4:39 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=17107&TEMPLATE=/ContentManagement/ContentDisplay.cfm


: Who deems the need for a PKI audit and who would actually do this audit?
Is
: this enforced by law?
:
: Thanks,
:
: Kristin
:
:



Posted by Kristin Griffin on January 31, 2008, 5:00 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Thanks Tom!


>
http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=17107&TEMPLATE=/ContentManagement/ContentDisplay.cfm
>
>
> : Who deems the need for a PKI audit and who would actually do this audit?
> Is
> : this enforced by law?
> :
> : Thanks,
> :
> : Kristin
> :
> :
>
>



Posted by on February 4, 2008, 9:34 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
wrote:
> Who deems the need for a PKI audit and who would actually do this audit? =
=A0Is
> this enforced by law?
>
> Thanks,
>
> Kristin

Kristin,

The PKI audit is defined in the certificate policy in both IETF RFC
2527 and 3647. The audit is mandatory for all assurance levels,
however the level of detail of the audit may vary according to the
number of assertions (shall, will, must) statements in the applicable
CP. It isn't mandated by law, is defined by policy and in that
mandate it is necessary to show compliance so that an intangible
factor such as trust can be defined by relying parties.

Federal PKI policy requires that a CISA or CISSP and PKI expert with
industry recognition conduct such audits and must be organizationally
independent of the PKI.

Brian

Similar ThreadsPosted
User audit September 6, 2005, 5:02 am
Audit Admnistrators April 11, 2006, 4:02 pm
"file audit" February 21, 2007, 9:02 am
How do you audit your systems? August 5, 2007, 3:18 pm
Internal Audit question September 22, 2005, 12:49 pm
Re: Audit Account Management June 15, 2005, 1:15 am
Audit Account Management June 14, 2005, 2:19 pm
How to audit WHO has shutdown a server? March 9, 2006, 9:14 am
Modified Files Audit? August 7, 2006, 2:52 am
Audit logon and logoff September 11, 2006, 12:04 am

The site map in XML format XML site map

Contact Us | Privacy Policy