Incident and Compromise Handling Procedures
The disaster recovery plan addresses the following:
- the conditions for activating the plans
- resumption procedures
- a maintenance schedule for the plan
- awareness and education requirements
- the responsibilities of the individuals
- recovery point objective (RPO) of fifteen minutes
- recovery time objective (RTO) of 24 hours for essential CA operations which include Certificate revocation, and issuance of Certificate revocation status
- testing of recovery plans
In order to mitigate the event of a disaster, the CAs have implemented the following:
- Four datacenters with highly-available HSMs and secure on-site and off-site storage of backup HSMs containing copies of all CA Private Keys
- secure on-site and off-site storage of all requisite activation materials
- database replication between primary and secondary regions
- daily database backups within both the primary and secondary regions
- weekly backup of critical data to a secure off-site storage facility
- secure off-site storage of disaster recovery plan and disaster recovery procedures
- environmental controls as described in §5.1
Entrust has implemented physical datacenters near Dallas, TX and Denver, CO. For European Union coverage, Entrust has also implemented physical datacenters in Munich and Frankfurt, Germany.
Cloud-based components utilize multiple availability zones for high availability and a secondary region for disaster recovery.
Entrust requires rigorous security controls to maintain the integrity of the CAs. The compromise of the Private Key used by a CA is viewed by Entrust as being very unlikely; however, Entrust has policies and procedures that will be employed in the event of such a compromise. At a minimum, all RAs will be informed as soon as practicable of such a compromise. Certificates signed by the compromised CA will be revoked.
Computing Resources, Software, and/or Data are Corrupted
No stipulation.
Entity Private Key Compromise Procedures
In the event of a compromised RA credential, the credential is revoked.
Business Continuity Capabilities After a Disaster
No stipulation.