Procedural Controls for the CA
Trusted Roles
Personnel in Trusted Roles will not be assigned other responsibilities that conflict with their operational responsibilities for the CA. The privileges assigned to personnel in Trusted Roles will be limited to the minimum required to carry out their assigned duties.
Number of Persons Required Per Task
The CA Private Keys are backed up, stored, and recovered only by personnel in Trusted Roles using dual control in a physically secured environment.
Identification and Authentication for Each Role
An individual performing a Trusted Role shall identify and authenticate their identity before being permitted to perform any actions or responsibilities associated with that Trusted Role.
Roles Requiring Separation of Duties
Personnel in Trusted Roles with the ability to deploy to or access the PKIaaS production systems do not have the ability to commit software code. Development team members with the ability to commit code do not have the ability to deploy to or access PKIaaS production systems.