DANSK DS/ISO 21188 PDF

This document sets out a framework of requirements to manage a PKI through Certificate Policies and Certification Practice Statements and to enable the use of public key certificates in the financial services industry. It also defines control objectives and supporting procedures to manage risks. This document draws a distinction between PKI systems used in open, closed and contractual environments. It further defines the operational practices relative to financial services industry accepted information systems control objectives. This document is intended to help implementers to define PKI practices that can support multiple Certificate Policies that include the use of digital signature, remote authentication, and data encryption. This document allows for the implementation of operational, baseline PKI control practices that satisfy the requirements for the financial services industry in a contractual environment. While the focus of this document is upon the contractual environment, application of this document to other environments is not specifically precluded. For purposes of this document, the term "certificate" refers to public key certificates. Attribute certificates are outside the scope of this document.