Update by Giulio Di Clemente:

Once the present document is cited in the Official Journal of the European Union under that Regulation, compliance with the normative clauses of the present document given in table […] confers, within the limits of the scope of the present document, a presumption of conformity with the corresponding requirements of that Regulation and associated EFTA regulations.

# Modal verbs terminology

In the present document "**should** ", "**should not** ", "**may** ", "**need not** ", "**will** ", "**will not** ", "**can** " and "**cannot** " are to be interpreted as described in clause 3.2 of the [ETSI Drafting Rules](https://portal.etsi.org/Services/editHelp/How-to-start/ETSI-Drafting-Rules) (Verbal forms for the expression of provisions).

In the present document "**should** ", "**should not** ", "**may** ", "**need not** ", "**shall** ", "**shall not** ", "**can** " and "**cannot** " are to be interpreted as described in clause 3.2 of the [ETSI Drafting Rules](https://portal.etsi.org/Services/editHelp/How-to-start/ETSI-Drafting-Rules) (Verbal forms for the expression of provisions).

"**must** " and "**must not** " are **NOT** allowed in ETSI deliverables except when used in direct citation.

| Term  | Definition             |

|--------------|-------------------------|

|PKI Product ? PKI Software||

|PKI Product ? PKI Software||  # I (GDC) would suggest to deal with PKI software, since this is part of the title of the standard

## 3.2 Symbols

For the purposes of the present document, the [following] symbols [given in ... and the following] apply:

|EC|Enrolment Credential (similar to LTC)|

|HSM|Hardware Security Module|

|ITS|Intelligent Transport System|

|MA|Misbehaviour Authority|

|MA|Misbehaviour Authority| #unsure whether this is the correct term (GDC)

|OCSP|Online Certificate Status Protocol|

|PKC|Public Key Certificate|

|PKI|Public Key Infrastructure|

The present clause describes product contexts for products with digital elements used as part of a public key infrastructure (PKI) that manage the validation, creation, issuance, distribution, status publication, renewal or revocation of digital certificates, or the generation, storage, escrow, exchange, destruction or rotation of cryptographic keys associated with such digital certificates.  

<mark>

PSC: The existing structure implies there is a single product with different security profiles.  In practice, there will be different products for different contexts.  It is clearer to present these separately with any general comments collected in 4.1.

PSC: The existing structure implies there is a single product with different security profiles.  In practice, there shall be different products for different contexts.  It is clearer to present these separately with any general comments collected in 4.1.

</mark>

### 4.1.2 Out of scope use/environments

<mark> PSC: This could be used for a generic architecture description.</mark>

### 4.1.3.1 PKIs main and reference fonctionnalities

### 4.1.3.1 PKIs main and reference functionalities

PKI products support one or more of the following component services (see ETSI EN 319 411-1):

-	<strong>F.Certificate status service:</strong> provides certificate revocation status information to relying parties.

Each component service will require configuration and maintenance by system administrators.

Each component service shall require configuration and maintenance by system administrators.

PKI products also usually support:

- <strong>F.Logging of security events:</strong> for example, account access attempts, product  configuration changes, and system warnings or errors.

They will typically support some logging of events relevant to each of the component service it provides. For example:

They shall typically support some logging of events relevant to each of the component service it provides. For example:

- Registration service events such as certificate requests and approvals.

<mark> FIXME: to be validated.</mark>

Security Profiles are defined for those specific use cases. Products not directly matching those use cases have to refine one of those profile to adapt them to there own risk analaysis.

In the <strong>SME product context</strong>, a single instance of a self-contained PKI product will typically support all of the required PKI functionality.

In the <strong>SME product context</strong>, a single instance of a self-contained PKI product shall typically support all of the required PKI functionality.

However, some component PKI services might not be necessary or could be supported through generic enterprise products and services.

#### 5.1.1.1 Deployment

The enterprise will have a production system for issuing certificates and can be expected to have a separate test system for checking configuration changes and software updates before they are deployed. 

The enterprise shall have a production system for issuing certificates and can be expected to have a separate test system for checking configuration changes and software updates before they are deployed. 

The PKI software will be deployed on servers within the enterprise's server rooms or data centre, or on a platform hosted by the enterprise's cloud service provider.   

The PKI software shall be deployed on servers within the enterprise's server rooms or data centre, or on a platform hosted by the enterprise's cloud service provider.   

NOTE 1:	PKI-as-a-service and software-as-a-service are out of scope of the present document.

NOTE 1:	PKI-as-a-service and software-as-a-service are out of scope of the present document. #(GDC) This has already been said in the Scope section; no need to repeat.

If the certificate generation service in the production system uses a secure cryptographic device to manage the CA keys, this can be a physical device located in the enterprise's data centre or a virtual device hosted by the enterprise's cloud service provider.

#### 5.1.1.2	Physical security

An enterprise server room or data centre will have some physical access controls.

An enterprise server room or data centre shall have some physical access controls.

A cloud service provider will have strong physical security measures in place, but the servers hosting the PKI software will not be physically separated from other infrastructure.

A cloud service provider shall have strong physical security measures in place, but the servers hosting the PKI software shall not be physically separated from other infrastructure.

#### 5.1.1.3	Network security

The enterprise will implement security controls such as firewalls on the edge of their network.

The enterprise shall implement security controls such as firewalls on the edge of their network.

The enterprise will implement internal network access controls that limit access to systems hosting the PKI software to authorised users.

The enterprise shall implement internal network access controls that limit access to systems hosting the PKI software to authorised users.

The enterprise will deploy malware detection and removal software on their systems.

The enterprise shall deploy malware detection and removal software on their systems.

### 5.1.5 Users competences

The enterprise will employ competent system administrators to install, configure and manage the software.

The enterprise shall employ competent system administrators to install, configure and manage the software.

However, system operators might have limited experience running critical component services and might have only received basic training in cybersecurity or data protection.

<strong>Table 5.2.</strong> Registration assets

</div>

If the PKI product does not provide support for subscriber management as part of its registration services, then the subscriber data (REG01) and subscriber management function (REG11) assets will not be present. 

If the PKI product does not provide support for subscriber management as part of its registration services, then the subscriber data (REG01) and subscriber management function (REG11) assets shall not be present. 

#### 5.1.2.3 Certificate generation service

If the PKI product supports the use of a secure cryptographic device, then the CA key data (GEN01) can be stored on the secure device.

If the PKI product does not support the use of a secure cryptographic device, then the secure cryptographic device interface (GEN22) will not be present. 

If the PKI product does not support the use of a secure cryptographic device, then the secure cryptographic device interface (GEN22) shall not be present. 

If the PKI product does not support the use of subject key generation or subject key recovery, then the subject key data (GEN02) will not be present and the key management function (GEN11) will only be used to manage CA private keys.

If the PKI product does not support the use of subject key generation or subject key recovery, then the subject key data (GEN02) shall not be present and the key management function (GEN11) shall only be used to manage CA private keys.

If the PKI product does not support registration services, then certificate requests can either be submitted directly via the certificate generation service user interface (GEN21) or via a related logical interface.

<strong>Table 5.4.</strong> Dissemination assets

</div>

If the PKI product does not support dissemination services, then the dissemination assets will be replaced by a logical interface to a third-party enterprise directory service.

If the PKI product does not support dissemination services, then the dissemination assets shall be replaced by a logical interface to a third-party enterprise directory service.

#### 5.1.2.5 Revocation management service

NOTE 2: Denying access to the secure cryptographic device via an API that does not provide availability is a threat to the secure cryptographic device, not to the cyber security of the PKI product. However, if the operation of the secure cryptographic device is impacted by, for example, the number of signing requests from the PKI product then this is relevant to the cyber security of the PKI product as it is not minimising its impact on other devices or networks (T_GEN13). 

If the PKI product does not support the use of a secure cryptographic device, then the threats to the secure cryptographic device interface (T_GEN11 and T_GEN12) will not be present. 

If the PKI product does not support the use of a secure cryptographic device, then the threats to the secure cryptographic device interface (T_GEN11 and T_GEN12) shall not be present. 

If the product does not support subject key generation or key recovery, the threats to the subject key data (T_GEN04, T_GEN05 and T_GEN06) will not be present and the threat to the key management function (T_GEN07) will only cover the CA key data.

If the product does not support subject key generation or key recovery, the threats to the subject key data (T_GEN04, T_GEN05 and T_GEN06) shall not be present and the threat to the key management function (T_GEN07) shall only cover the CA key data.

#### 5.1.3.4 Dissemination service

#### 5.2.2.1 Services

The PKI product will support one or more of the following component services (see ETSI EN 319 411-1):

The PKI product shall support one or more of the following component services (see ETSI EN 319 411-1):

-	<strong>Registration service:</strong> as described in clause 4.2.2.1.

NOTE 1: The certificate profile used in certificate creation, including the signature algorithm, certificate lifetime and key usage restrictions, is determined by the CA's Certificate Policy (CP) or an equivalent document.

NOTE 2: This service will typically use a secure cryptographic device to generate, store and use the CA keys.

NOTE 2: This service shall typically use a secure cryptographic device to generate, store and use the CA keys.

-	<strong>Dissemination service:</strong> as described in clause 4.2.2.1.

-	<strong>Certificate status service:</strong> as described in clause 4.2.2.1.

Each component service will require configuration and maintenance by system administrators.

Each component service shall require configuration and maintenance by system administrators.

#### 5.2.2.2 Logging

The PKI product will support logging of security events; for example, account access attempts, product configuration changes, and system warnings or errors.

The PKI product shall support logging of security events; for example, account access attempts, product configuration changes, and system warnings or errors.

The PKI product will support logging of events relevant to each of the component service it provides. For example:

The PKI product shall support logging of events relevant to each of the component service it provides. For example:

- Registration service events such as certificate requests and approvals.

#### 5.2.2.3 Accounts

In the large enterprise and public PKI product context, the product will support at least the following user accounts:

In the large enterprise and public PKI product context, the product shall support at least the following user accounts:

- <strong>System administrator account:</strong> authorised to install, configure and update the product.

#### 5.2.4.1	Deployment

The large enterprise or public CA will have a production system for issuing certificates and can be expected to have separate development or test systems for checking configuration changes and software updates before they are deployed.

The large enterprise or public CA shall have a production system for issuing certificates and can be expected to have separate development or test systems for checking configuration changes and software updates before they are deployed.

The PKI software will typically be deployed on servers within the CA's data centre, but less critical component services can be deployed on a platform hosted by a cloud service provider. 

The PKI software shall typically be deployed on servers within the CA's data centre, but less critical component services can be deployed on a platform hosted by a cloud service provider. 

NOTE 1: PKI-as-a-service and software-as-a-service are out of scope of the present document.

NOTE 1: PKI-as-a-service and software-as-a-service are out of scope of the present document. # (GDC) This note is redundant

The certificate generation service in the production system will use a secure cryptographic device to manage the CA keys and, if required, generate subject keys. This will likely be a physical device located in the enterprise's data centre.

The certificate generation service in the production system shall use a secure cryptographic device to manage the CA keys and, if required, generate subject keys. This shall likely be a physical device located in the enterprise's data centre.

NOTE 2:	Security requirements for secure cryptographic devices are out of scope of the present document.

#### 5.2.4.2	Physical security

The CA will locate production infrastructure supporting security critical component services such as certificate generation in a secure perimeter with physical protection against intrusion and physical controls limiting access to authorised personnel.

The CA shall locate production infrastructure supporting security critical component services such as certificate generation in a secure perimeter with physical protection against intrusion and physical controls limiting access to authorised personnel.

The CA will implement controls to prevent the loss, theft or compromise of its equipment, media, and data.

The CA shall implement controls to prevent the loss, theft or compromise of its equipment, media, and data.

The CA will implement measures to prevent a compromise or interruption of its services due to an electricity, network, or other utility failure. 

The CA shall implement measures to prevent a compromise or interruption of its services due to an electricity, network, or other utility failure. 

#### 5.2.4.3	Network security

The CA will implement change control procedures for any software updates and configuration changes.

The CA shall implement change control procedures for any software updates and configuration changes.

The CA will deploy security updates in a reasonable time, unless they introduce additional vulnerabilities or system instabilities, and review and verify configuration settings regularly.  

The CA shall deploy security updates in a reasonable time, unless they introduce additional vulnerabilities or system instabilities, and review and verify configuration settings regularly.  

The CA will implement security controls such as firewalls and intrusion detection and prevention systems on its networks, deploy malware detection and removal software on its infrastructure, and undergo regular vulnerability scans and penetration tests.

The CA shall implement security controls such as firewalls and intrusion detection and prevention systems on its networks, deploy malware detection and removal software on its infrastructure, and undergo regular vulnerability scans and penetration tests.

The CA will locate security-critical component services such as certificate generation in one or more secure network zones, and restrict access and communication between zones.

The CA shall locate security-critical component services such as certificate generation in one or more secure network zones, and restrict access and communication between zones.

The CA will have a dedicated network for the administration and operation of its production system that is logically separated from its other systems. 

The CA shall have a dedicated network for the administration and operation of its production system that is logically separated from its other systems. 

The CA will block protocols and disable accesses that are not needed for PKI operations. 

The CA shall block protocols and disable accesses that are not needed for PKI operations. 

### 5.2.5 User description 

A large enterprise or public CA will employ staff who have the necessary expertise and experience for their roles, including an understanding of cybersecurity and data protection where relevant.

A large enterprise or public CA shall employ staff who have the necessary expertise and experience for their roles, including an understanding of cybersecurity and data protection where relevant.

The CA will provide staff with regular training on current security practices and apply appropriate disciplinary sanctions to staff who violate the CA's policies or procedures.

The CA shall provide staff with regular training on current security practices and apply appropriate disciplinary sanctions to staff who violate the CA's policies or procedures.

The CA will perform additional checks on staff employed in trusted roles such as system administrators, system operators and system auditors, and wait for the checks to be completed before giving access to the trusted service.

The CA shall perform additional checks on staff employed in trusted roles such as system administrators, system operators and system auditors, and wait for the checks to be completed before giving access to the trusted service.

The CA will enforce separation between trusted roles with conflicting responsibilities such as system operators and system auditors.

The CA shall enforce separation between trusted roles with conflicting responsibilities such as system operators and system auditors.

### 5.2.6 Assets

### 5.2.7 Threats

**R.PKI_Trust_Elements** - The C-ITS PKI shall ensure that certificates (RCA, EA, AA, EC, AT), certificate revocation lists and certificate trust list are valid (format and integrity).

**R.Administrator_Management** - The C-ITS PKI will provide mechanisms to ensure that only administrators are able to log in, configure and access the C-ITS PKI's data (either User and TSF data). It shall provide protections for logged-in administrators. The C-ITS PKI will ensure that administrative responsibilities are separated across different roles in order to mitigate the impact of improper administrative activities or unauthorized administrative access.

**R.Administrator_Management** - The C-ITS PKI shall provide mechanisms to ensure that only administrators are able to log in, configure and access the C-ITS PKI's data (either User and TSF data). It shall provide protections for logged-in administrators. The C-ITS PKI shall ensure that administrative responsibilities are separated across different roles in order to mitigate the impact of improper administrative activities or unauthorized administrative access.

**R.Access_Control** - The C-ITS PKI shall enforce access controls to protect User Data and TSF Data in accordance whit user privileges.

**R.Audit** - The C-ITS PKI will provide the capability to generate, sign and store securely (prevention of erasure and access control) audit data. The C-ITS PKI will record in audit records: type of event (as defined by the EU CP), trusted date and time the event occurred, result of the event: success or failure where appropriate, identity of the entity and/or operator that caused the event if applicable, identity of the entity for which the event is addressed.

**R.Audit** - The C-ITS PKI shall provide the capability to generate, sign and store securely (prevention of erasure and access control) audit data. The C-ITS PKI shall record in audit records: type of event (as defined by the EU CP), trusted date and time the event occurred, result of the event: success or failure where appropriate, identity of the entity and/or operator that caused the event if applicable, identity of the entity for which the event is addressed.

**R.TSF_Secure_State_Preservation** -  Preserve the secure state of the system in the event of a secure component failure and/or recover to a secure state. Integrity of all code on the C-ITS PKI shall be checked. Cryptographic and other security-critical functions shall be tested. These tests shall be performed during power-up and under certain conditions.

**R.Ressource_Access** - The C-ITS PKI shall protect its resources against monopolization by a user or attacker to the detriment of other users of the C-ITS PKI.

**R.Protected_None_ITS_ Communications** - The C-ITS PKI will provide protected communication channels for remote administrators, IT entities such as car manufacturer servers (confidentiality and integrity) and other parts of a distributed C-ITS PKI (confidentiality, integrity and authenticity). 

**R.Protected_None_ITS_ Communications** - The C-ITS PKI shall provide protected communication channels for remote administrators, IT entities such as car manufacturer servers (confidentiality and integrity) and other parts of a distributed C-ITS PKI (confidentiality, integrity and authenticity). 

**R.Secured_Authority_Request** The C-ITS PKI shall protect in confidentiality, integrity and authenticity the Authorities requests.

Threats – External Attacks

T.Hacker gains access - A hacker masquerades as an authorized user to perform operations that will be attributed to the authorized user or a system process or gains undetected access to a system due to missing, weak and/or incorrectly implemented access control causing potential violations of integrity, confidentiality, or availability. Threat agent is the unauthorized user.

T.Hacker gains access - A hacker masquerades as an authorized user to perform operations that shall be attributed to the authorized user or a system process or gains undetected access to a system due to missing, weak and/or incorrectly implemented access control causing potential violations of integrity, confidentiality, or availability. Threat agent is the unauthorized user.

T.Hacker physical access - Adverse action can be compromise of the security of the CIMC and/or relying party systems that rely on the PKI objects such as certificates, CRLs, or OCSP Responses. A hacker physically interacts with the system to exploit vulnerabilities in the physical environment, resulting in arbitrary security compromises. Threat agent is the unauthorized user. Adverse action can be compromise of the security of the CIMC and/or relying party systems that rely on the PKI objects such as certificates, CRLs, or OCSP Responses.