WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.
@@ -433,6 +433,16 @@ The C-ITS PKI shall provide the different services required by the RCA, EC and A
#### 4.5.3.6 SP3 - Risks
#### 4.5.3.7 SP3 - Requirements
**R.PKI_Trust_Elements** - The C-ITS PKI must ensure that certificates (RCA, EA, AA, EC, AT), certificate revocation lists and certificate trust list are valid (format and integrity).
**R.Administrator_Management** - The C-ITS PKI will provide mechanisms to ensure that only administrators are able to log in, configure and access the C-ITS PKI's data (either User and TSF data). It shall provide protections for logged-in administrators. The C-ITS PKI will ensure that administrative responsibilities are separated across different roles in order to mitigate the impact of improper administrative activities or unauthorized administrative access.
**R.Access_Control** - The C-ITS PKI shall enforce access controls to protect User Data and TSF Data in accordance whit user privileges.
**R.Audit - The C-ITS PKI will provide the capability to generate, sign and store securely (prevention of erasure and access control) audit data. The C-ITS PKI will record in audit records: type of event (as defined by the EU CP), trusted date and time the event occurred, result of the event: success or failure where appropriate, identity of the entity and/or operator that caused the event if applicable, identity of the entity for which the event is addressed.
**R.TSF_Secure_State_Preservation** - Preserve the secure state of the system in the event of a secure component failure and/or recover to a secure state. Integrity of all code on the C-ITS PKI shall be checked. Cryptographic and other security-critical functions shall be tested. These tests shall be performed during power-up and under certain conditions.
**R.Ressource_Access** - The C-ITS PKI shall protect its resources against monopolization by a user or attacker to the detriment of other users of the C-ITS PKI.
**R.Protected_None_ITS_ Communications** - The C-ITS PKI will provide protected communication channels for remote administrators, IT entities such as car manufacturer servers (confidentiality and integrity) and other parts of a distributed C-ITS PKI (confidentiality, integrity and authenticity).
**R.Secured_Authority_Request** The C-ITS PKI shall protect in confidentiality, integrity and authenticity the Authorities requests.
**R.Secured_Response** - Upon receiving requests from ITS-S or other CAs (certificate requests or Authorization validation requests), the C-ITS PKI shall verify the data confidentiality, integrity and authenticity before validating the request format and content. The C-ITS PKI shall respond to valid requests by generating requested certificates or authorization validation response. The C-ITS PKI shall send them back to the ITS-S or CAs ensuring the confidentiality, integrity and authenticity of the responses.
