WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.
**Deployment** In the general context, the enterprise will have a production system for issuing certificates and can be expected to have a separate test system for checking configuration changes and software updates before they are deployed.
The PKI software can be expected to be deployed on servers within the enterprise's server rooms or data centre, or on a platform hosted by the enterprise's cloud service provider.
NOTE 1: Software-as-a-service is out of scope of the present document.
If the certificate generation service in the production system uses a secure cryptographic device to manage the CA keys, this can be a physical device located in the enterprise's data centre or a virtual device hosted by the enterprise's cloud service provider.
NOTE 2: Security requirements for secure cryptographic devices are out of scope of the present document.
4.5.1.2 Physical security
An enterprise server room or data centre can be expected to have some physical access controls.
A cloud service provider can be expected to have strong physical security measures in place, but the servers hosting the PKI software are unlikely to be physically separated from other infrastructure.
4.5.1.3 Network security
The enterprise can be expected to implement security controls such as firewalls on the edge of their network and deploy malware detection and removal software on their infrastructure.
#### 4.5.1.4 SP1 - Users
| User Role | Description |
@@ -387,7 +408,7 @@ T.Hacker physical access - Adverse action can be compromise of the security of t
T.Social engineering - A hacker uses social engineering techniques to gain information about system entry, system use, system design, or system operation. Threat agent is the unauthorized user. Adverse action can be compromise of the security of the CIMC and/or relying party systems that rely on the PKI objects such as certificates, CRLs, or OCSP Responses.
#### 4.5.1.6 SP1 - Risks
#### 4.5.1.7 SP1 - Requirements
#### 4.5.1.7 SP1 (conditionnal) - Requirements
### 4.5.2 Security Profile 2 (SP2) - Web PKI
#### 4.5.2.1 SP2 - Assets
@@ -433,18 +454,22 @@ The C-ITS PKI shall provide the different services required by the RCA, EC and A
#### 4.5.3.7 SP3 - Requirements
**R.PKI_Trust_Elements** - The C-ITS PKI must ensure that certificates (RCA, EA, AA, EC, AT), certificate revocation lists and certificate trust list are valid (format and integrity).
**R.Administrator_Management** - The C-ITS PKI will provide mechanisms to ensure that only administrators are able to log in, configure and access the C-ITS PKI's data (either User and TSF data). It shall provide protections for logged-in administrators. The C-ITS PKI will ensure that administrative responsibilities are separated across different roles in order to mitigate the impact of improper administrative activities or unauthorized administrative access.
**R.Access_Control** - The C-ITS PKI shall enforce access controls to protect User Data and TSF Data in accordance whit user privileges.
**R.Audit - The C-ITS PKI will provide the capability to generate, sign and store securely (prevention of erasure and access control) audit data. The C-ITS PKI will record in audit records: type of event (as defined by the EU CP), trusted date and time the event occurred, result of the event: success or failure where appropriate, identity of the entity and/or operator that caused the event if applicable, identity of the entity for which the event is addressed.
**R.Audit** - The C-ITS PKI will provide the capability to generate, sign and store securely (prevention of erasure and access control) audit data. The C-ITS PKI will record in audit records: type of event (as defined by the EU CP), trusted date and time the event occurred, result of the event: success or failure where appropriate, identity of the entity and/or operator that caused the event if applicable, identity of the entity for which the event is addressed.
**R.TSF_Secure_State_Preservation** - Preserve the secure state of the system in the event of a secure component failure and/or recover to a secure state. Integrity of all code on the C-ITS PKI shall be checked. Cryptographic and other security-critical functions shall be tested. These tests shall be performed during power-up and under certain conditions.
**R.Ressource_Access** - The C-ITS PKI shall protect its resources against monopolization by a user or attacker to the detriment of other users of the C-ITS PKI.
**R.Protected_None_ITS_ Communications** - The C-ITS PKI will provide protected communication channels for remote administrators, IT entities such as car manufacturer servers (confidentiality and integrity) and other parts of a distributed C-ITS PKI (confidentiality, integrity and authenticity).
**R.Secured_Authority_Request** The C-ITS PKI shall protect in confidentiality, integrity and authenticity the Authorities requests.
**R.Secured_Response** - Upon receiving requests from ITS-S or other CAs (certificate requests or Authorization validation requests), the C-ITS PKI shall verify the data confidentiality, integrity and authenticity before validating the request format and content. The C-ITS PKI shall respond to valid requests by generating requested certificates or authorization validation response. The C-ITS PKI shall send them back to the ITS-S or CAs ensuring the confidentiality, integrity and authenticity of the responses.
**R.Ressource_Access** - The C-ITS PKI shall protect its resources against monopolization by a user or attacker to the detriment of other users of the C-ITS PKI.
**R.Protected_None_ITS_ Communications** - The C-ITS PKI will provide protected communication channels for remote administrators, IT entities such as car manufacturer servers (confidentiality and integrity) and other parts of a distributed C-ITS PKI (confidentiality, integrity and authenticity).
**R.Secured_Authority_Request** The C-ITS PKI shall protect in confidentiality, integrity and authenticity the Authorities requests.
**R.Secured_Response** - Upon receiving requests from ITS-S or other CAs (certificate requests or Authorization validation requests), the C-ITS PKI shall verify the data confidentiality, integrity and authenticity before validating the request format and content. The C-ITS PKI shall respond to valid requests by generating requested certificates or authorization validation response. The C-ITS PKI shall send them back to the ITS-S or CAs ensuring the confidentiality, integrity and authenticity of the responses.
