Term:Certificate Policy

From FISMApedia
Jump to: navigation, search

DoDI 8520.02

Certificate Policy (CP) - A named set of rules that indicates the applicability of a certificate to a particular community and/or class of information system with common security requirements. A certificate policy may be used by a certificate user to help in deciding whether a certificate and the binding therein, is sufficiently trustworthy for a particular information system. E2.1.4.

NIST IR 7298

Certificate Policy (CP) - A Certificate Policy is a specialized form of administrative policy tuned to electronic transactions performed during certificate management. A Certificate Policy addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery and administration of digital certificates. Indirectly, a certificate policy can also govern the transactions conducted using a communications system protected by a certificate-based security system. By controlling critical certificate extensions, such policies and associated enforcement technology can support provision of the security services required by particular applications. SOURCE: SP 800-32

NIST SP 800-32

Certificate Policy (CP) - A Certificate Policy is a specialized form of administrative policy tuned to electronic transactions performed during certificate management. A Certificate Policy addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery and administration of digital certificates. Indirectly, a certificate policy can also govern the transactions conducted using a communications system protected by a certificate-based security system. By controlling critical certificate extensions, such policies and associated enforcement technology can support provision of the security services required by particular applications.

NIST SP 800-57P2

Certificate Policy - A named set of rules that indicate the applicability of a certificate to a particular community and/or class of applications with common security requirements.