CA Auditing Requirements and Cross Certification
Jorgen Moller, Director, Deloitte & Touche, CanadaManagement Stream - Wednesday 1 November 2000
The CA used to issue digital certificates for digital signatures must operate at a defined level of assurance to establish the level of trust a relying party can take for granted based.
By extending the trust model through cross certification the CAs will establish mutual trust between the cross certified domains according the agreed policies (which may be constrained in one or both directions).
To establish the trust equivalence between the two domains the auditors must examine that the assurance levels are indeed as claimed and controls are in place to maintain the equivalence.
This paper discusses an approach and the critical aspects an auditor needs to measure to satisfy sustained assurance levels and reliable cross certification.
