DS/ETSI EN 319 411-1 V1.3.1:2021

Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates; Part 1: General requirements

The present document specifies generally applicable policy and security requirements for Trust Service Providers*(TSPs) issuing public key certificates, including trusted web site certificates.*The policy and security requirements are defined in terms of requirements for the issuance, maintenance and life-cycle*management of certificates. These policy and security requirements support several reference certificate policies,*defined in clauses 4 and 5.*A framework for the definition of policy requirements for TSPs issuing certificates in a specific context where*particular requirements apply is defined in clause 7.*The present document covers requirements for CA hierarchies, however this is limited to supporting the policies as*specified in the present document. It does not include requirements for root CAs and intermediate CAs for other*purposes.*The present document is applicable to:*• the general requirements of certification in support of cryptographic mechanisms, including digital signatures*for electronic signatures and seals;*• the general requirements of certification authorities issuing TLS/SSL certificates;*• the general requirements of the use of cryptography for authentication and encryption.*The present document does not specify how the requirements identified can be assessed by an independent party,*including requirements for information to be made available to such independent assessors, or requirements on such*assessors.*NOTE: See ETSI EN 319 403 [i.2] for guidance on assessment of TSP's processes and services. The present*document references ETSI EN 319 401 [8] for general policy requirements common to all classes of*TSP's services.*The present document includes provisions consistent with the requirements from the CA/Browser Forum in EVCG [4]*and BRG [5].