Certificate Policies
A Certificate Policy (CP) is defined in the Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework as "a named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements".

When a Certification Authority (CA) issues a certificate, it is providing a statement to a certificate user (i.e. relying party) that a particular public key is bound to a particular entity (i.e. certificate subject). The extent to which the certificate user should rely on that statement needs to be assessed by the certificate user. The Certificate Policy provides the information that can be used by a certificate user to decide whether or not to trust a certificate.

Certificate policies are also used to establish trust relationships between CAs (i.e. cross certification). When CAs issue cross certificates, one CA assesses and recognizes one or more certificate polices of the other CA.

Treasury’s PKI establishes an effective trust model by strict adherence to policies that govern the infrastructure. These policies are as follows:
  • Treasury X.509 Certificate Policy (CP): As required by [TDP85-01], [TREAS-CP] provides detailed policies governing the issuance and use of digital certificates. Specifically, this includes:
    • Definition of trusted roles and their responsibilities in maintaining the PKI;
    • Compliance audit parameters;
    • Naming standards for certificates;
    • Certificate and key lifecycle management;
    • Records archival;
    • Disaster recovery procedures;
    • Security controls; and
    • Certificate and Certificate Revocation List (CRL) profiles.
  • Federal Bridge Certificate Authority CP & Common Policy Framework Certificate Policy: Federal PKI Policies and Standards.

NOTE:  To view and print Adobe Portable Document Format (PDF) files, you must have Adobe Acrobat Reader v3.0 or above, or the equivalent browser plug-in, installed on your computer. To download a free copy of the Adobe Acrobat Reader, click here: