Public Key
Infrastructure (PKI)

SSS can review existing PKI implementations to providing a clear understanding of what has been deployed and if the PKI is fit for purpose. This includes a view on the current state of the PKI and its suitability to meet business needs and as an output we identify and provide recommendations where improvements could be made.

During this engagement, SSS conducts a review of the current PKI practices, PKI governance, the PKI consumption and the organisation structure that manage and approve requests as part of the Certificate Lifecycle. SSS will distribute questionnaires to facilitate information gathering and then collate the responses for inclusion in the final report. As an outcome, you will have;

• a comprehensive assessment of the current PKI technical implementation,
• understanding of the extent of the PKI consumption by the business units,
• a view of the existing PKI organisation, and
• a PKI report containing recommendations for remediation.

Our review is conducted in a pragmatic way, understanding that most businesses don’t require a PKI that needs to be trusted publicly. We ensure that your PKI is appropriate to your business and if not, make recommendations to get it that way.

SSS has extensive experience in PKI design and creating the associated  documentation including the technological, procedural, physical, personnel and audit functions and controls. This design is based on organisational use cases to balance the need for a secure and trusted infrastructure with a right sized, usable and functional service. The design process includes comprehensive design workshops to confirm the PKI hierarchy, levels of assurance and use cases that are required for the PKI.

Because the security requirements and risk postures often vary between organisations and even within business units, our design process incorporates a risk-based approach to ensure the right amount of security is incorporated to match the risk profile. We also ensure that the design will cater to  both current and future use cases. SSS has created a matrix showing portraying the levels of assurance matrix based on our experience and international standards and best practices that provides guidance on what each level means and the associated security controls/practices.

In addition to the technical component of a PKI implementation, the creation of policy artifacts satisfies the procedural aspect of PKI and is of equal importance.

Prior to deploying any CA or issuing a certificate, the policy which governs the use of the PKI must be defined. A policy usually takes into consideration regulatory and industry requirements as well as unique organisational requirements. The policy will usually specify technical aspects of the PKI such as the cryptographic algorithms that must be used as along with the operational controls for the CAs. CA-specific policies may be required before implementing the PKI to ensure that the required level of trust is established. These policies may be expressed differently depending on the required level of assurance. They can be expressed either as documented statements about certificate usage and issuance controls for a simple internal CA or as a formal Certificate Policy/Certification Practice Statement that follow IETF Public Key Infrastructure X.509 Certificate Policy and Certification Practices Framework (RFC 3647) with accompanying standard operating procedures.

As part of the SSS review process, we assess the existing policy artefacts against the documented current and future use cases and assess the documented technological, procedural, personnel, physical and audit controls against applicable standards, industry norms and the risk assessment (if one has been conducted).

For new or existing PKI, SSS can create the policy artefacts required to establish a trusted PKI to meet current and future business needs. Our policy artefacts such as Certificate Policy, Certificate Practice Statement and Key Management Plans are based off industry standards such as RFC 3647 and NIST 800-57.

The ability to design and manage a PKI is highly dependent on the skills and knowledge of those managing it. SSS has partnered with the PKI experts at PKI Solutions to build your PKI knowledge and increase your skills.

Together we offer the most up-to-date PKI training available, focusing on Microsoft Active Directory Certificate Services (ADCS) and Windows Server 2012 R2 – Windows Server 2019. All classes have a strong emphasis on security, best practices, and hands-on skills labs. There are different options to meet your needs.

The Microsoft PKI In-depth Online Training course is a deep-dive into PKI and Active Directory Certificate Services (ADCS) by focusing on building knowledge and skills with all of its features. There is a strong emphasis on security, best practices, and hands-on skills labs.

The Microsoft ADCS Advanced Online Training course is recommended for anyone who has taken the PKI In-depth Training class or is already familiar with Microsoft ADCS and is comfortable in a lab environment working with Certificate Services.

SSS provides subject matter experts in PKI and Certificate management to develop a PKI strategy and roadmap to guide the implementation and use of PKI.

The SSS PKI strategy approach includes considerations for strategic goals, policy alignment, implementation frameworks and key adoption principles.

The PKI strategy will address, inter alia the customers approach to PKI in relation to:

• PKI Use cases and consumers of certificates
• Sources of PKI that may be used
• Trust and Levels of Assurance required
• PKI Governance responsibilities
• PKI Compliance requirements
• On-premise and Cloud PKI migration and use cases
• Crypto Agility
• Post Quantum Cryptography