The following are included in the SSS PKI service.
SSS can establish or review a PKI design based on organisational use cases to balance the need for a secure and trusted infrastructure with usable and functional service.
We understand that the security requirements and risk postures vary between organisations and even within business units. Our design process incorporates a risk-based approach to ensure the right amount of security is incorporated to match the risk profile for current and future PKI use cases. We design the PKI in such a way that you are able to leverage the PKI for future use cases without the need to redo or replace the infrastructure.
PKI Policy Creation and Review
SSS has extensive experience creating and reviewing policy artefacts required to establish a trusted PKI that are required to meet the current and future business needs. Upon completion of a review, we can make recommendations to ensure that your policies comply with industry standards and international best practice.
Policies and procedures for the establishment of a PKI provide the certainty that the PKI has been established securely, has integrity and if necessary, can be re-built with confidence. The policy artefacts such as Certificate Policy, Certificate Practice Statement and Key Management Plans are based on industry standards and international best practices such as RFC 3647 and NIST 800-57.
Key Generation Ceremony
SSS has the experience and skillsets for the development and review of key generation ceremony scripts to meet the stringent requirements of highly classified government environments and large financial organisations that alight itself to international standards such as ISO 21188. We can also conduct and facilitate key generation ceremonies.
At the heart of any PKI is the key generation ceremony, which is a tightly controlled and auditable process used to generate the necessary key material required to establish a trusted PKI. When considering a PKI, it is critical that it is conducted in a well-documented and well executed environment. The steps leading to the establishment of a PKI should be beyond question and establish the trust that is required for its consumption.
SSS has been implementing Hardware Security Modules (HSM) in the most highly classified environments in government, commercial entities and banking organisations. We are currently the only organisation in New Zealand that has certified Gemalto (SafeNet) HSM engineers.
SSS currently provides HSM services to our integration partners, commercial clients and government entities which include:
- Advisory services
- Architecture Design
- Installation and configuration
Certificate Authority Management
SSS, with its skilled resources, currently assists Government and banking clients with the management of their Certificate Authorities ensuring the platform is operating as envisaged. This managed service is based on the knowledge that not all organisations have PKI staff that can be used for this role. This service allows organisations to focus on their core business and leaves the management of the PKI to a capable and trusted partner.
This service include the following:
- Development of operational PKI processes.
- PKI audits to ensure compliance with policies and PKI best practice.
- Implementation of updates and upgrades of installed software and hardware components.
- PKI component system health checks, reports and remediation.
- Registration authority officer functions.
- Other required PKI operational functions.