6.1. Key Pair Generation and Installation

6.2. Private Key Protection

6.3. Other Aspects of Key Pair Management

6.4. Activation Data

6.5. Computer Security Controls

6.6. Life Cycle Technical Controls

6.7. Network Security Controls

This policy strongly suggests that the machine on which the cryptographic module used for CA operations SHOULD be kept off-line to prevent network attacks. In every case network access to the CA workstation MUST be limited in order to protect the CA's private key in an appropriate way from disclosure.

6.8. Cryptographic Module Engineering Controls

No stipulation.