Security requirements imposed on the conforming CA are indicated in the CPS. In every case this policy states that CA MUST be run on a dedicated workstation. The workstation MUST be physically secured.
No stipulation.
The physical access to the site in which the CA operates MUST be restricted only to explicitly authorized people.
No stipulation.
No stipulation.
No stipulation.
No stipulation.
No stipulation.
No stipulation.
All the issues related to procedural control like the definition of trusted roles MUST be specified in the CPS.
No stipulation.
No stipulation.
No stipulation.
The personnel operating the CA MUST be technically and professionally competent. Every conforming CA SHOULD specify in the CPS further details concerning this particular topic and the related issues.
No stipulation.
No stipulation.
No stipulation.
No stipulation.
No stipulation.
No stipulation.
No stipulation.