Digi-CAST™ Compliance, Certification & Standards

Owning & Operating a Trust Centre

Most government related or national PKI projects require a Trust Centre [1]. For any computer room or data centre to become a Trust Centre, it must comply with certain standards [2]. Some of these also require that the Trust Centre be certified [3].

The C-A-S-T methodology was pioneered by Digi-Sign in 2004 after many years of developing and deploying CAs around the world and follows such information security standards as ISO 27001 (previously BS 7799-2, BS 7799, BS 7799 Part 2), 93/1999/EC [4], ETSI 101 456, HIPAA, Sarbanes Oxley, SB 1386, Gramm-Leach Bliley, EAL, ETSI, CWA, ICAO for MRTD and many others.

Alternative Trust Centre Options

You could reduce the financial commitment of owning your own Trust Centre by becoming a Trusted Services Providers [TSP] [5]. As a TSP you can reduce the overall costs [6] whilst still owning a complete Digi-CA™ [7] system infrastructure. Your personnel will operate, manage and administer it whilst also managing the sales and marketing of the Trust Centre, in co-operation with Digi-Sign.

If this level of commitment is not what you want to consider, then the CSP [1] is another Partner Programme:

• You should consider becoming a Certificate Services Provider [1] [CSP]

• Become a Reseller [8] without any advance financial commitment
• Become a Agent [9] without any financial commitment in advance

Digi-CAST™ Components

The Digi-CAST™ methodology has four distinctly separate components that are modified to meet your specific needs:

• Digi-CAST1™ - project evaluation
• Consultation, Assessment, Security & Technical

• Digi-CAST2™ - planning & delivery
• Certificate Authority Solutions & Team

• Digi-CAST3™ - compliance & certification
• Compliance, Audit, Standards & Training

• Digi-CAST4™ - ongoing compliance
• Continued Assessment & Security & Testing

The following list outlines the components of each CAST methodology:

• Digi-CAST1™
• Personnel & 'skills pool' interviews
• Operations & environment overview
• Compliance assessment & requirements
• S.W.O.T. analysis
• Technical specifications & planning
• Costing, budgeting, CAST2 preparation
• Documentation

• Digi-CAST2™
• Project planning
• Laboratory testing
• Compliance & training documentation
• Standards & certification
• Delivery & installation
• Testing & piloting
• Documentation

• Digi-CAST3™
• Specialist document preparation
• Specialist personnel training
• Third-party penetration testing
• Compliance pre-audit
• Initial certification & accreditation
• Standards updates
• Compliance revisions

• Digi-CAST4™
• SLA enforcement
• Knowledge transfer & feedback
• Compliance advice & support
• Patching, upgrading, testing
• Documentation verification
• Annual audit assistance
• Compliance escalation