Evaluating Certificate Policy - Certification Practice Statement of Unique Government Certification Authority using Public Key Infrastructure Assessment Guidelines: Research in Progress
This work addresses compliance issues in a specific government certification authority's policies, which is incremental as it applies existing assessment methods to a new case.
The researchers analyzed the Certificate Policy and Certification Practice Statement (CP-CPS) version 1.0 of the Indonesian Government Certification Authority OSD PSE G2 using PKI Assessment Guidelines and found it does not comply with related standards, requiring updates.
OSD PSE is the Indonesian Government Certification Authority (CA) for National e-Procurement System and later named OSD PSE G2. It has a unique hierarchical structure under the OSD Lemsaneg. As an Issuing CA, the OSD PSE G2 publishes and guarantee the quality of the Certificate Policy and Certification Practice Statement (CP-CPS) in order to gain the PKI user trustworthy. In this article, we analyze the CP-CPS version 1.0 that published by OSD PSE G2. For this purpose, we apply the methodology of PKI Assessment Guidelines (PAG). The quality assessment of this CP-CPS, including its compliance to the related reference/standard, namely: CP OSD Lemsaneg v.1.1; RFC 3647; and CA Business Practice Disclosure Principle on Trust Service Principles and Criteria for Certification Authorities (BPDP-TSPCCA) version 2.0. We finally found that the CP-CPS version 1.0 does not comply with related standard and reference. Hence, the CP-CPS need to be updated following the current condition of OSD PSE G2.