Public Key Infrastructure (PKI) Definition

PKI Best Practices
Picture
PKI is a framework of services that provides for the generation, distribution, control and accounting of our public key certificates from a trusted 3rd party – Certificate Authority (CA).  This includes software, hardware, facilities, people, policies and processes. The owners of the keys will be people, devices and applications (Pyle, 2009). Specifically, the PKI will be applied to the customers, Providers and Employees within our existing network infrastructure. This will use X.509 certificates to ensure interoperability (applications, web servers, etc.).
 It is best to implement a two-tier hierarchy which includes a Root (Certificate Authority) CA and an Issuing CA. This design is the generally accepted practice for most enterprises and provides two advantages; increased security and flexibility.  It provides increased security over a single tier because the Root CA and the Issuing CA roles are separated.  This allows the Root CA to be off-line so the private key of the Root CA is better protected (Pyle, 2009).  Additionally, there is increased scalability and flexibility because there can be multiple issuing CA’s that are subordinate to the Root CA.  This will allow greater flexibility to manage security across geographies that have varying security regulations.

Recommendation PKI Implementation Approach

The table below describes how the private keys will be managed; generated, distributed, revoked, stored and protected
Jeff Howell  -  San Carlos, CA  -  Privacy Statement - email Jeff