CONTENTS - ITU-T Rec. X.842 (10/2000) Information technology � Security techniques � Guidelines for the use and management of trusted third party services

�1�� Scope
�2�� References
�� 2.1�� Identical Recommendations | International Standards
�� 2.2�� Paired Recommendations | International Standards equivalent in technical content
�� 2.3�� Additional References
�3�� Definitions
�4�� General Aspects
�� 4.1�� Basis of Security Assurance and Trust
�� 4.2�� Interaction between a TTP and Entities Using its Services
�� 4.2.1�� In-line TTP Services
�� 4.2.2�� On-line TTP Services
�� 4.2.3�� Off-line TTP Services
�� 4.3�� Interworking of TTP Services
�5�� Management and Operational Aspects of a TTP
�� 5.1�� Legal Issues
�� 5.2�� Contractual Obligations
�� 5.3�� Responsibilities
�� 5.4�� Security Policy
�� 5.4.1�� Security Policy Elements
�� 5.4.2�� Standards
�� 5.4.3�� Directives and Procedures
�� 5.4.4�� Risk Management
�� 5.4.5�� Selection of Safeguards
�� 5.4.5.1�� Physical and Environmental Measures
�� 5.4.5.2�� Organisational and Personnel Measures
�� 5.4.5.3�� IT Specific Measures
�� 5.4.6�� Implementation Aspects of IT Security
�� 5.4.6.1�� Awareness and Training
�� 5.4.6.2�� Trustworthiness and Assurance
�� 5.4.6.3�� Accreditation of TTP Certification Bodies
�� 5.4.7�� Operational Aspects of IT Security
�� 5.4.7.1�� Audit/Assessment
�� 5.4.7.2�� Incident Handling
�� 5.4.7.3�� Contingency Planning
�� 5.5�� Quality of Service
�� 5.6�� Ethics
�� 5.7�� Fees
�6�� Interworking
�� 6.1�� TTP-Users
�� 6.2�� User-User
�� 6.3�� TTP-TTP
�� 6.4�� TTP-Law Enforcement Agency
�7�� Major Categories of TTP Services
�� 7.1�� Time Stamping Service
�� 7.1.1�� Time Stamping Authority
�� 7.2�� Non-repudiation Services
�� 7.3�� Key Management Services
�� 7.3.1�� Key Generation Service
�� 7.3.2�� Key Registration Service
�� 7.3.3�� Key Certification Service
�� 7.3.4�� Key Distribution Service
�� 7.3.5�� Key Installation Service
�� 7.3.6�� Key Storage Service
�� 7.3.7�� Key Derivation Service
�� 7.3.8�� Key Archiving Service
�� 7.3.9�� Key Revocation Service
�� 7.3.10�� Key Destruction Service
�� 7.4�� Certificate Management Services
�� 7.4.1�� Public Key Certificate Service
�� 7.4.2�� Privilege Attribute Service
�� 7.4.3�� On-line Authentication Service Based on Certificates
�� 7.4.4�� Revocation of Certificates Service
�� 7.5�� Electronic Notary Public Services
�� 7.5.1�� Evidence Generation Service
�� 7.5.2�� Evidence Storage Service
�� 7.5.3�� Arbitration Service
�� 7.5.4�� Notary Authority
�� 7.6�� Electronic Digital Archiving Service
�� 7.7�� Other Services
�� 7.7.1�� Directory Service
�� 7.7.2�� Identification and Authentication Service
�� 7.7.2.1�� On-line Authentication Service
�� 7.7.2.2�� Off-line Authentication Service
�� 7.7.2.3�� In-line Authentication Service
�� 7.7.3�� In-line Translation Service
�� 7.7.4�� Recovery Services
�� 7.7.4.1�� Key Recovery Services
�� 7.7.4.2�� Data Recovery Services
�� 7.7.5�� Personalisation Service
�� 7.7.6�� Access Control Service
�� 7.7.7�� Incident Reporting and Alert Management Service
Annex A � Security Requirements for Management of TTPs
Annex B � Aspects of CA management
�� B.1�� Example of Registration Process Procedures
�� B.2�� An example of requirements for Certification Authorities
�� B.3�� Certification Policy and Certification Practice Statement (CPS)
Annex C � Bibliography