Rescinded [2007-07-07] - Policy for Public Key Infrastructure Management in the Government of Canada

This policy provides for the effective management of public key infrastructure in the government.
Date modified: 2004-04-26

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Archived

This page has been archived on the Web.

More information

Terminology:

Print-friendly XML
Expand all Collapse all

1. Effective date

This policy is effective April 26, 2004 and supercedes the Policy on Public Key Infrastructure Management in the Government of Canada of May 27, 1999. The short title of this policy is Government PKI Policy.

2. Application

This policy applies to all Departments listed in Schedule I, Schedule I.1 and Schedule II of the Financial Administration Act (FAA).

It also applies to:

  1. Any commission under the Inquiries Act that is designated by order of the Governor in Council as a Department for the purposes of the FAA.
  2. The Canadian Forces, with the proviso that any reference in this policy to employees does not include members of the armed forces.

Other agencies and crown corporations can enter into arrangements with the Treasury Board of Canada Secretariat to adopt the requirements of this policy and apply them to their organization.

Those departments, commissions, agencies, crown corporations and the Canadian Forces who are subject to, or adopt, this policy are hereafter referred to as "Departments".

3. Context

The Government of Canada has chosen to use Public Key technology as the preferred means of electronically authenticating the identity of individuals and of documents. Public key infrastructures, based on principles associated with public key cryptography permit, the encryption of data and the use of digital signatures to enable and facilitate secure electronic business.

One component of a Public Key Infrastructure is a Certification Authority - an Entity trusted to issue a public and private key pair to a particular individual or Entity. The Certification Authority will issue keys; revoke keys when the confidentiality of a private key may have been compromised; and provide notice as to those key pairs that have been revoked.

4. Definitions

For the purposes of this policy:

Accreditation Authority (Autorité d'accréditation) - means an individual within a Department with the authority to permit an Entity to operate one or more Certification Authorities within that Department and to accept the associated residual risk. The Chief Information Officer of the Government of Canada is responsible for the Accreditation of the Canadian Federal Public Key Infrastructure Bridge and any Common Certification Authorities.

Authentication (Authentification) - means the act of verifying (i) the validity of the identity of an individual or an Entity, or (ii) the integrity of data in electronic form.

Authorization (Autorisation) - means the act of providing, or verifying, permission for an individual or Entity to do or have something, including accessing, approving or modifying data held in electronic form.

Canadian Federal Public Key Infrastructure Bridge (Charnière fédérale canadienne de l'Infrastructure à clé publique) - means a Certification Authority that, under the direction of the Policy Management Authority, signs and manages cross-certificates with Departmental or Common top-level Certification Authorities and non-Government of Canada Certification Authorities. The Canadian Federal Public Key Infrastructure Bridge does not manage Employee or Subscriber certificates but does facilitate "interoperability" by acting as a bridge between Departmental or Common Certification Authorities within the Government of Canada Public Key Infrastructure and between the Government of Canada Public Key Infrastructure and Certification Authorities outside the Government.

Certification Authority (Autorité de certification) - means an Entity that is responsible for the operation of one or more servers used for the issuance and management of Public Key Certificates and Certificate Revocation Lists.

Certificate Policy (Politique de certification) - is a named set of rules that indicates the applicability of a public key certificate to a particular community and/or class of application with common security requirements. It indicates whether or not the public key certificate is suitable for a particular application or purpose. A Certification Authority may adopt more than one Certificate Policy.

Certification Practice Statement (Énoncé de pratiques de certification) - means a comprehensive statement of the mechanisms and procedures that a Certification Authority employs in issuing and managing Public Key Certificates in compliance with one or more Certificate Policies. If a Certification Authority adopts more than one Certificate Policy, the Certification Practice Statement must either contain, or point to other sources that contain, sufficient information to demonstrate how the requirements contained within the Certificate Policies are being met.

Certificate Revocation List (Liste de certificats révoqués) - means a list of Public Key Certificates issued but revoked by a Certification Authority before their natural expiration time.

Chief Information Officer (Dirigeant principal de l'information) - means the Chief Information Officer for the Government of Canada.

Cross-Certificate (Cocertificat) - means a certificate used to establish a trust relationship between two Certification Authorities.

Cross-Certification (Cocertification) - means a process undertaken by Certification Authorities to establish a trust relationship. The Certification Authorities exchange cross-certificates and enable users of certificates issued by one Certification Authority to interact electronically and securely with users of certificates issued by the other. When two Certification Authorities are cross-certified, they agree to trust and rely upon each other's Public Key Certificates and keys as if they had issued them themselves.

Digital Signature (Signature numérique) - means a result of a transformation of data by means of a cryptographic key system such that an individual or Entity who receives the initial data can determine whether the transformation was created using the key that corresponds to the key of the individual or Entity that performed the transformation; and whether the data has been altered since the transformation was made.

Entity (Entité) - means an association of two or more individuals, a corporation, partnership, trust, joint venture or other form of organization.

Employee (Fonctionnaire) - means any individual employed by a Department and, for greater certainty, does not include Subscribers.

Key (Clé) - means a sequence of symbols that control digital signature and encryption processes.

Operational Authority (Autorité opérationnelle) - means an individual within a Department assigned responsibility for the management of one or more Certification Authorities operated by that Department.

Pilot Project (Projet pilote) - means a small-scale test of processes and procedures to be used on a larger scale if such processes and procedures are demonstrated to be successful in practice.

Policy Management Authority (Autorité de gestion des politiques) - means the committee consisting of the Chief Information Officer, Departmental representatives and other appointees constituted to serve as the Government of Canada Public Key Infrastructure Policy Management Authority

Public Key Certificate (Certificat de clé publique) - means the public key of a user, together with other information, digitally signed with the private key of the Certification Authority that issued it. The certificate format is in accordance with the International Telecommunications Union - Telecommunications Standard Sector (ITU-T) Recommendation X.509.

Public Key Infrastructure (Infrastructure à clé publique) - means a set of policies, processes, server platforms, software and workstations used for the purpose of issuing and managing certificates and keys.

President (Président) - means President of the Treasury Board of Canada.

Registrar of Repositories (Registraire des dépôts) - means, for federal government repositories, Public Works and Government Services Canada or any other entity appointed by the Standards Council of Canada for the performance of the functions of Canadian Open Systems Interconnection Registration Authority.

Relying Party (Partie utilisatrice) - means an individual or Entity, other than the holder of the Certificate, who acts in reliance on a Certificate signed by a Certification Authority to verify a digital signature or encrypted data.

Repository (Dépôt) - means a system for storing and accessing certificates or other information relevant to certificates. An X.500 directory is an example of a repository.

Secretary (Secrétaire) - means the Secretary of the Treasury Board of Canada.

Service Provider (Fournisseur de services) - means an individual or Entity that offers services in connection with one or more aspects of the operation of a Certification Authority. A Service Provider may be a Department or a private sector entity.

Subscriber (Abonné) - means an individual or Entity, who is not an Employee, to whom a certificate is issued.

5. Policy Statement

It is government policy to promote and manage the use of public key cryptography, as a component of the government's common information management and information technology infrastructure, in order to:

  1. Support Government objectives with respect to service transformation and improvement;
  2. Facilitate and promote, for the business of the Government of Canada, the implementation and use of Public Key Infrastructures as the preferred means of authenticating the identity of individuals and documents;
  3. Promote and enable the use of Common Certification Authorities
  4. Enable and encourage co-operation and collaboration between government Certification Authorities and, on their behalf, between the government and other Certification Authorities within Canada and internationally; and
  5. Encourage the development and use of open standards for commercial products that use public key cryptography;

6. Policy Requirements

6.1 Departmental Certification Authorities

A Department, other than a Department that uses a Service Provider, before it issues any Public Key Certificates (including cross-certificates), must:

  1. Establish a Certification Authority
  2. Ensure that its Certification Authority;
    1. Manages the Public Key Certificates and Certificate Revocation Lists it issues by,
      1. Implementing one or more Certificate Policies and a Certification Practice Statement with respect to the operation of that Certification Authority; and
      2. Ensuring compliance with its Certificate Policy(ies) and Certification Practice Statement(s) by any individual or Entity acting on its behalf
    2. In applicable Certificate Policies, acceptable use policies or subscriber agreements advises Subscribers and Employees as to the respective rights and obligations of the Certification Authority, Subscribers and Employees.

In addition to the foregoing, a Department, issuing Public Key Certificates (including cross-certificates) outside the Department, must cross-certify with the Canadian Federal Public Key Infrastructure Bridge and declare annually to the Policy Management Authority that its operations comply with its Certificate Policy(ies) and Certification Practice Statement requirements.

A Department must designate one or more officials as the Operational Authority for each Certification Authority the Department operates or employs, who will provide information and/or documentation to the Government of Canada Policy Management Authority, when requested to do so, as to any aspect of the operation of the Certification Authority.

6.2 Common Certification Authorities

The Policy Management Authority may designate one or more Departmental Certification Authorities as a Common Certification Authority for the purposes of issuing Public Key Certificates on behalf of other Departments.

A Common Certification Authority must:

  1. Operate under the direction of and be accountable to the Policy Management Authority;
  2. Cross-certify through the Canadian Federal Public Key Infrastructure Bridge; and
  3. Only operate using Certificate Policies and Certification Practice Statements approved by the Policy Management Authority as well as agreements and policies meeting terms and conditions, if any, stipulated by the Policy Management Authority.

A Department may procure some or all of the services associated with the operation of a Certification Authority from a Common Certification Authority.

A Department operating a Common Certification Authority may procure some or all of the services associated with the operation of a Common Certification Authority.

6.3 Canadian Federal Public Key Infrastructure Bridge

The Communications Security Establishment shall operate the Canadian Federal Public Key Infrastructure Bridge. The Canadian Federal Public Key Infrastructure Bridge, for the purposes of cross-certification or recognition of Certification Authorities, serves as the Government of Canada's Bridge Certification Authority.

The Canadian Federal Public Key Infrastructure Bridge must only adopt Certificate Policies and a Certification Practice Statement approved by the Policy Management Authority.

The Canadian Federal Public Key Infrastructure Bridge:

  1. Signs and manages the cross-certificates it issues to:
    1. Departmental or Common Certification Authorities; and
    2. Non-Government of Canada Certification Authorities;
  2. With respect to the Government of Canada Public Key Infrastructure, advises the Policy Management Authority regarding compliance with Infrastructure technical requirements.

6.4 Procurement of Certification Authority Services

A Department may procure some or all of the services associated with the operation of a Certification Authority from a Service Provider.

A Department procuring such services must ensure that:

  1. Such policies and practices of the Service Provider deemed relevant by the Policy Management Authority, including Certificate Policies or Certification Practice Statements, adhere to criteria established by the Policy Management Authority;
  2. Subject to law, all copies of private confidentiality keys, Public Key Certificates and all information collected, maintained or held by a Certification Authority with respect to the issuance, distribution and management, including revocation, of private keys and Public Key Certificates, will be maintained only in Canada or on the premises of Canadian diplomatic and consular missions abroad.
  3. Any agreement with a Service Provider complies with the requirements of government policy and statutes for contracts for services and contain such minimum terms and conditions as may be established from time to time by the Policy Management Authority.
  4. Any agreement has the appropriate data protection/privacy provisions when personal information is collected, used, disclosed, or retained.

6.5 Membership in the Government of Canada Public Key Infrastructure and the Policy Management Authority

A Department that has certificates issued on its behalf or that operates a Certification Authority that issues Public Key Certificates is a member of the Government of Canada Public Key Infrastructure.

A Department that is a member of the Government of Canada Public Key Infrastructure may be represented on the Policy Management Authority. Membership in the Policy Management Authority must consist of:

  1. The Chief Information Officer, as Chair;
  2. A Deputy Chair, appointed by the Chief Information Officer;
  3. The Operator of the Canadian Federal Public Key Infrastructure Bridge;
  4. Each Department operating a Common Certification Authority;
  5. Each Department operating a Certification Authority which has cross-certified with the Canadian Federal Public Key Infrastructure Bridge; and
  6. Such Departmental representatives, if any, appointed to serve as Members-at-Large.

Deputy Heads of the Departments in question must name the Departmental representative to serve on the Policy Management Authority.

Each Department represented on the Policy Management Authority, regardless of the number of Certification Authorities it operates, shall have one vote.

The Chair and Deputy Chair shall each have a vote. Voting privileges may not be assigned. The Policy Management Authority shall establish quorum requirements, rules of procedure and terms of reference consistent with the responsibilities assigned in this Policy and may assign duties and functions to an Executive Committee, drawn from its members, with responsibilities as determined by such Terms of Reference as may be established and amended from time to time by the Policy Management Authority.

6.6 Cross-Certification or Recognition of Certification Authorities

6.6.1 Cross-Certification or Recognition

A Department operating a Certification Authority or Common Certification Authority that wishes to cross-certify with a Certification Authority outside the Department may only do so as a member of the Government of Canada Public Key Infrastructure.Unless authorized by the Treasury Board of Canada, cross-certification with a Certification Authority must occur only through the Canadian Federal Public Key Infrastructure Bridge.

The President may in his or her discretion, and upon recommendation of the Secretary, recognize a Certification Authority outside the Government, where it is not appropriate on policy or technical grounds for a cross-certification to be initiated.

The President, pursuant to authority provided by Order in Council, may enter into or terminate any such agreement or arrangement. Before recognizing a Certification Authority, the President shall verify that it has the capacity to issue certificates in a secure and reliable manner within the context of paragraphs 48(a) to (d) of the Personal Information Protection and Electronic Documents Act S.C. 2000, c. 5. Such Certification Authorities that are recognized by the President of the Treasury Board shall be listed on the website of the Treasury Board of Canada Secretariat.

Cross-certification with, or recognition of, a Certification Authority outside of the Government must only be done following the execution of an agreement or arrangement between the Government and the operator of the Certification Authority.

The Secretary shall provide a recommendation to the President as to the appropriate form and content of such an agreement or arrangement.

The Policy Management Authority shall advise the Secretary as to the form and content, including appropriate terms and conditions, of any proposed agreement or arrangement.

Where a Department has established a Certification Authority that has cross-certified with the Canadian Federal Public Key Infrastructure Bridge and intends to cross-certify that Certification Authority with another of its Certification Authorities that has not cross-certified with the Canadian Federal Public Key Infrastructure Bridge, then the Department must inform the Policy Management Authority. Where the Policy Management Authority is of the opinion that this cross-certification may adversely affect the Government of Canada Public Key Infrastructure, then the Policy Management Authority may take appropriate action, including downgrading or revoking the cross-certificate of the Certification Authority that has cross-certified with the Canadian Federal Public Key Infrastructure Bridge.

6.6.2 Exemption from Cross-Certification

Each time a Department proposes to have one or more of its Certification Authorities cross-certify with a Certification Authority outside the Department ("external Certification Authority"), it may apply to the Treasury Board of Canada for an exemption from the requirement to cross-certify with that external Certification Authority through the Canadian Federal Public Key Infrastructure Bridge.

A Department that issues Public Key Certificates outside the Department for a specified purpose may apply to the Treasury Board of Canada for an exemption from the requirement to cross-certify with the Canadian Federal Public Key Infrastructure Bridge.

Any request to exempt a Certification Authority from the requirement to cross-certify with the Canadian Federal Public Key Infrastructure Bridge must indicate facts that:

  1. the request for an exemption has a purpose that substantially meets the policy statement set out in Section 5 and
  2. the operational or policy requirements of the Government of Canada would not be prejudiced if the Certification Authority in question does not exchange cross-certificates with the Canadian Federal Public Key Infrastructure Bridge.

Certain classes of Certification Authorities are specifically exempt from a requirement to cross-certify through the Canadian Federal Public Key Infrastructure Bridge and Departments need not make an application for an exemption to the Treasury Board of Canada.

These classes consist of Certification Authorities:

  1. Operating in a closed environment where there is no need for Subscribers to interact with other Subscribers or Relying Parties outside the domain of the Certification Authority and where it can be demonstrated that there is no benefit from cross-certifying with the Canadian Federal Public Key Infrastructure Bridge; or
  2. Operating for reasons of national security where it can be demonstrated that there is no benefit from cross-certifying with the Canadian Federal Public Key Infrastructure Bridge;
  3. Established as Pilot Projects, provided that such Certification Authorities must cross-certify with the Canadian Federal Public Key Infrastructure Bridge no later than the second anniversary of the date that they first issue certificates for use in applications; or
  4. Operated by or on behalf of Statistics Canada solely to safeguard data collected under the authority of the Statistics Act.

The Policy Management Authority will determine whether a Certification Authority falls within an enumerated class for the purposes of exemption from a requirement to cross-certify through the Canadian Federal Public Key Infrastructure Bridge.

The Policy Management Authority may request the Treasury Board of Canada to designate other classes for exemption.

6.7 Use of Certificates and Keys by Subscribers

A Department, when it issues or causes to be issued Public Key Certificates to Subscribers, must:

  1. Develop, implement, and communicate, or cause to be communicated to such Subscribers, the terms and conditions for the appropriate use of and reliance on Public Key Certificates; and
  2. Obtain, or cause to be obtained, their signed agreement, in written or electronic form, to the terms and conditions.

Departments must, in the establishment of terms and conditions of use by Subscribers, include such minimum terms and conditions of use as established from time to time by the Policy Management Authority.

6.8 Use of Certificates and Keys by Employees

A Department, before it issues or causes to be issued Public Key Certificates to employees for use in their employment, must develop, implement, and communicate to those employees, policies and procedures concerning the use of such certificates. In establishing such policies and procedures, Departments shall consider relevant business, operational and legal requirements and include such minimum terms and conditions of use as established from time to time by the Policy Management Authority.

6.9 Repository

A Department that establishes a Certification Authority must ensure that:

  1. Its Public Key Certificates and Certificate Revocation Lists are published in a Repository that is accessible for the purposes of verifying the validity of such lists;
  2. Any information concerning its Public Key Certificates and Certificate Revocation Lists in the Repository is current, accurate and conforms to the requirements of applicable Certificate Policies; and
  3. The Repository:
    1. Conforms to such standards established, or designated as applicable, by the Policy Management Authority;
    2. Is interoperable with other repositories associated with Certification Authorities subject to this Policy; and
    3. Is registered with the Registrar of Repositories.

6.10 Information and Key Management

A Department must establish policies and procedures to manage information created in the course of its operation of a Certification Authority. Such information includes personal information about Employees, Subscribers and Relying Parties, and must be managed in accordance with the Privacy Act , the Access to Information Act and, to the extent applicable, with the Library and Archives Act and other relevant government legislation and policies.

A Department must retain a copy of Employees' private confidentiality keys for data recovery purposes; notify Employees that their private confidentiality keys are backed up; and, notify Employees when the Department accesses their private confidentiality keys.

A Department must not:

  1. Back up the private confidentiality keys of Subscribers without their consent;
  2. Access or disclose the private confidentiality keys of Subscribers except with their prior consent, or where required by law or judicial authorization; or
  3. Retain or have retained, under any circumstances, a copy of private digital signature keys. For the purposes of the Policy, storage of private digital signature keys on Departmental servers but under the control of the Subscriber or Employee is not retention by a Department.

A Department may, in the management and use of Public Key Certificates, engage in such practices as import, export or replication of public keys or the replication of Public Key Certificates. Such practices have both initial and residual risks and a Department must actively manage the risk associated with such activities.

6.11 Financial Responsibility

In the adoption of one or more Certificate Policies governing Public Key Certificates issued by a Certification Authority it operates, a Department must:

  1. Establish and communicate, or cause to be communicated, to relevant parties, including Subscribers and Relying Parties, any limits for any judgement, award or settlement made against it by reason of the use of such Public Key Certificates;
  2. Where it is a member of the Government of Canada Public Key Infrastructure, comply with the procedures and rules as established from time to time to determine the allocation of financial responsibility and accountability for any judgement, award or settlement among such members.

6.12 Monitoring

The Treasury Board of Canada Secretariat shall monitor compliance with this Policy through reports provided by Operational Authorities to the Policy Management Authority.

7. Responsibilities of other government organizations

Where not otherwise described in this Policy, the following states the respective responsibilities of those within the Government responsible for the management of, generally, authentication using Public Key Certificates and, specifically, the Government of Canada Public Key Infrastructure.

7.1 Treasury Board of Canada Secretariat

7.1.1 President of the Treasury Board

Pursuant to authority provided by Order in Council, the President, on the recommendation of the Secretary, is responsible for entering into and terminating written agreements or arrangements for cross-certification with, or recognition of, Certification Authorities outside the Government.

7.1.2 Secretary, Treasury Board of Canada Secretariat

The Secretary is responsible for establishing and coordinating direction and policy within the Government for authentication management using Public Key Certificates.

With respect to authentication management using Public Key Certificates, the Secretary carries out this responsibility by:

  1. Recommending to the President the terms and conditions of cross-certification or recognition agreements or arrangements, and the withdrawal from, or termination of, cross-certification or recognition arrangements;
  2. Identifying requirements and recommending policies for adoption by Treasury Board of Canada;
  3. Providing advice to the Treasury Board of Canada and Departments; and
  4. Establishing and maintaining the Policy Management Authority for the Government of Canada Public Key Infrastructure.

7.1.3 Chief Information Officer for the Government of Canada

The Chief Information Officer:

  1. Serves as Chair of the Policy Management Authority;
  2. Appoints a Deputy Chair of the Policy Management Authority and selects Departments to be represented by Members-at-Large;
  3. Is responsible for the Accreditation of the Canadian Federal Public Key Infrastructure Bridge and Common Certification Authorities; and
  4. Supports the Secretary and the Policy Management Authority with respect to their respective responsibilities for the direction and management of the Government of Canada Public Key Infrastructure.

7.2 Policy Management Authority

The Policy Management Authority is responsible to the Secretary for the direction and management of the Government of Canada Public Key Infrastructure. It makes recommendations to the Secretary with respect to membership in the Government of Canada Public Key Infrastructure and the cross-certification or recognition of Certification Authorities.

The Policy Management Authority carries out its responsibility by:

  1. Advising the Secretary on recommendations to the President concerning cross-certification or recognition agreements or arrangements including the withdrawal from, or termination of, such agreements or arrangements;
  2. Designating one or more Departments to act as Common Certification Authorities;
  3. Establishing policies, procedures (including registration procedures) and operating standards for Common Certification Authorities;
  4. Establishing and approving appropriate mechanisms, controls and reporting structures, including operational standards and guidelines, for the management of the Canadian Federal Public Key Infrastructure Bridge and Certification Authorities within the Government of Canada Public Key Infrastructure;
  5. Where required, directing the Canadian Federal Public Key Infrastructure Bridge to issue, downgrade or revoke cross-certificates;
  6. Representing the Government with external organizations for any purpose related to the promotion of authentication using Public Key Certificates and the better operation of the Government of Canada Public Key Infrastructure, including participation in other Bridge Certification Authorities operated by or with entities outside the Government;
  7. Establishing and approving Certificate Policies for the Canadian Federal Public Key Infrastructure Bridge or any Common Certification Authorities and making them available for use by Departmental Certification Authorities;
  8. Administering the Electronic Authentication and Authorization Policy , or any successor policy, to the extent it applies to the management and use of Public Key Certificates and keys by Departments;
  9. Appointing decision-makers in the event of disputes between Certification Authorities, and establishing dispute resolution procedures;
  10. Ensuring government-wide interoperability with respect to authentication using Public Key Certificates;
  11. Ensuring the Government of Canada is informed of developments in authentication using Public Key Certificates, public key technology and infrastructures, including standards and industry practices; and
  12. Promoting awareness of the role of authentication using Public Key Certificates in enabling secure service delivery, public administration and communications.

7.3 Communications Security Establishment

The Communications Security Establishment manages and operates the Canadian Federal Public Key Infrastructure Bridge. As such, it signs and manages the cross-certificates of external, Departmental and Common Certification Authorities that cross-certify with the Canadian Federal Public Key Infrastructure Bridge.

As the cryptology and information technology security technical authority for the Government of Canada Public Key Infrastructure, the Communications Security Establishment is responsible to:

  1. Develop operational standards and technical documentation, with respect to system certification and accreditation, risk and vulnerability analysis, product evaluation, system and network security analysis, in consultation with the Policy Management Authority and Departments, as they relate to the Government of Canada Public Key Infrastructure and related applications;
  2. Provide advice and assistance to the Policy Management Authority and Departments on operational standards and technical documentation;
  3. Provide strategic security engineering services and expert technical advice to support the design, implementation and operation of the Government of Canada Public Key Infrastructure and related critical infrastructure elements;
  4. Develop and provide specialized training, especially with respect to network vulnerabilities and appropriate mitigation strategies, and conduct related technical research and development;
  5. Under Policy Management Authority direction,
    1. Maintain and advise on the overall system architecture of the Government of Canada Public Key Infrastructure; and
    2. Represent the Government of Canada on national and international technical committees pertaining to Public Key Infrastructures.

The Communications Security Establishment also manages and operates the Secure Emerging Technologies Testbed, which is used to support interoperability testing between various secure emerging technology applications and the Government of Canada Public Key Infrastructure.

8. References

8.1 Authority

This policy is issued pursuant to the Financial Administration Act,subsection 7(1).

8.2 Publications

This policy should be read in conjunction with the following Treasury Board policies:

Access to Information

Privacy and Data Protection

Common Services

Contracting

Government Security Policy

Management of Government Information

Policy on decision making in limiting contractor liability in crown procurement contracts (effective September 2003)

Management of Information Technology

Policy on Electronic Authorization and Authentication

Policy on the Use of Electronic Networks

Risk Management and Security

These policies are available at http://www.tbs-sct.gc.ca/tbs-sct/index-eng.asp.

See the Treasury Board of Canada Secretariat, Chief Information Officer web site at http://www.tbs-sct.gc.ca/cio-dpi/index-eng.asp for up-to-date information related to authentication using Public Key Certificates.

9. Enquiries

Enquiries concerning the intent and implementation of this policy should be directed to:

Chief Information Officer Branch
Treasury Board Secretariat
Facsimile:(613) 946-9893
e-mail: pki-icp@tbs-sct.gc.ca

Expand all Collapse all
Report a problem or mistake on this page
Date modified: