5.1.4 Administrator Credential Issuance
The procedures used by a human CA administrator to control access must be kept free from penetration and human error. These procedures include the following:
Assign a name to the CA administrator. Kerberos domains assign a name to each CA administrator.
Add the name of the new CA administrator to a named group of administrators.
Add the named group of administrators to the ACL that is used by the CA.
The following list provides a few examples of security risks:
Penetration: Social engineering
Human error: Misspellings
Human error: Unwarranted assumptions