5.1.4 Administrator Credential Issuance

The procedures used by a human CA administrator to control access must be kept free from penetration and human error. These procedures include the following:

  1. Assign a name to the CA administrator. Kerberos domains assign a name to each CA administrator.

  2. Add the name of the new CA administrator to a named group of administrators.

  3. Add the named group of administrators to the ACL that is used by the CA.

The following list provides a few examples of security risks:

  • Penetration: Social engineering

  • Human error: Misspellings

  • Human error: Unwarranted assumptions