Certificate Practice Statements

A certificate practice statement is a document that outlines the practices IT uses to manage the certificates it issues. It describes how the company’s certificate policy is interpreted according to the operating procedures and organizational architecture of the company. Included in the certificate practice statement is information of the following types:

• Identifying information for the CA, including its name, server name, and DNS address

• Certificate policies implemented by the CA and the types of certificates that it issues

• Policies, procedures, and processes for issuing, renewing, and recovering certificates

• Available cryptographic algorithms, CSPs, and key lengths

• CA security, including physical, network, and procedural components

• Certificate revocation policies, including conditions under which certificates are revoked, in addition to CRL distribution points and publication intervals

• The lifetime of each certificate that the CA issues with a policy for renewing certificates before they expire