A step in designing and implementing a public key infrastructure (PKI) is determining the groups or users who will manage it. To facilitate secure administration of Certificate Services, the Microsoft Windows Server 2003 PKI supports Common Criteria role separation. Common Criteria defines that PKI management be configured so that no single person has full control and thereby protects an organization against a "malicious PKI administrator."
Other roles also must be considered when designing and implementing your organization's PKI in addition to the roles defined in the Common Criteria protection profile. This chapter will discuss how to plan PKI membership and implement role separation.
Was this article helpful?