IDA Singapore - Policies & Regulation - Security Guidelines for Certification Authorities
 
Singapore Government Online Homepage
  Infocomm Development Authority of Singapore Website   IDA
Contact IDA Send Feedback To IDA Sitemap
Home  |  About Us Programmes Technology Publications News & Events
 
Infocomm Adoption Infocomm Industry Manpower Policies and Regulation Infrastructure
  Increase Text Decrease Text
Subscribe To News Feeds Add To Favourites Email This Page Print This Page
Policies & Regulation
  Overview  
  What's New  
  Acts & Regulations  
  Codes of Practice & Guidelines  
  Regulatory Policies & Frameworks  
  Information Economy Policies & Frameworks  
  Licensing  
  Consultation Papers & Decisions  
  Information Papers  
  Standards  
  International Relations  
  Industry Committees/Working Groups  
  Postal  
  Consumers  
 
 
Policies & Regulation
Home  >>  Policies & Regulation  >>  Acts & Regulations   >>  Electronic Transactions Act  >>  Security Guidelines for Certification Authorities
 
 
Security Guidelines for Certification Authorities

The BS7799 Standard is a comprehensive set of controls comprising the best practices in information security. It is an internationally recognised generic information security standard.

The BS7799 comprises of two parts, namely:

  • BS 7799-1:2000 (Information Technology - Code of practice for information security management) and;
  • BS 7799-2:2002 (Information Security Management - Specification for information security management systems)

The BS7799 Standard is intended as a single point of reference for identifying a range of controls needed for most situations where information systems are used in industry and commerce. It establishes the basic framework for implementing adequate IT security that preserves and protects the quality of an organisation's informational assets.

The "Security Guidelines for CAs " document defines the security guidelines for the management, systems and operations of a certification authority (licensed or potential licensee). It is intended for use by the management, security, technical and operational personnel of a certification authority.

Together, the documents provide the holistic security framework for managing and operating a CA and protecting its informational assets and general IT systems and operations at the same time.

Potential licensees and licensed CA's may obtain a copy of the BS7799 from its official website.

Other economies have similarly set out electronic commerce regimes with specifications for the operations of CAs. Two such examples of the specifications are the WebTrust Program for CA version 1.0 used in Canada and United States of America, as well as the European Telecommunications Standards Institute (ETSI) TS 101 456 requirements used within Europe. In recognition that many entities operate across international boundaries and may wish to have a comparision of the different regimes, the Controller of CA has commissioned a study that compares the audit requirements for a licensed CA in Singapore, against the audit requirements of these regimes. Interested parties could obtain a copy of the report which highlight with explanation the areas of comparison.

The report is conducted by a third party consultant, and the Controller of CA and IDA would not owe a duty of care to any party to whom the report is distributed. The Controller of CA and IDA do not assume any responsibility or liability for any losses suffered by any party as a result of the circulation, publication, reproduction or other use of the report.



  
Last Updated on 13 March 2008
 
  Privacy statement  |  Terms of use   |  Rate This Site © 2008 Infocomm Development Authority of Singapore  
 Best viewed using IE 6.0+ or Firefox 2.0 and above , Screen Resolution 1024 x 768