Evidential National Security PKI Case Study

Evidential National Security PKI

PKI Requirements

We were headhunted to rescue a national security PKI implementation. The PKI serves to protect classified data in transit to ensure that it is not tampered with; maintains its privacy and is received from or sent to a known and validated source. PKI also ensures that the data is transferred in a way that supports electronic non-repudiation to preserve its evidential weight and ensure admissibility before Courts of law.

Work Undertaken

Starting from the contract, we compared the PKI solution with the business and PKI technical requirements. In particular, we noted a weak trust model, policy gaps and unclear roles.

Value Added

Our PKI consultancy work mitigated urgent business risks such as duty of care, legal challenges, repudiation, data loss and espionage.  We added value in the following areas:

  • Designed a new and coherent PKI Trust Model;
  • We designed the PKI Policy framework and authored the Certificate Policy (CP); Certification Practices Statement (CPS); Key Generation Ceremony; Subscriber and Rely Party Agreements; and
  • We designed and/or led teams creating PKI High Level Design (HLD) and Low Level Designs (LLD) for HSM Appliances and Smartcard management devices.