ETSI - TS 119 101
Electronic Signatures and Infrastructures (ESI); Policy and security requirements for applications for signature creation and signature validation
|Publication Date:||1 March 2016|
The present document provides general security and policy requirements for applications for signature creation, validation and augmentation.
The present document is primarily relevant to the following actors:
• Implementers and providers of applications for signature creation, signature validation and/or signature augmentation, who need to ensure that relevant requirements are covered.
• Actors that integrate applications for signature creation, signature validation and/or signature augmentation components with business process software (or use standalone software), who want to ensure proper functioning of the overall signature creation/validation/
The present document is applicable to these actors, and their evaluators (for a self-evaluation or an evaluation by a third party) to have a list of criteria against which to check the implementation.
The requirements cover applications for signature creation, signature validation and/or signature augmentation, i.e. the implementation and provision of the Signature Creation/Validation/
• Legal driven policy requirements.
• Information security (management system) requirements.
• Signature creation, signature validation and signature augmentation processes requirements.
• Development and coding policy requirements.
• General requirements.
Protection Profiles (PP) for signature creation applications and signature validation applications are out of scope and are defined in the CEN standard "Protection Profiles for Signature Creation & Validation Applications" [i.9].
General requirements for trust service providers are provided in ETSI EN 319 401 [i.24]. Requirements for trust service providers providing signature creation or validation services are out of scope. Requirements on trust service providers providing signature creation services are to be defined in ETSI TS 119 431 [i.22], with CEN EN 419 241 [i.21] defining requirements for a remote signature creation device. Requirements on trust service providers providing signature validation services are to be defined in ETSI TS 119 441 [i.23].