UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

ETSI - TS 119 431-1

Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service providers; Part 1: TSP service components operating a remote QSCD / SCDev

active, Most Current
Organization: ETSI
Publication Date: 1 May 2021
Status: active
Page Count: 30
scope:

The present document specifies generally applicable policy and security requirements for Trust Service Providers (TSPs) implementing a service component operating a remote signature creation device (SCDev). Specific requirements apply when the device is a QSCD as defined in Regulation (EU) No 910/2014 [i.1].

The service component consists of a signing application and a QSCD / SCDev. The term used in the present document is Server Signing Application Service Component (SSASC).

The policy and security requirements are defined in terms of requirements for creation, maintenance, life-cycle management and use of signing keys used to create digital signatures.

The present document gives no restrictions on the type of TSP implementing such a component.

The present document is aimed to be used by independent bodies as the basis for a conformity assessment that a TSP can be trusted for operating a remote QSCD / SCDev.

The present document supports European and other regulatory frameworks.

NOTE 1: Specifically, but not exclusively, the present document is aimed at qualified and non-qualified trust service providers, providing the creation of digital signatures supporting electronic signatures and electronic seals (both advanced and qualified) in accordance with the requirements of Regulation (EU) No 910/2014 [i.1]. Annex A contains requirements that are specific for an SSASC in the context of Regulation (EU) No 910/2014 [i.1].

The present document does neither specify how fulfilment of the requirements can be assessed by an independent conformity assessment body, nor requirements for information to be made available to such independent assessors, or requirements on such assessors.

NOTE 2: See ETSI EN 319 403 [i.3] for guidance on assessment of a TSP's processes and services.

NOTE 3: The present document references ETSI EN 319 401 [1] for general policy requirements common to all TSP services covered by ETSI standards.

The present document does not specify protocols used to access the SSASC.

NOTE 4: Protocols for remote digital signature creation are defined in ETSI TS 119 432 [i.4].

The present document identifies specific controls needed to address risks associated with services operating remote QSCD / SCDev.

Document History

TS 119 431-1
May 1, 2021
Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service providers; Part 1: TSP service components operating a remote QSCD / SCDev
The present document specifies generally applicable policy and security requirements for Trust Service Providers (TSPs) implementing a service component operating a remote signature creation device...
TS 119 431-1
December 1, 2018
Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service providers; Part 1: TSP service components operating a remote QSCD / SCDev
The present document specifies generally applicable policy and security requirements for Trust Service Providers (TSP) implementing a service component operating a remote signature creation device...

References

This document references:
EN 319 401 - Electronic Signatures and Infrastructures (ESI); General Policy Requirements for Trust Service Providers
Published by ETSI on May 1, 2021
The present document specifies general policy requirements relating to Trust Service Providers (TSPs) that are independent of the type of TSP. It defines policy requirements on the operation and...
This document references:
EN 319 411-1 - Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates; Part 1: General requirements
Published by ETSI on October 1, 2023
A description is not available for this item.
This document references:
TS 119 431-2 - Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service providers; Part 2: TSP service components supporting AdES digital signature creation
Published by ETSI on June 1, 2023
The present document provides policy and security requirements for Trust Service Providers (TSPs) implementing a service component supporting AdES digital signature creation. This component contains...
This document references:
EN 419221-5 - Protection Profiles for TSP Cryptographic Modules - Part 5: Cryptographic Module for Trust Services
Published by CEN on May 1, 2018
This part of EN 419221 specifies a Protection Profile for cryptographic modules which is intended to be suitable for use by trust service providers supporting electronic signature and electronic...
This document references:
EN 419241-1 - Trustworthy Systems Supporting Server Signing - Part 1: General System Security Requirements
Published by CEN on July 1, 2018
General This document specifies security requirements and recommendations for Trustworthy Systems Supporting Server Signing (TW4S) that generate digital signatures. The TW4S is composed at least of...
This document references:
EN 419241-2 - Trustworthy Systems Supporting Server Signing - Part 2: Protection profile for QSCD for Server Signing
Published by CEN on February 1, 2019
A description is not available for this item.
This document references:
EN 319 401 - Electronic Signatures and Infrastructures (ESI); General Policy Requirements for Trust Service Providers
Published by ETSI on May 1, 2021
The present document specifies general policy requirements relating to Trust Service Providers (TSPs) that are independent of the type of TSP. It defines policy requirements on the operation and...
This document references:
EN 319 403 - Electronic Signatures and Infrastructures (ESI); Trust Service Provider Conformity Assessment - Requirements for conformity assessment bodies assessing Trust Service Providers
Published by ETSI on August 1, 2015
The present document contains requirements for the competence, consistent operation and impartiality of conformity assessment bodies assessing and certifying conformity of trust service providers...
This document references:
EN 319 411-1 - Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates; Part 1: General requirements
Published by ETSI on October 1, 2023
A description is not available for this item.
This document references:
TS 119 431-2 - Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service providers; Part 2: TSP service components supporting AdES digital signature creation
Published by ETSI on June 1, 2023
The present document provides policy and security requirements for Trust Service Providers (TSPs) implementing a service component supporting AdES digital signature creation. This component contains...
This document is referenced by:
TS 119 461 - Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service components providing identity proofing of trust service subjects
Published by ETSI on July 1, 2021
The scope of the present document is policy and security requirements for trust service components providing identity proofing of trust service subjects. Such a trust service component can be...
This document is referenced by:
TR 119 000 - Electronic Signatures and Infrastructures (ESI); The framework for standardization of digital signatures and trust services; Overview
Published by ETSI on May 1, 2023
The present document describes the general structure for ETSI/CEN digital signature standardization outlining existing and potential standards for such signatures, hereafter referred to as the...
View Less
View All
Advertisement