Certificate policy and Certification Practice Statement for root CA Indonesia

Abstract

Certificate Policy (CP) and Certification Practice Statement (CPS) are required documents for Certification Authority (CA) to describe its information security mechanism, business processes and regulation compliance. Ministry of Communication and Information Technology (MCIT) Indonesia need to compose CP and CPS because of its role as Root CA in Indonesia National Public Key Infrastructure (INPKI). This research proposes CP and CPS for Root CA Indonesia following the content structure in Request for Comment (RFC) 3647. The proposed CP and CPS involve elaboration among applied technology, procedures of information security, and legal aspect of information security in Indonesia. Significant contribution of this research is the development of CP and CPS as fundamental standards in establishing Indonesia National Public Key Infrastructure (INPKI) as part of national information security system. Moreover, Webtrust Perspective Criteria is used to appraise the comprehensiveness of CP and CPS. As a result, the constructed CP and CPS have 96 percent suitability (43 criteria out of 45). This performance indicates that CP and CPS are applicable and ready to be adopted by Root CA Indonesia.