1. INTRODUCTION
1.1. Overview
This document follows the
structure suggested in RFC 2527. General Mills’ Public Key Infrastructure usage
is designed exclusively for the use of General Mill’s employees and business
partners. Only supported corporate applications
can be used with General Mills certificates. No other use is permitted or
implied.
1.2. Identification
Company
General Mills
Applications
All approved policies applied to OID: 1.3.6.1.4.1.5750
Document Title
General Mills Public Key Infrastructure Certificate
Policy
Document Version
Revision: 2.0
Document Date
Date: 02/21/2004
1.3. Community and Applicability
This document describes the policies and operation of an infrastructure which will be termed the ‘‘General Mills Public Key Infrastructure.’’ This infrastructure assumes the use of X.509 version 3 certificates and complies with this format.
1.4. Contact Details
The General Mills Public
Key Infrastructure is established, maintained and operated by the General Mills
Operations Department. The contact person for this document is the General
Mills Information Systems Security Manager.
Bob Svendsen
General Mills
Phone: +1 763 764 2490
Fax: +1 763 764 2490
Email: bob.svendsen@generalmills.com
2. GENERAL PROVISIONS
2.1. Obligations
2.1.1. CA Obligations
The General Mills Public
Key Infrastructure will
·
Accept service
certificate requests and revocation requests from General Mills authorized
system and application maintainers; notify such requesters of issued and
revoked certificates.
·
Accept
authenticated requests for computer or user certificates from General Mills
employees and approved business partners.
·
Publish CRLs in
a timely manner and in well-known locations.
·
Protect and,
when necessary or prudent, replace CA private keys.
2.1.2. Registration Authority (RA) Obligations
RAs are not involved in
the handling or verification of cryptographic keys. They are responsible only
for verifying the identities and roles of users and business partners. The issuing and validation of appropriate
certificates will only be completed after proper authenticate and
authorization.
2.1.3. Subscriber Obligations
Subscribers must
·
Make only
accurate representations in requests for certificates.
·
Exercise all
reasonable care in protecting the private keys corresponding to their
certificates, including but not limited to never storing them on a networked
file system or otherwise transmitting them over a network.
·
Ensure that the
private keys corresponding to their issued service certificates are stored in a
manner that minimizes the risk of exposure.
·
Observe
restrictions on private key and certificate use.
·
Promptly notify
the CA operators of any incident involving a possibility of exposure of a
private key.
2.1.4. Relying Party Obligations
Relying parties must
·
Be cognizant of
the provisions of this document.
·
Verify any
self-signed certificates to their own satisfaction using out-of-band means.
·
Accept
responsibility for checking any relevant CRLs before accepting the validity of
a certificate.
·
Observe
restrictions on private key and certificate use.
·
Not presume any
authorization of an end entity based on possession of a certificate from the General
Mills Public Key Infrastructure or its corresponding private key.
2.2. Liability
The General Mills Public
Key Infrastructure is operated substantially in accordance with General Mills’
own risk analysis. No liability, explicit or implicit, is accepted. The General
Mills Public Key Infrastructure and its agents make no guarantee about the
security or suitability of a service that is identified by a General Mills
certificate. The certification service is run with a reasonable level of
security, but it is provided on a best effort only basis. It does not warrant
its procedures and it will take no responsibility for problems arising from its
operation, or for the use made of the certificates it provides. The General
Mills Public Key Infrastructure denies any financial or any other kind of
responsibility for damages or impairments resulting from its operation.
2.3. Financial Responsibility
No financial
responsibility is accepted.
2.4. Interpretation and Enforcement
This policy is
subordinate to all applicable
2.5. Fees
No fees are charged.
2.6. Publication and Repositories
2.6.1. Publication of CA information
The General Mills Public
Key Infrastructure will operate an online repository that contains
·
General Mills CA
certificates.
·
Certificate
Revocation Lists for General Mills CA hierarchy
·
A copy of this
policy.
·
Other
information deemed relevant to the General Mills Public Key Infrastructure.
Repository: http://certificates.generalmills.com/certdata/
Publications: the CRL
repository with CRLs in DER format on:
http://certificates.generalmills.com/certdata/General%20Mills%20Root%20CA.crl
http://certificates.generalmills.com/certdata/General%20Mills%20NA%20Policy%20CA%201.crl
http://certificates.generalmills.com/certdata/General%20Mills%20NA%20Issuing%20CA%201.crl
http://certificates.generalmills.com/certdata/General%20Mills%20NA%20Issuing%20CA%202.crl
http://certificates.generalmills.com/certdata/General%20Mills%20NA%20Issuing%20CA%203.crl
2.6.2. Frequency of Publication
·
CA certificates
will be published in the repository as soon as they are issued.
·
CRLs will be
published as soon as they are updated, or when deemed appropriate.
·
Public General
Mills Public Key Infrastructure documents will be published in the repository
as they are approved.
2.6.3. Access Controls
The CA publication
repository is always available, outside of maintenance times and unforeseen failures.
The General Mills Public Key Infrastructure imposes no restrictions on the
accessibility of published information.
2.6.4. Repository Location
http://www.generalmills.com/certificate/certpolicy.doc
2.7. Compliance Audit
General Mills reserves
the rights to be audited by an outside party. Certifying, cross-certifying, and relying
organizations may request a review of General Mills Public Key Infrastructure
operation.
2.8. Confidentiality Policy
The General Mills Public
Key Infrastructure may have access to subscribers’ private keys. It considers
the contents of CRLs and certificates, including subscribers’ names and General
Mills userids, to be public information. For identification of authorized
users, it may rely on other organizations within General Mills which may have
private information. If so, the General
Mills Public Key Infrastructure does not obtain or store copies of such private
information.
2.9. Intellectual Property Rights
The General Mills Public
Key Infrastructure asserts no ownership rights in certificates issued to
subscribers. No claims are made regarding documents produced by the General
Mills CA. Acknowledgment is hereby given
to the CERN Certification Authority for the form and content of parts of this
document.
3. IDENTIFICATION AND AUTHENTICATION
3.1. Initial Registration
3.1.1. Types of Names
Subject distinguished names
are X.500 names, with components varying depending on the type of certificate.
The certificates name
structure may include one or more of the following:
·
Logon Account
Name
·
DNS Name
·
Email Name
·
User Principal
Name (UPN)
·
Service
Principal Name (SPN)
Certificates issued by General
Mills Public Key Infrastructure architecture will end in one of the following
formats:
·
Genmills.com
·
DC=
3.1.2. Name Meanings
·
If
the certificate is a machine (host) certificate the CN is named as the DNS name
for the machine defined in the DNS.
·
If
the certificate is a personal certificate the CN is named as the logon account
name of the person (entity) defined in our enterprise directory database.
3.1.3. Name Interpretation
Format used is X.500
directory names. RFC 1562
3.1.4. Name Uniqueness
Each subject name
certified by the General Mills Public Key Infrastructure will be unique.
3.1.5. Name Disputes
The General Mills Public
Key Infrastructure will resolve disputes as it sees fit.
3.1.6. Method to Prove Possession of Private Key
No stipulation.
3.1.7. Authentication of Individual Identity
User identity will be
authenticated by the RA using the strongest means of authentication available
to both client and machine. Requests for
certificates must come from a valid General Mills User or business partner and
will be checked against an enterprise directory database.
3.2. Rekeying (Authentication for Routine Renewal of
Certificates)
Online renewal
request shall be signed by the Subscriber's valid private key. It is then
received and reviewed by the RA. The
process may include automatic or manual renewal. The renewal request is signed by a General
Mills CA and returned to client via the appropriate RA.
Rekey after revocation
is the same as initial request. (see 3.2)
3.4
Revocation Request
Revocation request
must be formally submitted via written or electronic means to General Mills
Information Security group. The request
must include specified reason for revocation of issued certificate.
4. OPERATIONAL REQUIREMENTS
4.1. Certificate Application
Once authentication has
been validated, users may apply for computer or user certificates from the RA. A
system or application may request
service certificates by signing a request conforming to General Mills Public
Key Infrastructure requirements and submitting to an appropriate RA.
4.2. Certificate Issuance
Internal users and
computers certificates may be issued immediately upon successful authentication
to the network. External certificates
will be issued after being reviewed by General Mills Information Systems Security
Group.
4.3. Certificate Acceptance
No stipulation.
4.4. Certificate Suspension and Revocation
Certificates issued by
the General Mills Public Key Infrastructure will be revoked when deemed appropriate,
based on criteria set by General Mills Information Systems Security Group.
4.4.1. Circumstances for Revocation
Certificates will be
revoked in any of the following circumstances
·
The private key
is suspected or reported to be lost or exposed.
·
The information
in the certificate is believed to be, or to have become inaccurate.
·
The certificate
is reported to no longer be needed.
4.4.2. Requesting Revocation
System or application
administrators may request revocation of a computer or user certificate, as can
General Mills Information Systems Group personnel. The latter may also request
revocation of a CA certificate.
4.4.3. Verifying Revocation Requests.
A revocation request
signed with the private key of the affected certificate is always valid. Other
revocation requests are subject to the same verification procedures as a
corresponding certificate request.
4.4.4. CRL Issuance Frequency
CRLs for General Mills CAs
will be issued based on appropriate policy.
4.4.5. Online Revocation/Status Checking Availability
The most recent CRL will
be available online.
4.4.6. Revocation/Status Checking Requirements
Relying parties are
advised to obtain and consult a valid CRL.
4.5. Security Audit Procedures
No stipulation.
4.6. Records Archival
No stipulation.
4.7. Key Changeover
The community of known
relying parties will be notified of any new CA public key and it may then be
obtained in the same manner as the previous CA certificates.
4.8. Compromise and Disaster Recovery
Disaster recovery
procedures are in place based on appropriate internal policy.
4.9. CA Termination
No stipulation.
5. PHYSICAL, PROCEDURAL, AND PERSONNEL SECURITY
CONTROLS
5.1. Physical Security Controls
General Mills CA Servers
are a housed in a secure facility. General
Mills employs Hardware Security Modules (HSM) that are FIPS 140-2 level 3
compliant devices. Servers within the Public
Key Infrastructure hierarchy may remain off line for increased security.
5.2. Procedural Controls
General Mills employs
smart card authentication for HSM technologies.
5.3. Personnel Security Controls
All persons with access
to General Mills CA servers will be full-time General Mills employees. General Mills manages key set n of m for role
separation.
6. TECHNICAL SECURITY CONTROLS
6.1. Key Pair Generation and Installation
General Mills uses a
sliding scale key size based on level within Public Key Infrastructure
hierarchy.
CA signature algorithm is
SHA1. Public key algorithm is RSA.
6.1.1. Private Key Generation
Key pair generation on
the user’s local system ensures that only the user and no one else knows the
private key. General Mills key pairs are generated in General Mills CA and kept
in an encrypted store using HSMs.
6.1.2. Private Key Delivery to Entity
As the key pair is
generated on the subscriber’s local system, hence the delivery of the private
key is achieved in a secure manner on the subscriber’s system.
6.1.3. Public Key Delivery to Certificate Issuer
PKCS#10 construction is
employed to deliver the public key to General Mills, thus ensuring against
tampering and proving that the sender is in possession of the corresponding
private key.
6.1.4. CA Public Key Delivery to Users
Users public keys will be
posted to enterprise directory database.
6.1.5. Key Sizes
General Mills CA key pair
varies from 4096 bits to 2048 bits. Users and machines key pairs will range
from 2048 bits to 1024 bits.
6.1.6. Key Usage
The General Mills Public
Key Infrastructure does enforce key usage restrictions by any means of X.509v3
extensions in the certificates it issues.
6.2. Private Key Protection
6.2.1. Key Generation Modules
General
Mills’ HSM offers safe storage of keys within the FIPS 140-2 Level 3 certified
product. The CA key and certificates are stored on industry standard HSM.
6.2.2. Multi-person Control (n out of m)
Access to an HSM attached
to the CA, requires the insertion of cryptographic hardware tokens into a
reader. A minimum number of required hardware tokens out of the total numbers
of hardware tokens must be inserted one at a time to access the HSM.
6.2.3. Key Escrow
Where applicable, key
escrow will be used to archive private key for disaster recovery using HSM
technology.
6.2.4. Private Key Backup
CA private key back-ups
are performed to support disaster recovery plan. Performing a cryptographic
operation creates a high security backup of the private key. The operation
encrypts the private key, splits it into two parts and stores them on separate
hardware tokens. These backups are securely stored and are subject to extensive
multi tier security measures.
6.2.5. CA Private Key Archival
No stipulation.
6.3. Other Aspects of Key Pair Management
End entity keys are not archived
by the General Mills Public Key Infrastructure. CA keys are not archived beyond
their validity period.
6.4. Activation Data
The activation data is
protected by PIN, which is automatically generated. Furthermore, it is split
into multiple hardware tokens to ensure multi-party control of this sensitive
information.
6.5. Computer Security Controls
All General Mills CA servers
are rigorously locked down based on operating systems requirements.
6.6. Life Cycle Security Controls
No Stipulation
6.7. Network Security Controls
Certain CA servers are
kept disconnected from the network and off line when not in use.
6.8. Cryptographic Module Engineering Controls
Refer to section 6.2
7. CERTIFICATE AND CRL PROFILES
7.1. Certificate Profiles
7.1.1. Version Numers
Digital certificates
issued by General Mills are X.509 version 3
7.1.2 Certificate extensions
General Mills root CA
certificate is listed below;
|
Subject DN |
CN=General Mills Root CA DC=Genmills DC=com |
|
Issuer DN |
CN=General Mills Root CA DC=Genmills DC=com |
|
Key Length |
2048 bits |
|
Validity |
20 years |
|
Certificate Type |
Version 3 |
|
Subject Key Identifier |
To be generated according to RFC 2459 |
|
Key Usage (Critical) |
Certificate Signature, CRL Signature |
|
Basic Constraints |
Subject Type=CA |
|
Extended Key Usage |
Client Authentication |
7.2. CRL Profile
The CRL is in version 1
format.
8. Specification Administration
8.1. Specification Change Procedures
Issues or comments
identified with this CPS should be directed to the contact as mentioned in
section 1.4 of the CPS.
8.2. Publication
After modifications have
been approved by General Mills Information Systems Security Group, the amended
CPS will be posted at the General Mills repository.
8.2.1. CPS Approval Procedures
The General Mills Information
Systems Security Group approves practices compliant with this policy and
statement.
8.3 CPS approval procedures
General Mills Information
Systems Security Group has the final approval authority for the CPS and any
subsequent changes that may be made to it.