What is ICP-Brazil? And what importance of audit in operational processes in record authorities

You know what ICP-Braziland the importance of performance audits to the registration authorities?

ICP-Brazil stands for Infrastructure Brazilian Public Key, a high reliability safety chain that makes it possible to issue digital certificates for electronic identification of companies and citizens.

The Brazilian Public Key Infrastructure is composed of different members, among which stand out:

• Certificate Authority Root - CA Root: The CA Root is the first certificate chain of authority, whose administration is the ITI responsibility - National Institute of Information Technology.
  • Certificate Authorities - CA: The certifying authorities are entities of private law receiving authorization from the CA Root for issuing digital certificates.
    • Registration Authorities - RA:According to the art. 7 of MP 2200-2, RAs have the competence to identify and register users in the presence of these, forward requests certificates to AC and keep records of their operations.

      In other words, we can say that the ARs, are the link between the user and the Certification Authority. - AC

      • Committee Manager of ICP-Brazil:According to Decree 6605 of October 14, 2008, the Management Committee ICP - Brazil, holds the managing authority function of digital certification policies

        audit the Registration Authorities Importance

        Now that you know what ICP-Brazil and what are the main members of the Infrastructure Brazilian Public Keyis important to highlight the importance of the audit for conformity of Registration Authorities.

        According to the legislation, Registration Authorities must meet a number of requirements to meet the technical standards of the ICP-Brazil.

        Among the requirements, Registration Authorities need to observe regulations relating to operating facilities, physical and logical security features.

        In the case of noncompliance with the rules and requirements, the Registration Authority may undergo a series of penalties, among them the loss of grant.

        To avoid inconvenience and losses, hiring an independent external audit and expert is highly recommended.

        Audit for maintenance of certification ICP-Brazil

        AudiLinkhas registration and authorization by the ITI to conduct independent external audit in Infrastructure Brazilian Public Key in order to assess the degree of compliance and adherence to resolutions in effect on ICP-Brazil .

        Audit types:

        Pre-operating: are the audits carried out before the start of the candidate's activities Provider Certification Service (PSCert), whether Certificate Authority (CA), Time Stamp Authority (ACT ), Registration Authority (RA), Provider Support Services (PSS), provider of Biometric Service (PSBio) or PSC Digital Signature and Key Cryptographic Storage;

        Operating: are the audits performed annually, considered the calendar year, all PSCert to maintain accreditation with the ICP-Brazil. Such audits will occur from the first calendar year following the date of publication in the Official Gazette of PSCert of accreditation.

        Our work aims to audit environmental compliance in all aspects related to information security, noting the following topics:

        a) Operating Environment

        i. People of safety;

        ii. Physical Security;

        iii. Safety Logic;

        iv. Network Security;

        v. Information Security;

        vi. Entity Key Management.

        b) Certificates of Lifecycle

        i. Request;

        ii. Validation;

        iii. Issue;

        iv. Revoked.

        c) Other controls.

        To learn more about our services on an independent audit ICP-Brazil, contact us and schedule a meeting.

        Enlist the support of the AudiLink Auditors and Consultants to maintain compliance of its Certificate Authority with the competent organs.