Police Service IAM Central Services CA
from Home Office Technology
Grant of Approval
tScheme Limited grants approval to the electronic trust service identified as:
Police Service IAM Central Services Certificate Authority
as supplied by:
Home Office Technology
of Fry Building, 2 Marsham Street, London, SW1P 4DF.
The management system used to deliver this service is certified by:
LRQA Lloyd's Register Quality Assurance Ltd.
of Trinity Park, 1 Bickenhill Lane, Birmingham B37 7ES
to satisfy the criteria defined in the following tScheme Approval Profiles:
|Base Approval Profile||tSd0111||3.00|
|Approval Profile for Registration Services||tSd0042||3.02|
|Approval Profile for a Certification Authority*||tSd0102||3.01|
|Approval Profile for Certificate Generation*||tSd0104||3.01|
|Approval Profile for Certificate Dissemination||tSd0105||3.01|
|Approval Profile for Certificate Status Management||tSd0106||3.01|
|Approval Profile for Certificate Status Validation||tSd0107||3.01|
*not including Qualified Certificates
This approval initially commenced on:
25th February, 2011
and annual renewal against the current issue of these Approval Profiles was confirmed in:
Documents supporting this grant are available by clicking on the links in the table above.
This Grant of approval is issued by:
PO Box 3653
Company Number 4000985
Approved Service Description
The subject service of this Grant of Approval is the Home Office trust service known as the Identity and Access Management Central Services Certification Authority (IAM CSCA).
The IAM Central Services solution is designed to provide a common yet robust authentication and authorisation service for accessing applications by the policing community and related organisations. The IAM Central Services solution is considered to be an essential enabler for the secure sharing of information that is contained within police service information systems and provides the following capabilities:
- Identity Management Service: To create and maintain information relating to the identity of IAM identities;
- Public Key Infrastructure: To provide and manage X.509 compliant digital credentials to be used for authentication, digital signature and confidentiality and to provide services for checking the validity of such certificates;
- Smartcard Management Service: To issue and manage the smartcards used to hold IAM CSCA digital credentials;
- Authentication Service: To authenticate the identity of IAM identities, including initial authentication and federated authentication;
- Privilege Management Infrastructure: To provide storage and management of roles and privileges for IAM identities, for use by applications integrated with IAM Central Services;
- Audit capability: To enable patterns of misuse of IAM Central Services to be identified so that the individuals concerned can be held accountable for their actions;
- Portal Service: A web-based Interface that provides a single point of access to IAM-enabled applications and administrative access to the IAM Central Services.
The IAM CSCA is governed by the IAM Strategic Management Authority (IAM SMA), a sub-group of the Police Information Assurance Board, and operated on their behalf by the Home Office.
The IAM SMA publishes the Police Service PKI Certificate Policies and the Police Service PKI Class 2 Device Certificate Policy that define the requirements with which all participants of the Police Service PKI must comply.
The IAM Central Services CA Certificate Policy Disclosure Statement (CPDS) provides excerpts and summary information from the Certificate Policies, relevant to subscribers and relying parties of the IAM CSCA. The Certificate Policies and CPDS are published to relying parties via the Criminal Justice Extranet (CJX) and are available on request from the IAM SMA Secretariat (email@example.com).
The IAM CSCA is a component of the Home Offide Identity and Access Management service, which provides strong identity assurance of police workers to enable secure, controlled access to national and regional police information systems.
The IAM CSCA primarily issues high-assurance end-user certificates for the purposes of authenticating to police information systems, creating digital signatures on documents and protecting the confidentiality of sensitive data. The service also supports the issuance of certificates to end-entity servers and devices operated by police, government and partner organisations for the purposes of system authentication and data integrity.
Identity assurance is provided through the verification of the identity of individuals, to whom certificates will be issued, beyond reasonable doubt.
The IAM CSCA performs both Certificate Authority (CA) and Registration Authority (RA) functions. RA functions are also performed by organisations that subscribe to the IAM CSCA through the IAM Managed Service and other authorised Registration Authorities. IAM Managed Service subscribers are primarily criminal justice organisations that contract with the IAM CSCA or authorised Registration Authorities for PKI trust services.
The IAM Managed Service allows subscribing organisations to perform the identity verification and enrolment of end users and device certificate representatives in accordance with IAM SMA-approved policies and procedures, prior to submitting certificate requests to the IAM CSCA.
The IAM CSCA provides relying parties with certificate status information, in the form of Certificate Revocation Lists, to validate certificates within their applications.