Police Service IAM Central Services CA from Home Office Technology

Police Service IAM Central Services CA
from Home Office Technology

Grant of Approval

tScheme Limited grants approval to the electronic trust service identified as:
Police Service IAM Central Services Certificate Authority

as supplied by:
Home Office Technology
of Fry Building, 2 Marsham Street, London, SW1P 4DF.

The management system used to deliver this service is certified by:
LRQA Lloyd's Register Quality Assurance Ltd.
of Trinity Park, 1 Bickenhill Lane, Birmingham B37 7ES

to satisfy the criteria defined in the following tScheme Approval Profiles:

This approval initially commenced on:
25th February, 2011

and annual renewal against the current issue of these Approval Profiles was confirmed in:
Dec 2017

Documents supporting this grant are available by clicking on the links in the table above.

This Grant of approval is issued by:
tScheme Limited
Mulberry Grove
PO Box 3653
RG40 9NN
United Kingdom

Company Number 4000985

Approved Service Description

The subject service of this Grant of Approval is the Home Office trust service known as the Identity and Access Management Central Services Certification Authority (IAM CSCA).

The IAM Central Services solution is designed to provide a common yet robust authentication and authorisation service for accessing applications by the policing community and related organisations. The IAM Central Services solution is considered to be an essential enabler for the secure sharing of information that is contained within police service information systems and provides the following capabilities:

  • Identity Management Service: To create and maintain information relating to the identity of IAM identities;
  • Public Key Infrastructure: To provide and manage X.509 compliant digital credentials to be used for authentication, digital signature and confidentiality and to provide services for checking the validity of such certificates;
  • Smartcard Management Service: To issue and manage the smartcards used to hold IAM CSCA digital credentials;
  • Authentication Service: To authenticate the identity of IAM identities, including initial authentication and federated authentication;
  • Privilege Management Infrastructure: To provide storage and management of roles and privileges for IAM identities, for use by applications integrated with IAM Central Services;
  • Audit capability: To enable patterns of misuse of IAM Central Services to be identified so that the individuals concerned can be held accountable for their actions;
  • Portal Service: A web-based Interface that provides a single point of access to IAM-enabled applications and administrative access to the IAM Central Services.

The IAM CSCA is governed by the IAM Strategic Management Authority (IAM SMA), a sub-group of the Police Information Assurance Board, and operated on their behalf by the Home Office.

The IAM SMA publishes the Police Service PKI Certificate Policies and the Police Service PKI Class 2 Device Certificate Policy that define the requirements with which all participants of the Police Service PKI must comply.

The IAM Central Services CA Certificate Policy Disclosure Statement (CPDS) provides excerpts and summary information from the Certificate Policies, relevant to subscribers and relying parties of the IAM CSCA. The Certificate Policies and CPDS are published to relying parties via the Criminal Justice Extranet (CJX) and are available on request from the IAM SMA Secretariat (iam@homeoffice.gsi.gov.uk).

The IAM CSCA is a component of the Home Offide Identity and Access Management service, which provides strong identity assurance of police workers to enable secure, controlled access to national and regional police information systems.

The IAM CSCA primarily issues high-assurance end-user certificates for the purposes of authenticating to police information systems, creating digital signatures on documents and protecting the confidentiality of sensitive data. The service also supports the issuance of certificates to end-entity servers and devices operated by police, government and partner organisations for the purposes of system authentication and data integrity.

Identity assurance is provided through the verification of the identity of individuals, to whom certificates will be issued, beyond reasonable doubt.

The IAM CSCA performs both Certificate Authority (CA) and Registration Authority (RA) functions. RA functions are also performed by organisations that subscribe to the IAM CSCA through the IAM Managed Service and other authorised Registration Authorities. IAM Managed Service subscribers are primarily criminal justice organisations that contract with the IAM CSCA or authorised Registration Authorities for PKI trust services.

The IAM Managed Service allows subscribing organisations to perform the identity verification and enrolment of end users and device certificate representatives in accordance with IAM SMA-approved policies and procedures, prior to submitting certificate requests to the IAM CSCA.

The IAM CSCA provides relying parties with certificate status information, in the form of Certificate Revocation Lists, to validate certificates within their applications.


What we do

Approval for organisations in the trust service provider sector.


Getting tScheme approval

Approval usually takes at least three months, but it can be quicker.


Schemes and Profiles

Providing guidelines and criteria for organisations to develop their trust services.