EU solidarity with Ukraine

Podrobnosti výzvy k podání nabídek

Název:
Cooperative Intelligent Transport System EU Root Certification Authority includi...
Veřejný zadavatel:
European Commission, Joint Research Centre - Ispra (JRC-IPR)
Datum zveřejnění v TED:
19/04/2019
Lhůta pro podání nabídek:
07/08/2019
Stav:
Uzavřeno
Stav
22/05/2019
24/05/2019
italiano (it) English (en)
Podrobnosti otázky
Annex I Part 2 Technical Specifications, page 13 -2.3.6. C-ITS_FR_CA_06: Registration of EA and AA: The CPS of the external EA or AA should be fully compliant with the CPS of the EU root CA provided by the contractor.
Is it correct to assume that the external EA or AA must satisfy the Certificate Policy (CP) requirements and not be fully compliant with the root CA's Certificate Practice Statement?
24/05/2019
No, we do not consider that a correct assumption. The contractor will have to define the EU root CA’s Certificate Practice Statement (CPS), that will in any case have to be in line with the European Certificate Policy. This EU Root CA CPS defined by the contractor (and audited by an accredited PKI Auditor) is then the specific CPS that external EAs and AAs have to be compliant to, since they want to be enrolled under the EU Root CA. It is not enough for an external EA and AA to be compliant only with the European Certificate Policy, as they must demonstrate the compliance with the specific CPS of the EU Root CA that will take particular implementation choices in its CPS. Hence, this entire process definition and coordination with external EAs and AAs is full part of this contract and duties of the contractor. Please also compare with Annex I – Part 2: Technical Specifications, page 9 - point 6 as well as Chapter 2.3.6., where it says: The CPS of the external EA or AA should be fully compliant with the CPS of the EU root CA provided by the contractor. The process to check the compliance of the external EAs and AAs shall be described and performed by the contractor of the EU root CA, in agreement with the contracting authority (i.e. JRC). The contractor shall describe the process by which the EU root CA receives the CPS of AAs/EAs, the audit report and issuance of the sub-CAs certificates, as well as the operation of all CA functionalities necessary for the external sub-CAs under the EU root CA according to [1].