Call for tenders' details
Status
Submission date
26/06/2019
Answer date
28/06/2019
Language
Status
Answered
Question details
Subject
Architecture
Question
1. Please let us know if it is acceptable to use individual smartcards for root CA, internal EA, internal AA components if the keys are generated on a HSM (compliant with 'CEN EN 419221-2/3/5') and imported on smartcards compliant with 'CEN EN 419211-2/3'. 2. Regarding 3.1.3. 'C-ITS_TR_03 - Hardware and Software Layout';, please let us know if it is acceptable to use two firewalls in HA configuration for the Internal EA and Internal AA systems? 3. Regarding 3.1.2.3, 'b) There shall be no way, either direct or indirect, to access any other environment from C-ITS Production infrastructure'; and 3.1.2.4 'a) There shall be no way, either direct or indirect, to access any other environment from the disaster recovery environment during normal operation', please let us know if at least a secure connection for data sync between these Production environment and Disaster recovery environment is allowed in order to ensure data consistency, valid RTO and RPO for DR operations (revocation and issuance are critical operations for PKI), or only an off-line data sync (air gapped) is allowed. 4. Regarding 3.1.3. 'C-ITS_TR_03 - Hardware and Software Layout', point c), please let us know if it is mandatory to provide fail-over (physical) machines also for the Disaster recovery environment (DR EU Root CA, EA and AA servers and cryptographic modules).
Answer
28/06/2019
1. Individual smartcards can be acceptable if they fulfill the requirements in 6.1.5.1. 2. Yes. It is acceptable if the firewalls are configured to validate the requirements in 3.1.3. 3. An off-line data sync (air gapped) would be preferable because it would not require a network, which can represent a vulnerability. 4. The answer is yes, the text applies as described: “Enough (physical) fail-over machines SHALL be available in EACH environment or at least for the main EU root CA, EA and AA servers to cope with total hardware failure of the ordinary machines”.