iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
SIST

SIST EN 319 401 V3.1.1:2024

(Main)

Electronic Signatures and Trust Infrastructures (ESI) - General Policy Requirements for Trust Service Providers

Electronic Signatures and Trust Infrastructures (ESI) - General Policy Requirements for Trust Service Providers

The present document specifies general policy requirements relating to Trust Service Providers (TSPs) that are
independent of the type of TSP. It defines policy requirements on the operation and management practices of TSPs.
Other specifications refine and extend these requirements as applicable to particular forms of TSP. The present
document does not specify how the requirements identified can be assessed by an independent party, including
requirements for information to be made available to such independent assessors, or requirements on such assessors.
The present document aims to support the requirements on NIS2 Directive [i.13] and addresses the general requirements
for security management and cybersecurity of trust services (qualified and non-qualified).
NOTE: See ETSI EN 319 403-1 [i.2] for details about requirements for conformity assessment bodies assessing
Trust Service Providers.

Elektronski podpisi in infrastrukture zaupanja (ESI) - Politika splošnih zahtev za ponudnike storitev zaupanja

Ta dokument določa splošne zahteve politike za ponudnike storitev zaupanja (TSP), ki niso odvisne od vrste ponudnika storitev zaupanja. Opredeljuje zahteve politike za delovanje in upravljanje ponudnikov storitev zaupanja.
Druge specifikacije natančneje določajo in razširjajo te zahteve, kot se uporabljajo za posamezne oblike ponudnikov storitev zaupanja. Ta dokument ne določa, kako lahko opredeljene zahteve oceni neodvisna stran, vključno z zahtevami glede informacij, ki jih je treba razkriti takim neodvisnim ocenjevalcem, ali zahtevami glede takih ocenjevalcev.
Namen tega dokumenta je podpreti zahteve glede direktive NIS2 [i.13] ter obravnava splošne zahteve za upravljanje varnosti in kibernetsko varnost storitev zaupanja (kvalificiranih in nekvalificiranih).
OPOMBA: Glej standard ETSI EN 319 403-1 [i.2] za podrobnosti glede zahtev za ocenjevanje skladnosti organov, ki ocenjujejo ponudnike storitev zaupanja.

General Information

Status
Published
Public Enquiry End Date
29-May-2024
Publication Date
17-Jun-2024
ICS
03.080.99 - Other services
35.040.01 - Information coding in general
Technical Committee
SPN - Services and Protocols for Networks
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
17-Jun-2024
Due Date
22-Aug-2024
Completion Date
18-Jun-2024
Ref Project
ETSI EN 319 401 V3.1.1 (2024-06) - Electronic Signatures and Trust Infrastructures (ESI); General Policy Requirements for Trust Service Providers

Buy Standard

ETSI EN 319 401 V3.1.0 (2024-03) - Electronic Signatures and Trust Infrastructures (ESI); General Policy Requirements for Trust Service ProvidersETSI EN 319 401 V3.1.0 (2024-03) - Electronic Signatures and Trust Infrastructures (ESI); General Policy Requirements for Trust Service Providers
PreviousNext
Standard
ETSI EN 319 401 V3.1.0 (2024-03) - Electronic Signatures and Trust Infrastructures (ESI); General Policy Requirements for Trust Service Providers
English language
37 pages
sale 15% off
Preview
sale 15% off
Preview
ETSI EN 319 401 V3.1.1 (2024-06) - Electronic Signatures and Trust Infrastructures (ESI); General Policy Requirements for Trust Service ProvidersETSI EN 319 401 V3.1.1 (2024-06) - Electronic Signatures and Trust Infrastructures (ESI); General Policy Requirements for Trust Service Providers
PreviousNext
Standard
ETSI EN 319 401 V3.1.1 (2024-06) - Electronic Signatures and Trust Infrastructures (ESI); General Policy Requirements for Trust Service Providers
English language
38 pages
sale 15% off
Preview
sale 15% off
Preview
EN 319 401 V3.1.1:2024EN 319 401 V3.1.1:2024
PreviousNext
Standard
EN 319 401 V3.1.1:2024
English language
38 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


Draft ETSI EN 319 401 V3.1.0 (2024-03)

EUROPEAN STANDARD
Electronic Signatures and Trust Infrastructures (ESI);
General Policy Requirements for
Trust Service Providers
2 Draft ETSI EN 319 401 V3.1.0 (2024-03)
Reference
REN/ESI-0019401v311
Keywords
electronic signature, provider, security,
trust services
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - APE 7112B
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° w061004871

Important notice
The present document can be downloaded from:
https://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
If you find a security vulnerability in the present document, please report it through our
Coordinated Vulnerability Disclosure Program:
https://www.etsi.org/standards/coordinated-vulnerability-disclosure
Notice of disclaimer & limitation of liability
The information provided in the present deliverable is directed solely to professionals who have the appropriate degree of
experience to understand and interpret its content in accordance with generally accepted engineering or
other professional standard and applicable regulations.
No recommendation as to products and services or vendors is made or should be implied.
In no event shall ETSI be held liable for loss of profits or any other incidental or consequential damages.

Any software contained in this deliverable is provided "AS IS" with no warranties, express or implied, including but not
limited to, the warranties of merchantability, fitness for a particular purpose and non-infringement of intellectual property
rights and ETSI shall not be held liable in any event for any damages whatsoever (including, without limitation, damages
for loss of profits, business interruption, loss of information, or any other pecuniary loss) arising out of or related to the use
of or inability to use the software.
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and
microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2024.
All rights reserved.
ETSI
3 Draft ETSI EN 319 401 V3.1.0 (2024-03)
Contents
Intellectual Property Rights . 5
Foreword . 5
Modal verbs terminology . 5
Introduction . 6
1 Scope . 7
2 References . 7
2.1 Normative references . 7
2.2 Informative references . 7
3 Definition of terms, symbols, abbreviations and notation . 8
3.1 Terms . 8
3.2 Symbols . 11
3.3 Abbreviations . 11
3.4 Notation . 11
4 Overview . 12
5 Risk Assessment . 12
6 Policies and practices . 12
6.1 Trust Service Practice statement . 12
6.2 Terms and Conditions . 13
6.3 Information security policy . 14
7 TSP management and operation . 14
7.1 Internal organization. 14
7.1.1 Organization reliability . 14
7.1.2 Segregation of duties . 15
7.2 Human resources . 15
7.3 Asset management . 17
7.3.1 General requirements . 17
7.3.2 Assets inventory and classification . 17
7.3.3 Storage media handling . 18
7.4 Access control . 18
7.5 Cryptographic controls . 19
7.6 Physical and environmental security . 19
7.7 Operation security . 19
7.8 Network security . 20
7.9 Vulnerabilities and Incident management . 21
7.9.1 Monitoring and logging . 21
7.9.2 Incident response . 22
7.9.3 Reporting . 22
7.9.4 Event assessment and classification . 23
7.9.5 Post-incident reviews . 23
7.10 Collection of evidence . 23
7.11 Business continuity management . 24
7.11.1 General . 24
7.11.2 Back up . 24
7.11.3 Crisis management . 24
7.12 TSP termination and termination plans . 25
7.13 Compliance. 25
7.14 Supply chain . 26
7.14.1 Supply chain policy . 26
7.14.2 Supply chain procedures and processes . 26
7.14.3 Responsibility, third parties agreements and SLA . 27
ETSI
4 Draft ETSI EN 319 401 V3.1.0 (2024-03)
Annex A (normative): Mapping ETSI EN 319 401 V2.3.1 requirement numbers to
Requirement numbers in the present document . 29
Annex B (informative): Mapping ETSI EN 319 401 requirements with eIDAS Regulation . 34
Annex C (informative): Change history . 36
History . 37

ETSI
5 Draft ETSI EN 319 401 V3.1.0 (2024-03)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The declarations
pertaining to these essential IPRs, if any, are publicly available for ETSI members and non-members, and can be
found in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to
ETSI in respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the
ETSI Web server (https://ipr.etsi.org/).
Pursuant to the ETSI Directives including the ETSI IPR Policy, no investigation regarding the essentiality of IPRs,
including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not
referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become,
essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its

Members. 3GPP™ and LTE™ are trademarks of ETSI registered for the benefit of its Members and of the 3GPP
Organizational Partners. oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and of the ®
oneM2M Partners. GSM and the GSM logo are trademarks registered and owned by the GSM Association.
Foreword
This draft European Standard (EN) has been produced by ETSI Technical Committee Electronic Signatures and
Infrastructures (ESI), and is now submitted for the combined Public Enquiry and Vote phase of the ETSI EN Approval
Procedure.
Proposed national transposition dates
Date of latest announcement of this EN (doa): 3 months after ETSI publication
Date of latest publication of new National Standard
or endorsement of this EN (dop/e): 6 months after doa
Date of withdrawal of any conflicting National Standard (dow): 6 months after doa

Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Ru
...


EUROPEAN STANDARD
Electronic Signatures and Trust Infrastructures (ESI);
General Policy Requirements for
Trust Service Providers
2 ETSI EN 319 401 V3.1.1 (2024-06)

Reference
REN/ESI-0019401v311
Keywords
electronic signature, provider, security,
trust services
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - APE 7112B
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° w061004871

Important notice
The present document can be downloaded from:
https://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
If you find a security vulnerability in the present document, please report it through our
Coordinated Vulnerability Disclosure Program:
https://www.etsi.org/standards/coordinated-vulnerability-disclosure
Notice of disclaimer & limitation of liability
The information provided in the present deliverable is directed solely to professionals who have the appropriate degree of
experience to understand and interpret its content in accordance with generally accepted engineering or
other professional standard and applicable regulations.
No recommendation as to products and services or vendors is made or should be implied.
In no event shall ETSI be held liable for loss of profits or any other incidental or consequential damages.

Any software contained in this deliverable is provided "AS IS" with no warranties, express or implied, including but not
limited to, the warranties of merchantability, fitness for a particular purpose and non-infringement of intellectual property
rights and ETSI shall not be held liable in any event for any damages whatsoever (including, without limitation, damages
for loss of profits, business interruption, loss of information, or any other pecuniary loss) arising out of or related to the use
of or inability to use the software.
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and
microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2024.
All rights reserved.
ETSI
3 ETSI EN 319 401 V3.1.1 (2024-06)
Contents
Intellectual Property Rights . 5
Foreword . 5
Modal verbs terminology . 5
Introduction . 6
1 Scope . 7
2 References . 7
2.1 Normative references . 7
2.2 Informative references . 7
3 Definition of terms, symbols, abbreviations and notation . 9
3.1 Terms . 9
3.2 Symbols . 11
3.3 Abbreviations . 11
3.4 Notation . 12
4 Overview . 12
5 Risk Assessment . 13
6 Policies and practices . 13
6.1 Trust Service Practice statement . 13
6.2 Terms and Conditions . 14
6.3 Information security policy . 14
7 TSP management and operation . 15
7.1 Internal organization. 15
7.1.1 Organization reliability . 15
7.1.2 Segregation of duties . 16
7.2 Human resources . 16
7.3 Asset management . 17
7.3.1 General requirements . 17
7.3.2 Assets inventory and classification . 17
7.3.3 Storage media handling . 18
7.4 Access control . 18
7.5 Cryptographic controls . 19
7.6 Physical and environmental security . 19
7.7 Operation security . 20
7.8 Network security . 21
7.9 Vulnerabilities and Incident management . 22
7.9.1 Monitoring and logging . 22
7.9.2 Incident response . 22
7.9.3 Reporting . 23
7.9.4 Event assessment and classification . 24
7.9.5 Post-incident reviews . 24
7.10 Collection of evidence . 24
7.11 Business continuity management . 25
7.11.1 General . 25
7.11.2 Back up . 25
7.11.3 Crisis management . 25
7.12 TSP termination and termination plans . 26
7.13 Compliance. 26
7.14 Supply chain . 27
7.14.1 Supply chain policy . 27
7.14.2 Supply chain procedures and processes . 27
7.14.3 Responsibility, third parties agreements and SLA . 28
ETSI
4 ETSI EN 319 401 V3.1.1 (2024-06)
Annex A (normative): Mapping ETSI EN 319 401 V2.3.1 requirement numbers to
Requirement numbers in the present document . 30
Annex B (informative): Mapping ETSI EN 319 401 requirements with eIDAS Regulation . 35
Annex C (informative): Change history . 37
History . 38

ETSI
5 ETSI EN 319 401 V3.1.1 (2024-06)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The declarations
pertaining to these essential IPRs, if any, are publicly available for ETSI members and non-members, and can be
found in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to
ETSI in respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the
ETSI Web server (https://ipr.etsi.org/).
Pursuant to the ETSI Directives including the ETSI IPR Policy, no investigation regarding the essentiality of IPRs,
including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not
referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become,
essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its

Members. 3GPP™ and LTE™ are trademarks of ETSI registered for the benefit of its Members and of the 3GPP
Organizational Partners. oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and of the ®
oneM2M Partners. GSM and the GSM logo are trademarks registered and owned by the GSM Association.
Foreword
This European Standard (EN) has been produced by ETSI Technical Committee Electronic Signatures and
Infrastructures (ESI).
National transposition dates
Date of adoption of this EN: 30 May 2024
Date of latest announcement of this EN (doa): 31 August 2024
Date of latest publication of new National Standard
or endorsement of this EN (dop/e): 28 February 2025
Date of withdrawal of any conflicting National Standard (dow): 28 February 2025

Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when us
...


SLOVENSKI STANDARD
01-september-2024
Elektronski podpisi in infrastrukture zaupanja (ESI) - Politika splošnih zahtev za
ponudnike storitev zaupanja
Electronic Signatures and Trust Infrastructures (ESI) - General Policy Requirements for
Trust Service Providers
Ta slovenski standard je istoveten z: ETSI EN 319 401 V3.1.1 (2024-06)
ICS:
03.080.99 Druge storitve Other services
35.040.01 Kodiranje informacij na Information coding in general
splošno
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD
Electronic Signatures and Trust Infrastructures (ESI);
General Policy Requirements for
Trust Service Providers
2 ETSI EN 319 401 V3.1.1 (2024-06)

Reference
REN/ESI-0019401v311
Keywords
electronic signature, provider, security,
trust services
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - APE 7112B
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° w061004871

Important notice
The present document can be downloaded from:
https://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
If you find a security vulnerability in the present document, please report it through our
Coordinated Vulnerability Disclosure Program:
https://www.etsi.org/standards/coordinated-vulnerability-disclosure
Notice of disclaimer & limitation of liability
The information provided in the present deliverable is directed solely to professionals who have the appropriate degree of
experience to understand and interpret its content in accordance with generally accepted engineering or
other professional standard and applicable regulations.
No recommendation as to products and services or vendors is made or should be implied.
In no event shall ETSI be held liable for loss of profits or any other incidental or consequential damages.

Any software contained in this deliverable is provided "AS IS" with no warranties, express or implied, including but not
limited to, the warranties of merchantability, fitness for a particular purpose and non-infringement of intellectual property
rights and ETSI shall not be held liable in any event for any damages whatsoever (including, without limitation, damages
for loss of profits, business interruption, loss of information, or any other pecuniary loss) arising out of or related to the use
of or inability to use the software.
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and
microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2024.
All rights reserved.
ETSI
3 ETSI EN 319 401 V3.1.1 (2024-06)
Contents
Intellectual Property Rights . 5
Foreword . 5
Modal verbs terminology . 5
Introduction . 6
1 Scope . 7
2 References . 7
2.1 Normative references . 7
2.2 Informative references . 7
3 Definition of terms, symbols, abbreviations and notation . 9
3.1 Terms . 9
3.2 Symbols . 11
3.3 Abbreviations . 11
3.4 Notation . 12
4 Overview . 12
5 Risk Assessment . 13
6 Policies and practices . 13
6.1 Trust Service Practice statement . 13
6.2 Terms and Conditions . 14
6.3 Information security policy . 14
7 TSP management and operation . 15
7.1 Internal organization. 15
7.1.1 Organization reliability . 15
7.1.2 Segregation of duties . 16
7.2 Human resources . 16
7.3 Asset management . 17
7.3.1 General requirements . 17
7.3.2 Assets inventory and classification . 17
7.3.3 Storage media handling . 18
7.4 Access control . 18
7.5 Cryptographic controls . 19
7.6 Physical and environmental security . 19
7.7 Operation security . 20
7.8 Network security . 21
7.9 Vulnerabilities and Incident management . 22
7.9.1 Monitoring and logging . 22
7.9.2 Incident response . 22
7.9.3 Reporting . 23
7.9.4 Event assessment and classification . 24
7.9.5 Post-incident reviews . 24
7.10 Collection of evidence . 24
7.11 Business continuity management . 25
7.11.1 General . 25
7.11.2 Back up . 25
7.11.3 Crisis management . 25
7.12 TSP termination and termination plans . 26
7.13 Compliance. 26
7.14 Supply chain . 27
7.14.1 Supply chain policy . 27
7.14.2 Supply chain procedures and processes . 27
7.14.3 Responsibility, third parties agreements and SLA . 28
ETSI
4 ETSI EN 319 401 V3.1.1 (2024-06)
Annex A (normative): Mapping ETSI EN 319 401 V2.3.1 requirement numbers to
Requirement numbers in the present document . 30
Annex B (informative): Mapping ETSI EN 319 401 requirements with eIDAS Regulation . 35
Annex C (informative): Change history . 37
History . 38

ETSI
5 ETSI EN 319 401 V3.1.1 (2024-06)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The declarations
pertaining to these essential IPRs, if any, are publicly available for ETSI members and non-members, and can be
found in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to
ETSI in respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the
ETSI Web server (https://ipr.etsi.org/).
Pursuant to the ETSI Directives including the ETSI IPR Policy, no investigation regarding the essentiality of IPRs,
including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not
referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become,
essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its

Members. 3GPP™ and LTE™ are trademarks of ETSI registered for the benefit of its Members and of the 3GPP
Organizational Partners. oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and of the ®
oneM
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

SIST
SIST EN 319 411-2 V2.5.1:2023(Main)
Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates - Part 2: Requirements for trust service providers issuing EU qualified certificates
ETSI EN 319 411-2 V2.5.1 (2023-10)

The present document specifies policy and security requirements for the issuance, maintenance and life-cycle
management of EU qualified certificates as defined in Regulation (EU) No 910/2014 [i.1]. These policy and security
requirements support reference certificate policies for the issuance, maintenance and life-cycle management of EU
qualified certificates issued to natural persons (including natural persons associated with a legal person or a website)
and to legal persons (including legal persons associated with a website), respectively.
The present document does not specify how the requirements identified can be assessed by an independent party,
including requirements for information to be made available to such independent assessors, or requirements on such
assessors.
NOTE: See ETSI EN 319 403 [i.6] for guidance on assessment of TSP's processes and services. The present
document references ETSI EN 319 411-1 [2] for general requirements on TSP issuing certificates.

  • Standard
    32 pages
    English language
    sale 15% off
  • Standard
    33 pages
    English language
    sale 15% off
  • Standard
    33 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 319 412-3 V1.3.1:2023(Main)
Electronic Signatures and Infrastructures (ESI) - Certificate Profiles - Part 3: Certificate profile for certificates issued to legal persons
ETSI EN 319 412-3 V1.3.1 (2023-09)

The present document specifies a certificate profile for certificates issued to legal persons. The profile defined in the
present document builds on requirements defined in ETSI EN 319 412-2 [2].
The present document supports the requirements of EU qualified certificates as specified in the Regulation (EU)
No 910/2014 [i.3] as well as other forms of certificate.

  • Standard
    10 pages
    English language
    sale 15% off
  • Standard
    10 pages
    English language
    sale 15% off
  • Standard
    10 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    10 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 319 412-2 V2.3.1:2023(Main)
Electronic Signatures and Infrastructures (ESI) - Certificate Profiles - Part 2: Certificate profile for certificates issued to natural persons
ETSI EN 319 412-2 V2.3.1 (2023-09)

The present document specifies requirements on the content of certificates issued to natural persons. This profile builds
on IETF RFC 5280 [1] for generic profiling of Recommendation ITU-T X.509 | ISO/IEC 9594-8 [i.3].
This profile supports the requirements of EU Qualified Certificates as specified in the Regulation (EU)
No 910/2014 [i.5] as well as other forms of certificate. The scope of the present document is primary limited to
facilitate interoperable processing and display of certificate information. This profile therefore excludes support for
some certificate information content options, which can be perfectly valid in a local context but which are not regarded
as relevant or suitable for use in widely deployed applications.
The present document focuses on requirements on certificate content. Requirements on decoding and processing rules
are limited to aspects required to process certificate content defined in the present document. Further processing
requirements are only specified for cases where it adds information that is necessary for the sake of interoperability.
Certain applications or protocols impose specific requirements on certificate content. The present document is based on
the assumption that these requirements are adequately defined by the respective application or protocol. It is therefore
outside the scope of the present document to specify such application or protocol specific certificate content.

  • Standard
    15 pages
    English language
    sale 15% off
  • Standard
    15 pages
    English language
    sale 15% off
  • Standard
    15 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 319 412-4 V1.3.1:2023(Main)
Electronic Signatures and Infrastructures (ESI) - Certificate Profiles - Part 4: Certificate profile for web site certificates
ETSI EN 319 412-4 V1.3.1 (2023-09)

The present document specifies a certificate profile for web site certificates that are accessed by the TLS protocol [i.1].
The profile defined in the present document builds on the CA/Browser Forum Baseline requirements [2], Extended
validation guidelines [3] and other parts of the present multi-part deliverable.
The present document focuses on requirements on certificate content. Requirements on decoding and processing rules
are limited to aspects required to process certificate content defined in the present document. Further processing
requirements are only specified for cases where it adds information that is necessary for the sake of interoperability.
This profile can be used for legal and natural persons. For certificates issued to legal persons, the profile builds on the
CAB Forum EV Profile [3] or baseline requirements [2]. For certificates issued to natural persons, the profile builds
only on CAB Forum baseline requirements [2].

  • Standard
    11 pages
    English language
    sale 15% off
  • Standard
    11 pages
    English language
    sale 15% off
  • Standard
    11 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 319 411-1 V1.4.1:2023(Main)
Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates - Part 1: General requirements
ETSI EN 319 411-1 V1.4.1 (2023-10)

The present document specifies generally applicable policy and security requirements for Trust Service Providers
(TSPs) issuing public key certificates, including trusted web site certificates.
The policy and security requirements are defined in terms of requirements for the issuance, maintenance and life-cycle
management of certificates. These policy and security requirements support several reference certificate policies,
defined in clauses 4 and 5.
A framework for the definition of policy requirements for TSPs issuing certificates in a specific context where
particular requirements apply is defined in clause 7.
The present document covers requirements for CA hierarchies, however this is limited to supporting the policies as
specified in the present document. It does not include requirements for root CAs and intermediate CAs for other
purposes.
The present document is applicable to:
• the general requirements of certification in support of cryptographic mechanisms, including digital signatures
for electronic signatures and seals;
• the general requirements of certification authorities issuing TLS/SSL certificates;
• the general requirements of the use of cryptography for authentication and encryption.
The present document does not specify how the requirements identified can be assessed by an independent party,
including requirements for information to be made available to such independent assessors, or requirements on such
assessors.
NOTE: See ETSI EN 319 403 [i.2] for guidance on assessment of TSP's processes and services. The present
document references ETSI EN 319 401 [9] for general policy requirements common to all classes of
TSP's services.
The present document includes provisions consistent with the requirements from the CA/Browser Forum in EVCG [4]
and BRG [6].

  • Standard
    58 pages
    English language
    sale 15% off
  • Standard
    59 pages
    English language
    sale 15% off
  • Standard
    59 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 319 412-5 V2.4.1:2023(Main)
Electronic Signatures and Infrastructures (ESI) - Certificate Profiles - Part 5: QCStatements
ETSI EN 319 412-5 V2.4.1 (2023-09)

The present document defines specific QCStatement for the qcStatements extension as defined in IETF
RFC 3739 [2], clause 3.2.6, including requirements for their use in EU qualified certificates. Some of these
QCStatements can be used for other forms of certificate.
The QCStatements defined in the present document can be used in combination with any certificate profile, either
defined in ETSI EN 319 412-2 [i.2], ETSI EN 319 412-3 [i.5] and ETSI EN 319 412-4 [i.6], or defined elsewhere.
The QCStatements defined in clause 4.3 can be applied to regulatory environments outside the EU. Other
requirements specified in clause 4 are specific to Regulation (EU) No 910/2014 [i.8] but may be adapted for other
regulatory environments.

  • Standard
    19 pages
    English language
    sale 15% off
  • Standard
    19 pages
    English language
    sale 15% off
  • Standard
    19 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 319 412-1 V1.5.1:2023(Main)
Electronic Signatures and Infrastructures (ESI) - Certificate Profiles - Part 1: Overview and common data structures
ETSI EN 319 412-1 V1.5.1 (2023-09)

The present document provides an overview of the Recommendation ITU-T X.509 | ISO/IEC 9594-8 [i.3] based
certificate profiles and the statements for EU Qualified Certificates specified in other parts of ETSI EN 319 412 ([i.4] to
[i.7]). It specifies common data structures that are referenced from other parts of ETSI EN 319 412 ([i.4] to [i.7]).
The profiles specified in this multi-part deliverable aim to support both the Regulation (EU) No 910/2014 [i.9] and use
of certificates in a wider international context. Within the European context, it aims to support both EU Qualified
Certificates and other forms of certificate.

  • Standard
    16 pages
    English language
    sale 15% off
  • Standard
    16 pages
    English language
    sale 15% off
  • Standard
    16 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 319 412-4 V1.2.1:2022(Main)
Electronic Signatures and Infrastructures (ESI) - Certificate Profiles - Part 4: Certificate profile for web site certificates
ETSI EN 319 412-4 V1.2.1 (2021-11)

The present document specifies a certificate profile for web site certificates that are accessed by the TLS protocol [i.1].
The profile defined in the present document builds on the CA/Browser Forum Baseline requirements [2], Extended
validation guidelines [3] and other parts of the present multipart deliverable.
The present document focuses on requirements on certificate content. Requirements on decoding and processing rules
are limited to aspects required to process certificate content defined in the present document. Further processing
requirements are only specified for cases where it adds information that is necessary for the sake of interoperability.
This profile can be used for legal and natural persons. For certificates issued to legal persons, the profile builds on the
CAB Forum EV Profile [3] or baseline requirements [2]. For certificates issued to natural persons, the profile builds
only on CAB Forum baseline requirements [2].

  • Standard
    10 pages
    English language
    sale 15% off
  • Standard
    10 pages
    English language
    sale 15% off
  • Standard
    10 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 319 411-2 V2.4.1:2022(Main)
Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates - Part 2: Requirements for trust service providers issuing EU qualified certificates
ETSI EN 319 411-2 V2.4.1 (2021-11)

The present document specifies policy and security requirements for the issuance, maintenance and life-cycle
management of EU qualified certificates as defined in Regulation (EU) No 910/2014 [i.1]. These policy and security
requirements support reference certificate policies for the issuance, maintenance and life-cycle management of EU
qualified certificates issued to natural persons (including natural persons associated with a legal person or a website)
and to legal persons (including legal persons associated with a website), respectively.
The present document does not specify how the requirements identified can be assessed by an independent party,
including requirements for information to be made available to such independent assessors, or requirements on such
assessors.
NOTE: See ETSI EN 319 403 [i.6] for guidance on assessment of TSP's processes and services. The present
document references ETSI EN 319 411-1 [2] for general requirements on TSP issuing certificates.

  • Standard
    31 pages
    English language
    sale 15% off
  • Standard
    31 pages
    English language
    sale 15% off
  • Standard
    31 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 319 411-1 V1.3.1:2021(Main)
Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates - Part 1: General requirements
ETSI EN 319 411-1 V1.3.1 (2021-05)

The present document specifies generally applicable policy and security requirements for Trust Service Providers
(TSPs) issuing public key certificates, including trusted web site certificates.
The policy and security requirements are defined in terms of requirements for the issuance, maintenance and life-cycle
management of certificates. These policy and security requirements support several reference certificate policies,
defined in clauses 4 and 5.
A framework for the definition of policy requirements for TSPs issuing certificates in a specific context where
particular requirements apply is defined in clause 7.
The present document covers requirements for CA hierarchies, however this is limited to supporting the policies as
specified in the present document. It does not include requirements for root CAs and intermediate CAs for other
purposes.
The present document is applicable to:
• the general requirements of certification in support of cryptographic mechanisms, including digital signatures
for electronic signatures and seals;
• the general requirements of certification authorities issuing TLS/SSL certificates;
• the general requirements of the use of cryptography for authentication and encryption.
The present document does not specify how the requirements identified can be assessed by an independent party,
including requirements for information to be made available to such independent assessors, or requirements on such
assessors.
NOTE: See ETSI EN 319 403 [i.2] for guidance on assessment of TSP's processes and services. The present
document references ETSI EN 319 401 [8] for general policy requirements common to all classes of
TSP's services.
The present document includes provisions consistent with the requirements from the CA/Browser Forum in EVCG [4]
and BRG [5].

  • Standard
    56 pages
    English language
    sale 15% off
  • Standard
    56 pages
    English language
    sale 15% off
  • Standard
    56 pages
    English language
    sale 10% off
    e-Library read for
    1 day