DS TR 119 411-4 V1.1.1:2018

Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates; Part 4: Checklist supporting audit of TSP against ETSI EN 319 411-1 or ETSI EN 319 411-2

Scope

The present document is a checklist of the policy requirements specific to TSP issuing certificates (as expressed in ETSI
EN 319 411-1 [i.2] and ETSI EN 319 411-2 [i.3]) including the generic requirements which are independent of the type
of service (as expressed in ETSI EN 319 401 [i.1]).
The checklist identifies each requirement associated with each certificate policy, as specified in ETSI
EN 319 411-1 [i.2] and ETSI EN 319 411-2 [i.3], and also relates where relevant the requirement to a particular TSP
component service. Additional fields are provided to allow TSPs to indicate claimed compliance to a particular
requirement and for assessors to indicate the results of an assessment for each requirement. This checklist can be used
by the TSP itself to prepare for an assessment of its practices against the referenced documents (i.e. serve as a basis for
a self-declaration) and/or by the assessor when conducting the assessment.
The present document does not specify how the requirements identified can be assessed by an independent party,
including requirements for information to be made available to such independent assessors, or requirements on such
assessors.
NOTE: See ETSI EN 319 403 [i.7] for guidance on assessment of TSP's processes and services.