A Public Key Infrastructure (PKI) enables to establish and manage trust relationships.

A PKI can be used to keep exchanged information confidential or to determine its authenticity and integrity. This requires that all Certification Authorities (CAs) within the PKI are trustworthy and trusted by the relying parties.

To establish trust, two conditions have to be fulfilled. At first the CAs have to implement appropriate organizational and technical security measures for the required security level and define rules for all entities participating in the PKI.

In a second step the implementation of the security measures has to be documented in a transparent way, to build trust with potential customers and other relying parties. That can be achieved by passing an audit based on clear and documented requirements.

This Technical Guideline supports CAs on both steps. It defines requirements for Certificate Authorities for implementing secure CA operations and it builds a basis for an audit and certification process.

Part 1 Generic Requirements
BSI TR-03145 Secure Certification Authority operation Version 1.1

Part 2 Inspection specifications for the parts 1, 4, and 5 of TR-03145 published on this page.
Secure CA operation, Part 2, Inspection Specification BSI TR-03145-TS: Requirements for Trust Center instantiating as Certification Authority in a Public-Key Infrastructure with security level 'high'

Part 4 Specific Requirements for a CA in a PKI for the Extended Access Control of the German Official Travel Documents
Secure CA operation, Part 4, EAC PKI for German Official Travel Documents

Part 5 Specific Requirements for a PKI for Technical Security Systems
BSI TR-03145-5 Secure CA Operation Version 1.0.1

Further Documents
Key Lifecycle Security Requirements, Version 1.0.3