Skip to content
This repository has been archived by the owner on Apr 29, 2021. It is now read-only.

Device Certificate Best Practices Guide #19

Closed
MattKing1 opened this issue Aug 19, 2016 · 6 comments
Closed

Device Certificate Best Practices Guide #19

MattKing1 opened this issue Aug 19, 2016 · 6 comments
Labels
Audience - Engineers general overview Priority - Low

Comments

@MattKing1
Copy link

This playbook provides guidance for issuing device certificates.
@lachellel
Copy link
Member

Scope?

  • Is there an existing guide this is intended to replace, or
  • Is this specific to Non-Person / Device certificates issued from Agency internal certificate authorities
    • Less than medium hardware assurance certificates from an agency internal CA
    • No cross-boundary trust
  • Will this include setup procedures and types of certificate profiles generally needed for devices and network security

@lachellel lachellel mentioned this issue Sep 6, 2016
Closed
@MattKing1
Copy link
Author

Answers to LaChelle's questions:

  1. No. There is no existing guide
  2. No. This should be focused on guidance for device certificates issued under the FBCA or Common Device policy OIDs
  3. I don't think we can include that level of detail, but perhaps we should discuss so I can get a better idea of your intent, since we may be able to provide some high level of direction.

@dasgituser
Copy link
Contributor

Assigned to John Killian

@lachellel
Copy link
Member

BTW - this doc is on idmanagement

I think it's OBE and would like to archive or repurpose any items as needed.

@weirdscience
Copy link
Contributor

Comments from duplicate issue.

Some guidance here: https://https.cio.gov/certificates/ Though it touches on some topics beyond best practices for device certificates.

There are two different use cases:

  1. Public Trust SSL
  2. Network (intranet) devices which include many more endpoints and non-http protocols and devices
    So you're right eric - we should link to the https.cio.gov site for the web pki best practices as this also includes configuration best practices. For internal only locally trusted CAs, the only playbook we've put together is reusing one from DHS (that I send out / not posted) and a very short writeup for setting up a CA for domain controller certs (network auth).

Sounds like creating a page with pointers to where can get guidance or profile for device certs such as M-15-13, NIST 800-52, HTTPS CIO Memo and maybe NCCOE TLS project.

@idmken
Copy link
Contributor

idmken commented Dec 11, 2020

This document is deprecated.

@idmken idmken closed this as completed Dec 11, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Audience - Engineers general overview Priority - Low
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@lachellel @weirdscience @dasgituser @MattKing1 @idmken