Scope |
On the request of Identiteit & Diensten B.V., the certification audit was performed by BSI Group The Netherlands B.V. (John M. Keynesplein 9, 1066 EP Amsterdam, The Netherlands).
The audit covered all applicable requirements from the audit criteria listed below and are defined in the Identiteit & Diensten Statement of Applicability, dated 30 August 2023 and the Overview of Applicability, version 1.6-RC1, dated 9 March 2022.
The scope of the assessment comprises the provision of the following Trust Service Provider component services to the ministerie van Binnenlandse Zaken en Koninkrijksrelaties, with regard to the Polymorphic eMRTD PKI for the Dutch e-Passport:
-,,Registration Service (registration of users, i.e. DVCA, IS)
-,,Certificate Generation Service (generating keys and certificates by means of facilitated key ceremonies). The Country Verifying Certification Authority (Root) is used to generate certificates for the Document Verifier Certification Authority (DVCA). The DVCA will generate Inspection system (IS) certificates)
-,,Dissemination Service (publication of information and distribution of certificates)
The Revocation Management Service, the Revocation Status Service and the Subject Device Provision Service are not applicable to this Polymorphic eMRTD PKI and are therefore excluded from the scope
The TSP component services are performed, partly or completely under the responsibility of the ministerie van Binnenlandse Zaken en Koninkrijksrelaties.
These TSP component services are being processed for:
-,,Issuance of public key certificates (non-qualified trust service), in accordance with the policy: NCP+.
The Certification Authority processes and services are documented in the following document:
-,,Certificate Practice Statement CVCA/DVCA Polymorphic eMRTD, v1.2, dated: 18 February 2022.
Our certification audit was performed in September 2023. The result of the audit is that we conclude, based on the objective evidence collected during the certification audit, the areas assessed during the audit were generally found to be effective, based on the applicable requirements defined in the Identiteit & Diensten Statement of Applicability, dated 30 August 2023 and the Overview of Applicability, version 1.6-RC1, dated 9 March 2022.
Audit criteria:
-,,ETSI EN 319 401 v2.3.1 (2021-05) General Policy Requirements for Trust Service Providers
-,,ETSI EN 319 411-1 v1.3.1 (2021-05) Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates - Part 1: General requirements, for the policy: NCP+.
Audit performed:
September 2023
Information and Contact:
BSI Group The Netherlands B.V., John M. Keynesplein 9, 1066 EP Amsterdam, NL
|