| Scope |
On the request Justitiële Informatiedienst (Judicial Information Service, hereafter referred to as: Justid), a certification audit on all areas and processes was performed by BSI Group The Netherlands B.V. (John M. Keynesplein 9, 1066 EP Amsterdam, The Netherlands).
The audit covered all applicable requirements from the audit criteria listed below (see “Audit Information”) and are defined in Justid’s Statement of Applicability, dated 18 September 2024, and the Overview of applicability.
Our certification audit was performed in June and September 2024.
The result of the audit is that based on the objective evidence collected during the certification audit as per 20 September 2024 we conclude that the areas assessed during the audit were generally found to be effective, based on the applicable requirements defined in Justid’s Statement of Applicability, dated 18 September 2024, and the Overview of applicability.
The scope of the certification audit comprised the primary process:
“authentication and authorization of national border control and member states for the purpose of providing access to biometric data of emrtd’s”.
This is performed by issuing public key certificates from the Certification Authorities listed below and by using listed Registration Authorities, SPOC components and Inspection Systems:
-,,SPOC-CA
-,,CVCA-emrtd
-,,CVRA
-,,DVCA
-,,DVRA
-,,SPOC components
-,,IS (Inspection System -limited to terminal authentication).
This is subject to the following processes and requirements outlined in the “Common Certificate Policy” (BSI TR-03139, v2.4).
-,,CCP Key Pair Security
-,,CCP Certificate Policy
-,,CCP PKI Participants
-,,CCP Identification and Registration
-,,CCP Certificate Life-Cycle Operational Requirements
-,,CCP Security Requirements
-,,CCP Publication and Repository Responsibilities
In addition this is subject to general trust service provider policy requirements covering relevant support processes.
The Trust Service Provider services are maintained and hosted in accordance with the processes and procedures described in the Common Certificate Policy.
The services of the Dutch EAC-PKI are internal between the member states of the European Union for granting authorizations to get access to privacy sensitive data stored on the chip of electronic machine readable travel documents (eMRTD’s), like passports. The authorizations are an end user component in the chain of trust.
Audit information:
Audit criteria:
-,,ETSI EN 319 401 v2.3.1 (2021-05) “General Policy Requirements for Trust Service Providers”
-,,Additional requirements: BSI TR-03139, v2.4 “Common Certificate Policy for the Extended Access Control Infrastructure for Travel and Residence Documents issued by EU Member States”, 8 January 2021
Audit Point in Time:
20 September 2024
Audit performed:
June 2024 (stage 1), September 2024 (stage 2)
Information and Contact:
BSI Group the Netherlands B.V., John M. Keynesplein 9, 1066 EP Amsterdam, NL
|
