The final step in this project requires you to use the information from the previous steps to develop the Enterprise Key Management Policy. The policy governs the processes, procedures, rules of behavior, and training for users and administrators of the enterprise key management system.
Research similar policy documents used by other organizations and adapt an appropriate example to create your policy.
Review and discuss the following within the policy:
- digital certificates
- certificate authority
- certificate revocation lists
Discuss different scenarios and hypothetical situations. For example, the policy could require that when employees leave the company, their digital certificates must be revoked within 24 hours. Another could require that employees must receive initial and annual security training.
Include at least three scenarios and provide policy standards, guidance, and procedures that would be invoked by the enterprise key management policy. Each statement should be short and should define what someone would have to do to comply with the policy.
The following is the deliverable for this segment of the project:
Deliverables
- Enterprise Key Management Policy: A two- to three-page double-spaced Word document.