CERTIFICATE POLICY CIGNA PKI Certificates

Similar documents
SSL Certificates Certificate Policy (CP)

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Apple Inc. Certification Authority Certification Practice Statement

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations

Apple Inc. Certification Authority Certification Practice Statement

ING Public Key Infrastructure Technical Certificate Policy

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013

Apple Inc. Certification Authority Certification Practice Statement. Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

ING Corporate PKI G3 Internal Certificate Policy

SAFE-BioPharma RAS Privacy Policy

PAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1

Certification Authority

Digi-CPS. Certificate Practice Statement v3.6. Certificate Practice Statement from Digi-Sign Limited.

Volvo Group Certificate Practice Statement

Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates

Technical Trust Policy

Emsi Privacy Shield Policy

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights

Document Cloud (including Adobe Sign) Additional Terms of Use. Last updated June 5, Replaces all prior versions.

thawte Certification Practice Statement Version 3.4

OpenADR Alliance Certificate Policy. OpenADR-CP-I

WISeKey SA ADVANCED SERVICES ISSUING CERTIFICATION AUTHORITY CERTIFICATION PRACTICE STATEMENT

Electronic Signature Policy

ECA Trusted Agent Handbook

AlphaSSL Certification Practice Statement

Digi-Sign Certification Services Limited Certification Practice Statement (OID: )

BCDC 2E, 2012 (On-line Bidding Document for Stipulated Price Bidding)

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

FPKIPA CPWG Antecedent, In-Person Task Group

DIGITALSIGN - CERTIFICADORA DIGITAL, SA.

August 2007 Intel Pro SSL Addendum to the Comodo Certification Practice Statement v.3.0

ING PUBLIC KEY INFRASTRUCTURE CODE OF CONDUCT FOR EMPLOYEE CERTIFICATES. Version November ING PKI Service

Smart Meters Programme Schedule 2.1

TeliaSonera Gateway Certificate Policy and Certification Practice Statement

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. November 2015 Version 4.0. Copyright , The Walt Disney Company

(1) Jisc (Company Registration Number ) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and

CertDigital Certification Services Policy

Symantec Trust Network (STN) Certificate Policy

1.2 Participant means a third party who interacts with the Services as a result of that party s relationship with or connection to you.

VeriSign External Certification Authority Certification Practice Statement

You are signing up to use the Middlesex Savings Bank Person to Person Service powered by Acculynk that allows you to send funds to another person.

National Identity Exchange Federation. Trustmark Signing Certificate Policy. Version 1.0. Published October 3, 2014 Revised March 30, 2016

GOCO.IO, INC TERMS OF SERVICE

Starfield Technologies, LLC. Certificate Policy and Certification Practice Statement (CP/CPS)

Entrust SSL Web Server Certificate Subscription Agreement

Avira Certification Authority Policy

CALSTRS ONLINE AGREEMENT TERMS AND CONDITIONS

Entrust WAP Server Certificate Relying Party Agreement

Security Digital Certificate Manager

Certification Practices Statement (CPS) For Use With ARIN Internet Resource Registration Systems

Access to University Data Policy

IBM i Version 7.2. Security Digital Certificate Manager IBM

IBM. Security Digital Certificate Manager. IBM i 7.1

CORPME TRUST SERVICE PROVIDER

X.509 Certificate Policy for the New Zealand Government PKI RSA Individual - Software Certificates (Medium Assurance)

Housecall Privacy Statement Statement Date: 01/01/2007. Most recent update 09/18/2009

Validation Policy r tra is g e R ANF AC MALTA, LTD

QUICKSIGN Registration Policy

ACGISS Public Employee Certificates

DECISION OF THE EUROPEAN CENTRAL BANK

Unisys Corporation April 28, 2017

LET S ENCRYPT SUBSCRIBER AGREEMENT

Oracle Insurance Policy Administration Configuration of SAML 1.1 Between OIPA and OIDC

Virtua Health, Inc. is a 501 (c) (3) non-profit corporation located in Marlton, New Jersey ( Virtua ).

Complete document security

Certification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

GlobalSign Certification Practice Statement

IMPORTANT PLEASE READ THIS ENTIRE AGREEMENT CAREFULLY

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

Certification Practice Statement

Signe Certification Authority. Certification Policy Degree Certificates

Operational Research Consultants, Inc. (ORC) Access Certificates For Electronic Services (ACES) Certificate Practice Statement Summary. Version 3.3.

CERTIFICATION PRACTICE STATEMENT OF KIR for TRUSTED NON-QUALIFIED CERTIFICATES

UTAH VALLEY UNIVERSITY Policies and Procedures

Data Processing Agreement

LAWtrust AeSign CA Certification Practice Statement (LAWtrust AeSign CA CPS)

Privacy Policy: itsme APP

GlobalSign Certification Practice Statement

But where'd that extra "s" come from, and what does it mean?

dataedge CA Certificate Issuance Policy

PayThankYou LLC Privacy Policy

Red Flags/Identity Theft Prevention Policy: Purpose

Birmingham Midshires - Terms and Conditions Mortgage Intermediaries On-line Terms of Use (June 2017)

1. Federation Participant Information DRAFT

FACTS WHAT DOES FARMERS STATE BANK DO WITH YOUR PERSONAL INFORMATION? WHY? WHAT? HOW? L QUESTIONS?

Data Use and Reciprocal Support Agreement (DURSA) Overview

Exhibit A Questionnaire

Hong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS)

End User Agreement Anthem Point of Care (POC)

PRIVACY COMMITMENT. Information We Collect and How We Use It. Effective Date: July 2, 2018

Annex 2 to the Agreement on Cooperation in the Area of Trade Finance & Cash Management Terms and Conditions for Remote Data Transmission

Belgian Certificate Policy & Practice Statement for eid PKI infrastructure Foreigner CA

EDENRED COMMUTER BENEFITS SOLUTIONS, LLC PRIVACY POLICY. Updated: April 2017

BT Managed Secure Messaging. Non-Repudiation Policy

Certipost E-Trust Services. Certificate Policy. for Normalized E-Trust Physical and Legal Persons. Version 1.1. Effective date 12 January 2011

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

MASTERCARD PRICELESS SPECIALS INDIA PRIVACY POLICY

Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the HIPAA Privacy Rule.

Transcription:

CERTIFICATE POLICY CIGNA PKI Certificates Version: 1.1 Effective Date: August 7, 2001 a Copyright 2001 CIGNA

1. Introduction...3 1.1 Important Note for Relying Parties... 3 1.2 Policy Identification... 3 2. Policy Outline...4 3. CP Provisions...4 3.1 Community and Applicability... 4 3.2 Rights and Obligations... 5 3.3 Liability Statement... 6 3.4 Interpretation and Enforcement... 6 3.5 Publication and Repository... 6 3.6 Privacy/Confidentiality... 7 4. Identification and Authentication (Procedures)...7 4.1 Initial Registration... 7 5. Operational Requirements...8 5.1 Key Generation... 8 5.2 Key Archival... 8 5.3 Certificate Acceptance... 9 5.4 Certificate Validity Period... 9 5.5 Certificate Revocation... 9 5.6 Certificate Renewal... 9 5.7 Certificate Use... 9 2

1. Introduction A Certificate Policy (CP) is a named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements. This Certificate Policy (CP) governs the lifecycle and use of digital certificates issued within the CIGNA Certificate Authority (CA) hierarchy, specifically S-MIME certificates issued by the internal sub-ca to facilitate secure e-mail for CIGNA employees and agents, and also authentication of clients. "CIGNA" refers to CIGNA Corporation and/or one or more of its subsidiaries. Products and services are provided by operating subsidiaries and not by CIGNA Corporation. "CIGNA" is also a registered service mark of CIGNA Intellectual Property, Inc., licensed for use. 1.1 Important Note for Relying Parties Before using/trusting the certificate(s) related to this Certificate Policy (CP), please ensure you have read and understood the provisions described within this document. 1.2 Policy Identification Policy name CIGNA PKI Certificate Policy Policy qualifier Policy version 1.0 Policy status Policy reference/oid (Object Identifier) This Certificate Policy governs all use of certificates involved in the conduct of CIGNA business for the following: (1) encrypting for privacy, (2) digitally signing e-mail messages to intended recipients for data integrity and authorship controls, (3) identifying persons, and (4) authentication of computing resources. No other use is authorized. CIGNA CORPORATION AND ITS AFFILIATES SHALL NOT BE LIABLE FOR ANY DAMAGES ARISING FROM AUTHORIZED OR UNAUTHORIZED USE. Pilot 2.16.840.1.114239.11.1.1 and 2.16.840.1.114239.11.1.2 Date of issue August 7, 2001 Date of expiry Related Certificate Practice Statement (CPS) N/A Baltimore Technologies Ltd. Boston Certificate Practice Statement (Company) COE Boston v0.4 3

(herein the CPS ) available on request. CP Universal Resource Locator (URL) http://www.cigna.com/encryption/policy/ca_poli cy.htm For more information please contact: PKIAdministrator@cigna.com 2. Policy Outline This policy governs only certificates used for (1) encryption of e-mail messages for privacy/confidentiality, (2) digital signatures applied to e-mail messages for user authentication and data integrity, and (3) authentication of computing resources. In this CP, Certificate means a certificate issued under this CP and used in compliance with all relevant agreements, policies and procedures. A Certificate may be used only for CIGNA-approved purposes. In this CP, Subscriber means (1) an employee of CIGNA, (2) an individual agent or an employee of an agent of CIGNA acting with CIGNA s authorization, (3) an application or service acting as an agent of CIGNA, (4) a legal person with whom CIGNA does business (a Business Partner ) or (5) a computing resource controlled by a Business Partner. Only Subscribers may request issuance of Certificates. All persons with whom Subscribers intend to correspond for CIGNA-approved purposes via e-mail may rely on Certificates. No Subscriber agreements or relying party agreements other than agreements made in the subscription process are required to rely upon a Certificate. The registration method for a Certificate is remote and requires authentication via a CIGNA-issued user identification and password presented at the registration Web site where the transaction is logged for exception review. This CP is implemented in conjunction with, and supported by, a CPS in conformance with the Baltimore Technologies Ltd. Boston Certificate Practice Statement (Company) COE Boston v0.4, which may be obtained by request. 3. CP Provisions 3.1 Community and Applicability This CP and Certificates are valid only for (1) encryption of e-mail messages for privacy, (2) digital signatures applied to e-mail messages for Subscriber authentication and data integrity, and (3) authentication of computing resources. Certificates may only be used to provide privacy/confidentiality, user and/or computing resource authentication, and data integrity for CIGNA-approved purposes. Certificates may only be used and relied upon by (1) CIGNA or Business Partner employees and 4

agents, or (2) by CIGNA or Business Partner computing resources. No use of Certificates by others, or for other purposes, is permitted or supported. Key usage fields within Certificates are as follows: Key encipherment, digital signature Enhanced/Extended Key Usage fields within Certificates are as follows: Secure e-mail, client authentication 3.2 Rights and Obligations Subscriber Obligations Subscribers must: protect their private key at all times, against loss, disclosure to any other party, modification and unauthorized use, in accordance with the current CPS and this CP; utilize, at minimum, the Medium private key protection option in the Microsoft Internet Explorer Web browser (or equivalent levels of minimum protection where other key stores are used), and adhere to all CIGNA Information Protection Policy password requirements; never store the Personal Identity Number (PIN) or pass-phrase, used to protect unauthorized use of the private key in the same location as the private key itself, nor store the PIN or pass-phrase unprotected, nor fail to sufficiently protect the PIN or pass-phrase; take full responsibility for the accuracy of data given as part of a Certificate request, and for verifying that the contents of the published Certificate are correct; notify the CIGNA PKI Owner immediately of any compromise of their private keys or any change in their information included in their certificate or provided during the registration process; comply with all national and local laws regarding the use of digital signatures, cryptographic technology and electronic information in utilizing Certificates; and permit publication of the Certificate in directory services and/or through exchange of standard format files with CIGNA s business partners. Relying Party Obligations Any person or persons relying upon Certificates must: 5

securely obtain the certificates of the CAs they trust in the trust hierarchy, which should include verifying each CA's public key hash (thumbprint) and validity (active, revoked, or expired); verify that non-cigna employees or agents, or non-cigna computing resources, are engaged in CIGNA-approved activities; establish trust in each Certificate by verifying trust of the certificate issuer (CA), validity (active, revoked or expired), and appropriate key usage; be fully responsible, to the exclusion of CIGNA, for their reliance on any Certificatebased service; and comply with all national and local laws regarding the use of digital signatures, cryptographic technology and electronic information in utilizing Certificates. Restrict its reliance to the appropriate uses of the Certificates in accordance with this CP. CA (CIGNA) Obligations CIGNA will: issue Certificates in compliance with this CP and the CPS, subject to contractual obligations with its customers; and comply with the other requirements of this CP and the CPS. 3.3 Liability Statement CIGNA will not be liable for any damages or costs arising from the use of Certificates, whether authorized or unauthorized. 3.4 Interpretation and Enforcement This CP shall be interpreted under the laws of the Commonwealth of Pennsylvania, in the United States of America. In the event of a conflict between this CP, the CPS and, if any, the written contract between CIGNA and the Subscriber or Subscriber s agent, the order of increasing precedence shall be: this CP, the CPS, and the contract. 3.5 Publication and Repository The certificates for CIGNA s CAs will be published to CIGNA s Enterprise LDAP directory and CIGNA s Internet Web server. Publication is configured to automatically occur within five minutes after CA certificate issuance. Subscriber Certificates will be published to CIGNA s Enterprise LDAP directory server and CIGNA s mail system s Global Address List as appropriate. Publication to the 6

Enterprise LDAP directory server is configured to automatically occur within five minutes after the certificate s issuance. Publication to the Global Address List for the appropriate Certificates is configured to occur at that time in which the Subscriber maintaining control of the private key elects to do so using the subscription graphical user interface. Certificate Revocation Lists (CRLs) will be published to CIGNA s Enterprise LDAP directory and CIGNA s Internet Web server. Publication is configured to automatically occur on a periodic basis. In addition, CRL publication may occur on an as-needed basis. 3.6 Privacy/Confidentiality This CP and the use of Certificates must conform to applicable laws, rules and regulations pertaining to CIGNA s business. This may include, among others, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 15 U.S.C. 6801-6810 (the Gramm-Leach-Bliley (GLB) Financial Services Modernization Act) and U.S. state privacy laws. 4. Identification and Authentication (Procedures) 4.1 Initial Registration Subscribers will submit registration requests as follows: 1. Subscriber authenticates through an SSL(Secure Sockets Layer)-secured Web site connection using a CIGNA-issued and CIGNA-administered user identification and password from commercial access control facilities. 2. Subscriber provides identification and authentication information through the SSLsecured connection. Subscriber receives an alphanumeric CIGNA-issued and administered Single Sign On (SSO) ID and password and intranet access to certificate enrollment. Subscriber authenticates through an SSL-secured connection using their SSO identification and password pair. 3. Subscriber initializes the Web-based certificate enrollment process by agreeing to Terms and Conditions and this CP. This transaction is logged by the intranet application for exception review. 4. The Certificate Enrollment process verifies that the Subscriber does not already have a valid Certificate for digital signature, SSL authentication, or key encipherment purposes. 5. The Certificate enrollment process interfaces with the Subscriber s Web browser to create an asymmetric key pair for digital signature and SSL client authentication. The public key of the key pair is combined with identification information and transformed into a certificate request, which is sent by the Web browser to the certificate enrollment server process. 7

6. The Certificate enrollment server process continues by creating a second asymmetric key pair on behalf of the Subscriber. This key pair will be designated for key encipherment. The public key of the key pair is combined with identification information and transformed into a certificate request. 7. The Certificate enrollment server process sends both certificate requests to the appropriate CIGNA CA for certificate issuance. 8. The appropriate CIGNA CA issues the certificates corresponding to the Subscriber s two certificate requests and returns them to the Certificate enrollment server process. 9. The Certificate enrollment server process publishes both certificates, copies the key encipherment key pair and certificate to a secure archive server, and installs the key encipherment key pair and both certificates in the Subscriber s Web browser. 10. The Subscriber is required to use their new SSL authentication certificate to authenticate to an SSL-protected Web page for proof of receipt. This transaction is logged by the application for exception review. 11. The Certificate enrollment server process finishes by automatically sending an e- mail to the Subscriber, thereby confirming the certificate registration process has been completed. 5. Operational Requirements 5.1 Key Generation The Subscriber invokes the generation process from a client application. One of two 1024-bit RSA key pairs is created locally through a Microsoft Internet Explorer (IE) 5.x or higher Web browser (or through Netscape 5.X or higher if desired by non-cigna employees, agents or computing resources) for the purposes of digital signature and client authentication. The second key pair for the purpose of key encipherment is created by server-side processes. The key pairs are passed to the CA to be transformed into certificates and a copy of the key-encipherment keys and certificate are archived. The certificates are passed back to the client. 5.2 Key Archival CIGNA may keep a protected copy of the Subscriber s key-encipherment key and certificate for CIGNA business purposes. CIGNA does not keep any copies of the signing key or the authentication key. 8

5.3 Certificate Acceptance The Subscriber is required to use their new SSL authentication Certificate to authenticate to an SSL-protected Web page for proof of receipt. The Subscriber is also given an opportunity to refute the request by responding to the automated e-mail event. 5.4 Certificate Validity Period A Subscriber Certificate is valid for a period of up to three years. Certificates are signed by the CIGNA Root CA (which certificate is valid for a period of 12 years) and the CIGNA Internal Sub CA (which certificate is valid for a period of six years). 5.5 Certificate Revocation The process for revoking a Subscriber Certificate can be performed by the Subscriber to whom the certificate in question was issued, or by a PKI administrator. In both cases, revocation will not be communicated and available to the public until the next CRL is published. A Subscriber must authenticate using their SSO user ID and password to access the key administration application. The Subscriber then selects the Certificate(s) to revoke; then, indicates a reason for revocation and provides further authentication information. This transaction is audited for exception review. A PKI administrator must authenticate to the certificate revocation administrative interface using a digital certificate on a smart card. From there, the administrator may select the Certificate(s) to revoke and provide the reason for revocation. 5.6 Certificate Renewal The process for renewing a Subscriber Certificate will include equivalent steps to the foregoing. Subscriber will register for new Certificates upon expiration of valid Certificates. 5.7 Certificate Use A Subscriber is required to use their new SSL authentication certificate during the registration process to authenticate to an SSL-protected Web page for proof of receipt. This transaction is logged by the application for exception review. No further proof of possession of a private key is required for Certificate use. 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback