Securing Public Key Infrastructure (PKI)
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012
For a downloadable version of this PKI content, see https://aka.ms/securingpki
This content contains recommendations for establishing a robust, secure PKI to help organizations provide basic security controls such as confidentiality and integrity to key business processes. When properly implemented, a PKI becomes a foundational component used to build effective information security controls over information resources. PKI plays a critical role in the protection of sensitive business data and is an enabling technology that enhances information systems security and promotes secure electronic commerce.
This content contains guidance and recommendations necessary for establishing a Certification Authority (CA), an understanding of the physical controls for securing a PKI, the processes vital to establishing a PKI, the technical controls for securing a PKI, procedures for planning certificate algorithms and their usages, procedures for protecting CA Keys and critical artifacts, monitoring the PKI, and compromise response. Information security and risk management practitioners will find the policies, procedures, and recommendations to be a significant contribution to their understanding in the practical implementation of a robust PKI.
This content contains the following sections:
Securing PKI: Appendix B: Certification Authority Audit Filter
Securing PKI: Appendix C: Delegating Active Directory PKI Permissions
Securing PKI: Appendix F: List of Recommendations by Impact Level
Security and Protection
Secure Windows Server 2012 R2 and Windows Server 2012