PKI Implementation Services

We recognise that PKI is just one of many components that make up a modern I&AM infrastructure. With our extensive involvement in industry initiatives such as the TSCP and the DSWG, you can rely on Carillon to provide sound recommendations to enable your company to collaborate in the most efficient manner with your partners, suppliers, and customers. Carillon works with clients who have identified that they would like to take advantage of new aerospace industry regulations and standards concerning digital security, whether it's on a small or very large scale, but are unsure how to proceed.

Design the right PKI implementation:

Even when properly observing the many applied principles of PKI, your specific implementation may vary as a function of your current and desired applications, the vendors you decide to work with, cross-platform integration requirements, and other specific circumstances. Carillon Information Security's implementation services will ensure you avoid common and not-so-common pitfalls of PKI implementation, guiding you to a practical and interoperable solution. Common requests for assistance for PKI implementation that we have fulfilled include:

 Trust Chain diagram
  • Return on Investment and Justification
  • Requirements gathering for PKI implementations
  • Design a PKI to address business needs and achieve regulatory compliance
  • PKI Project steps and timings
  • PKI Project Costing
  • Hardware Components
  • Secure Facility Planning
  • Certificate Authority (CA) Architecture and Certificate Profile Creation
  • Policy and Procedure planning
  • Assistance in writing Certificate Policies (CP)
  • Assistance in writing Certification Practice Statement (CPS)
  • Cross-Certification planning and assistance with Mapping.
  • PKI Pilots - defining and implementing the right pilot deployment
  • Key management: key escrow, key renewal, and revocation
  • Assistance to design and deploy revocation checking technologies (CRL, OCSP, SCVP etc.)
  • Establishing trust across PKI domains
  • Audit regime selection
  • Multi-Jurisdictional issues: US, Europe, Canada, UK
  • Archive and Records Retention
  • Pre-Audit planning
  • Key Ceremony planning and execution
Training:

Operating a PKI requires a very different mindset from normal information technology deployments. While uptime and reliability are certainly important, the factors that must prevail at all times is security and integrity of the PKI. Consequently, knowledge transfer to those operating and governing the PKI is a very important facet of any deployment. For those writing applications and performing integration, it is also critical to understand the principles and mechanics of how a PKI works. To ensure that your team fully realises your investment in PKI, we offer training in:

  • Secure operations of the Trusted Agent and Registration Authority roles
  • CA Operations
  • PKI Trust Architecture design
  • Policy Management and Creation
  • PKI Fundamentals
Technical:

If you are looking for a turnkey solution, or if you already have a good team in place to handle the governance and management aspects of PKI, but just need a hand with the technical details, we can help. The Carillon team has experience with:

  • PKI product interoperability testing and functional analyses
  • Review and selection of appropriate PKI vendor products/services
  • Microsoft Certificate Services Installation and Deployment
  • CA Installation and deployment using OpenSSL and OpenLDAP
  • RedHat Certificate Management Services Installation and Deployment
  • Integrate X.509 digital certificate usage with new and existing applications:
  • Implementing Digital Signatures in web applications
  • Secure Email with S/MIME and SMTPS/SMTP-STARTTLS
  • VPN and secure remote access solutions
  • IPSec
  • 802.11x Wireless EAP/TLS
  • Code Signing
  • Encrypted File System
  • Web Services, including Web Server SSL (server authentication), Certificate-based authentication for Web-based applications, and Federated Identity Management with X.509 credentials
  • Forms / Workflow
  • Specialty Systems including Aircraft Onboard systems
  • Technical support and modification services for the Carillon PKI-enabling tools