This document describes the framework surrounding trust service providers (TPSs) – the concepts and standards related to operations of a TSP. It focuses on EU standards, but also takes into account others where relevant. The document specifically outlines security requirements for qualified and non-qualified trust service providers. It references the most important standards and standardization bodies involved in technical specification, as well as certification, auditing and supervision schemes that can be used in order to qualify as a notified trust service provider. The document also presents result of a survey conducted by ENISA amongst European trust service providers related to the different aspects.
Finally, the document gives some summary recommendations for TSPs considering standards and auditing schemes.
December 20, 2013
Iñigo Barreira, Izenpe, Tomas Gustavsson, Primekey, Alexander Wiesmaier, AGT International, Clara Galan Manso, Ministry of Defense, Spain (Seconded National Expert at ENISA during the time of the study), Sławomir Górniak, ENISA