Secure Electronic Signature Regulations Recognition Process
The Personal Information Protection and Electronic Documents Act Part 2 specifies certain instances when a “secure electronic signature” is required.
Regulations that prescribe the technology and processes that meet the characteristics of a secure electronic signature complete the legal definition of a secure electronic signature. Organizations wishing to be recognized as capable of meeting the requirements of the regulations must be verified by the President of the Treasury Board as being able to do so in a secure and reliable manner.
The “Secure Electronic Signature” regulations which describe the processes and technology for creation of a secure electronic signature (SES) came into force in .
The regulations specify that Certification Authorities (CAs) recognized, as being capable of creating secure electronic signatures, will be listed on the website of the Treasury Board Secretariat.
Only federal government Certification Authorities that have cross-certified with the Canadian Federal PKI Bridge are recognized.
Recognized Certification Authorities
In recognizing the following Certification Authorities, the President of the Treasury Board has verified that the CAs have the capacity to issue digital signature certificates in a secure and reliable manner. Below is contact information regarding the recognized CAs and information concerning the relevant digital certificate(s) issued by each CA.
- Public Works and Government Services Canada
- CA Name: Government Shared Services (GSS) CA
- CA DN: ou=1CA-AC1, ou=GSS-SPG, o=GC, c=CA
- Contact: Contact Certification Authorities at Shared Services at gc.pki.kmc@pwgsc.gc.ca
- Certificate Type: Medium Assurance Digital Signature
- Certificate Policy OID: 2.16.124.101.8.5.1.2.3.4
- Expiry of recognition: 2015-03-31
- Canada Revenue Agency
- CA Name: CRA Internal Services CA
- CA DN: cn=1CA-AC1, ou=CCRA-ADRC, o=GC, c=CA
- Contact: PKIAdminICP@cra-arc.gc.ca
- Certificate Type: CRA Internal Medium Assurance Digital Signature
- Certificate Policy OID: 2.16.124.101.1.272.3.1.0.1.2
- Expiry of recognition: 2022-07-15
- National Defence and the Canadian Armed Forces
- CA Name: DND Designated CA
- CA DN: OU = DNDCA-ACMDN, OU= dnd-mdn, O=gc, C=ca
- Contact: DND PKI Management Office
- Certificate Type: Medium Assurance Digital Signature
- Certificate Policy OIDs: 2.16.124.101.1.259.2.1.1, 2.16.124.101.1.259.2.1.2, 2.16.124.101.1.259.2.1.4
- Expiry of recognition: 2023-10-20
Secure Electronic Signature Regulations Recognition Process
The Secure Electronic Signature Regulations (SESRegs) describe the process for recognizing a Certification Authority as satisfying the Regulations’ requirements.
Before recognizing a person or entity as a certification authority, the President of the Treasury Board must verify that the person or entity has the capacity to issue digital signature certificates in a secure and reliable manner.
The Recognition Process includes the following phases:
- Initiation: Establish the business reasons to have a Certification Authority (CA) recognized under the Secure Electronic Signature Regulations (SESRegs) and to perform the recognition - this may include some financial arrangements. Any Government of Canada (GC) CAs wanting to be recognized must cross-certify with the Canadian Federal PKI Bridge (CFPB). If the candidate CA is external to the Government of Canada (GC), a GC sponsor (a federal government department or agency) is normally required.
- Examination: The candidate CA must demonstrate that their policies and practices are compliant with criteria. The GC cross certification process is the criteria used to establish the required assurance and continued compliance with the SESRegs. Recognition status will be reviewed/renewed annually. At each review/renewal, the candidate CA must re-affirm their continued risk management of their environment. Evidence should be of sufficient detail to satisfy the GC that risks are being appropriately mitigated.
- Arrangement: The owner of the Certification Authority and Treasury Board Secretariat (TBS) will negotiate the terms and conditions of the mutually acceptable arrangement that will spell out respective responsibilities and expectations. This would include the usual clauses about periodic independent audits, no material changes without notice, time permitted to cure non-compliance, arbitration of disputes, etc. The signature of the Chief Information Officer (CIO) of the Government of Canada on the arrangement document will signify that the CA has the capacity to issue digital signature certificates in a secure and reliable manner and hence may be listed on the web site of the Treasury Board Secretariat as being recognized under the Secure Electronic Signature regulations. The posting on TBS web site will include the CA’s name and its operator, the “certificate policy” examined for this compliance (not all types of certificates issued by a CA will be recognized) and the validity period or expiry for the recognition. For the GC CAs, the cross certification MOU will be relied upon as the arrangement.
- Maintenance: Ensures that, once the arrangement is in place, the compliancy and level of trust are maintained over time. Each recognition is governed by the agreement that was created in the Arrangement phase.
Page details
- Date modified: