Index of documents supporting the Grant of Approval to Home Office IT’s Police Service IAM Central Services CA service.
| Base Approval Profile | tSd0111 | 3.00 |
| Approval Profile for Registration Services | tSd0042 | 3.02 |
| Approval Profile for a Certification Authority | tSd0102 | 3.01 |
| Approval Profile for Certificate Generation | tSd0104 | 3.01 |
| Approval Profile for Certificate Dissemination | tSd0105 | 3.01 |
| Approval Profile for Certificate Status Management | tSd0106 | 3.01 |
| Approval Profile for Certificate Status Validation | tSd0107 | 3.01 |
What the tScheme Approved Service Mark signifies
When a trust service carries the tScheme Mark, you can be secure in the knowledge that:
For each service, tScheme approval is regularly reviewed and may be withdrawn.
This Grant of Approval does not affirm or endorse any claims of conformance to standards or adherence to guidelines not explicitly listed as forming part of the service assessment.
Approved Service - Service Description
The subject service of this Grant of Approval is the Home Office trust service known as the Identity and Access Management Central Services Certification Authority (IAM CSCA).
The IAM Central Services solution is designed to provide a common yet robust authentication and authorisation service for accessing applications by the policing community and related organisations. The IAM Central Services solution is considered to be an essential enabler for the secure sharing of information that is contained within police service information systems and provides the following capabilities:
The IAM CSCA is governed by the IAM Strategic Management Authority (IAM SMA), a sub-group of the Police Information Assurance Board, and operated on their behalf by the Home Office.
The IAM SMA publishes the Police Service PKI Certificate Policies and the Police Service PKI Class 2 Device Certificate Policy that define the requirements with which all participants of the Police Service PKI must comply.
The IAM Central Services CA Certificate Policy Disclosure Statement (CPDS) provides excerpts and summary information from the Certificate Policies, relevant to subscribers and relying parties of the IAM CSCA. The Certificate Policies and CPDS are published to relying parties via the Criminal Justice Extranet (CJX) and are available on request from the IAM SMA Secretariat (iam@homeoffice.gsi.gov.uk).
The IAM CSCA is a component of the Home Offide Identity and Access Management service, which provides strong identity assurance of police workers to enable secure, controlled access to national and regional police information systems.
The IAM CSCA primarily issues high-assurance end-user certificates for the purposes of authenticating to police information systems, creating digital signatures on documents and protecting the confidentiality of sensitive data. The service also supports the issuance of certificates to end-entity servers and devices operated by police, government and partner organisations for the purposes of system authentication and data integrity.
Identity assurance is provided through the verification of the identity of individuals, to whom certificates will be issued, beyond reasonable doubt.
The IAM CSCA performs both Certificate Authority (CA) and Registration Authority (RA) functions. RA functions are also performed by organisations that subscribe to the IAM CSCA through the IAM Managed Service and other authorised Registration Authorities. IAM Managed Service subscribers are primarily criminal justice organisations that contract with the IAM CSCA or authorised Registration Authorities for PKI trust services.
The IAM Managed Service allows subscribing organisations to perform the identity verification and enrolment of end users and device certificate representatives in accordance with IAM SMA-approved policies and procedures, prior to submitting certificate requests to the IAM CSCA.
The IAM CSCA provides relying parties with certificate status information, in the form of Certificate Revocation Lists, to validate certificates within their applications.
Participants in the electronic trust services industry strive: