A licensed certification authority shall make, keep, and preserve records that demonstrate compliance with:
A licensed certification authority shall maintain a database file that contains:
records of the identity of the subscriber named in each certificate issued by the certification authority, including all the facts represented in the certificate other than the extension data referenced in X.509;
the date of issuance of the certificate; and
the certificate serial number as defined in X.509.
A licensed certification authority shall maintain a database file of certificate-related time-stamps issued by the certification authority, including the name of the subscriber, a reference to the certificate used in the transaction such as a serial number, and a description of the item being time-stamped.
All records retained under this part must be kept by the licensed certification authority for at least ten years.
Records may be inscribed on any tangible medium or stored in an electronic or other medium so long as they are retrievable, readable, accurate, complete, and accessible. The records must be indexed, stored, preserved, and reproducible so as to be authentic, reliable, complete, and accessible. Certificate extension data, referenced in X.509, is not required to be part of any publicly accessible record.
23 SR 1352
October 27, 2003