Skip to main content

5. Facility, management and operational controls

This section describes high-level published controls. Sensitive operational details (detailed procedures, personnel names, AWS ARNs, account numbers, KMS identifiers) are not published here: they live in the internal corpus produced by US-CA-02 (security and contingency plans).

5.1 Physical controls

Pending.

5.2 Procedural controls

Pending. Trusted roles, separation of duties.

5.3 Personnel controls

Pending.

5.4 Audit logging procedures

Pending.

5.5 Records archival

Pending. Retention ≥ 11 years (ETSI EN 319 411-2 + DGII Norma 06-2018).

5.6 Key changeover

Pending.

5.7 Compromise and disaster recovery

Pending. Operational details in US-CA-02.

5.8 CA termination

Pending. Operational details in US-CA-02.

5.1 Physical controls
5.2 Procedural controls
5.3 Personnel controls
5.4 Audit logging procedures
5.5 Records archival
5.6 Key changeover
5.7 Compromise and disaster recovery
5.8 CA termination