State of the ITS Industry

‹#›

U.S. Department of Transportation

Research and Innovative Technology Administration

Security Baselining for CME

4CMEs feature a separated CA and RA function and the LA functions

4This adds complexity to traditional PKI design

PKI Design Baseline

4PKI design indicates that no level of vulnerability is acceptable

4Comparative industries protect against vulnerabilities in different ways

Vulnerability Baseline

The International Civil Aviation Organization

4Passive Authentication is the Baseline Security Method

4Advanced Security Methods include Extended Access Control, Data Encryption

ICAO (ePassports)

The Dept. of Defense certificate policy (CP)

4Subscribers have certification practice statements (CPS)

4Can trust outside participants by cross certifying with Federal PKI Policy Authority

Department of Defense

The PCI Data Security Standard (PCI DSS)

4Routine audits, external vulnerability scans, and specific SW/HW controls

4Merchants with high transaction rates require more security measures

Payment Card Industry (PCI)

CME Baselining