Contact   |   Sitemap

TrustedCA and TrustedRA are the best PKI audits in the industry

eValid8 public key infrastructure (PKI) audits are centered on certification authorities (CA) and registration authorities (RA) activites. Based upon the ISO 21188 framework, our audits examine the technology, people, policies, systems and processes related to the creation, management, storage, issuance, and distribution of digital certificates. PKI audits are needed to demonstrate that your systems and processes can be trusted, they meet the required regulations and have been audited by a certified auditing firm.  The eValidated methodology is centered on a policy framework know as IETF RFC 3647 or 2527 – this is based on the Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. This is a comprehensive framework and all sections of this are assessed.  Our PKI audits are performed in accordance with current Federal PKI guidelines, ISO 21188 and industry best practices.  Our methodology also covers the following aspects:

  • Review the certificate authority network to the nearest firewall;
  • Review hardware security;
  • Review public and private directories;
  • Physical facilities;
  • Interviews with personnel to check skills;
  • Review training;
  • Review environment (HVAC, Power etc);
  • Key signing ceremonies;
  • Initial audits;
  • Delta audits;
  • Tri-annual audits;
  • Full compliance audits.

We offer collaborative discussions to clarify any gaps in the audit results and to allow the deficiencies to be addressed.  Once compliance is achieved we provide an internet seal that is a Certificate of Trusted Assurance. These seals are for qualified TrustedCA and TrustedRA solutions. 

The eValidated seal is the only Internet brand that truly provides confidence for  relying party web users, because validation is based upon current standards, industry recognized practices, consistent engagements, and experts administer the program. Our process enables you to protect your company's most important assets and possessions: When you see an eValidated internet seal, it means the organization was exhaustively reviewed and assessed to the highest standards and did not just buy a seal. They earned the right to display this trusted seal because their services passed a thorough, methodically proven, firm but fair auditing process.  Your reputation, name recognition, brand, and  seal are at stake.

Other methodologies such as WebTrust and Better Business Bureau do not conduct PKI compliance audits in accordance with current Federal PKI guidelines, ISO 21188, or industry best practices. In addition, the eValidated TrustedCA program does not require an additional audit like the AICPA WebTrust and its Extended Validation program because we check the entire system the first time.

One audit, one definition of trust, one cost and the best seal of trust -- eValidated as administered exclusively by eValid8.