Trusted Certificate Authority

OATI annual examinations currently include System and Organization Controls (SOC) 2 which incorporates National Institute of Standards and Technology Special Publication (NIST SP) 800-53 as well as NERC CIP, WebTrust for Certification Authorities (CAs) – Principles and Criteria, WebTrust for CAs – SSL Baseline with Network Security which includes the CA/Browser (CA/B) Forum Baseline Requirements, and North American Energy Standards Board (NAESB) Wholesale Electric Quadrant (WEQ-012) Public Key Infrastructure (PKI) Business Practice Standards (BPS). As new standards develop in the industry, OATI continues to look at these as “best business practices,” adopting and integrating them into controls.