PKI Assessment

This aims at providing our clients with a valuable risk report, a road-map to enhancements and a way to prioritize data security investments.

DataSec-Plus leverages its customized framework for Public Key Infrastructure (PKI) Assessments.

The framework is based on NIST guidelines/framework and industry best practices for PKI. Our goal is to identify specific gaps within our clients existing PKI and make recommendations for optimization and improvement.

Review Current PKI State

Review Clients’ existing PKI processes and procedures across the Clients’ environment. Review shall cover an assessment of current certificate requests, issuance and provisioning processes, and policies.

Review of current Certificate Inventory

Analyze Client's current certificates inventory. Scope: Server Transport Layer Security (TLS), Code Signing, Secure/Multipurpose Internet Mail Extensions(email S/MIME), and client and device certificates. 

PKI Recommendations

Assist the Clients in defining a future state for comprehensive certificate management. Targeted Goals:

• Enhanced security & governance
• Consolidation and simplification of tools/ processes.
• Automation/Orchestration/Provisioning (e.g. End-to-End Certificate Lifecycle management, ServiceNow Integration, etc.)
• Cost optimization

Strategy for PKI

Partner with the Clients in developing a PKI-centric strategy on the observations from the review program analysis, the Clients certificate inventory analysis, and the defined future state.

Over nine weeks project engagement delivery.

PKI Design / Implementation

DataSec-Plus guides Clients through PKI deployment, from the initial designing process to the key ceremony, within their organizations.

Targeted documentation for successful implementation:

• Design document
• Detailed implementation guide
• An operations guide
• Disaster recovery

PKI – Design/Implementation Service

PKI’s weaknesses put any organization at risk. Designing and implementing a successful PKI to meet clients needs. We partner with you to design the PKI (on-prem PKI and Cloud-based PKI). Post design, we assist clients to implement/migrate PKI technology and infrastructure, including the Root and Issuing or Subordinate CAs as well as developing PKI policies, rules, and operational processes in alignment with any business needs.

Analyze your PKI Requirements

Engagement Phase shall cover the following:

• Identification of stakeholders and information gathering sessions.
• Review of the current process business units are using.
• Analysis of Clients provided certificate inventory.
• Identification of gaps and opportunities.
• Define future state plan.

Price on the quotation.