Trusted Certificate Authority
The WebTrust standards establish security and process control best practices applicable to Certificate Authorities and are intended to ensure confidence in e-commerce transactions as well as PKI technology. The WebTrust seals, illustrating evidence of OATI’s compliance with the WebTrust standards, appear on the OATI webCARES site and allow users of OATI webCARES to be confident that OATI webCARES follows best practices applicable to Certificate Authorities. The Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates describe the requirements that a CA must follow to be publicly trusted by browsers. In addition, many Smart Grid applications, mobile devices, and any other system that communicates over an SSL/TLS rely on the same public trust list.
The WEQ-012 Business Practice Standards were developed with the input of multiple industry participants through the NAESB standards drafting process in order to establish PKI cyber security standards for use in commercial transactions. The WEQ-012 Business Practice Standards set forth specific qualifications that must be met in order to be recognized as an ACA that is qualified by NAESB to provide PKI services.