{"id":14,"date":"2014-06-11T11:06:14","date_gmt":"2014-06-11T11:06:14","guid":{"rendered":"http:\/\/marcbook.local\/wds\/playground\/cybertrust\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/"},"modified":"2023-05-15T23:07:02","modified_gmt":"2023-05-16T06:07:02","slug":"new-guidance-for-securing-public-key-infrastructure","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/","title":{"rendered":"New Guidance for Securing Public Key Infrastructure"},"content":{"rendered":"<p>Public Key Infrastructure (PKI) is used as a building block to provide key security controls, such as data protection and authentication for organizations. Many organizations operate their own PKI to support things like remote access, network authentication and securing communications. The threat of compromise to IT infrastructures from attacks is evolving. The motivations behind these attacks are varied, and compromising an organization\u2019s PKI can significantly help an attacker gain access to the sensitive data and systems they are after. To help enterprises design PKI and protect it from emerging threats, Microsoft IT has released a detailed technical reference document &#8211; \u201c<strong><a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/dn786443.aspx\">Securing Public Key Infrastructure<\/a><\/strong>.\u201d The document provides recommendations for numerous aspects of PKI, including:<\/p>\n<ul>\n<li><span style=\"font-size: small;\">Common vectors for PKI compromise<\/span><\/li>\n<li><span style=\"font-size: small;\">Planning cryptographic algorithms and certificate usages<\/span><\/li>\n<li><span style=\"font-size: small;\">Designing physical security<\/span><\/li>\n<li><span style=\"font-size: small;\">Implementing technical controls to secure PKI<\/span><\/li>\n<li><span style=\"font-size: small;\">Protecting PKI artifacts and assets<\/span><\/li>\n<li><span style=\"font-size: small;\">Monitoring PKI for malicious activity<\/span><\/li>\n<li><span style=\"font-size: small;\">Recovering from a compromise<\/span><\/li>\n<\/ul>\n<p>The document is recommended for enterprise security professionals who have responsibility for designing, implementing, maintaining or governing a PKI. The recommendations discussed in the document are largely based on Microsoft\u2019s Information Security and Risk Management (ISRM) organization\u2019s experience, which is accountable for protecting the assets of Microsoft IT and other Microsoft business divisions, and advising a selected number of Microsoft\u2019s Global 500 customers.<\/p>\n<div style=\"clear: both;\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Public Key Infrastructure (PKI) is used as a building block to provide key security controls, such as data protection and authentication for organizations. Many organizations operate their own PKI to support things like remote access, network authentication and securing communications.<\/p>\n<p>The threat of compromise to IT infrastructures from attacks is evolving. The motivations behind these attacks are varied, and compromising an organization&rsquo;s PKI can significantly help an attacker gain access to the sensitive data and systems they are after.<\/p>\n<p>To help enterprises design PKI and protect it from emerging threats, Microsoft IT has released a detailed technical reference document &#8211; &ldquo;<strong><a href=\"\/controlpanel\/blogs\/posteditor.aspx\/&lt;strong&gt;http:\/aka.ms\/securingpkidl&lt;\/strong&gt;\">Securing Public Key Infrastructure<\/a><\/strong>.&rdquo; <a href=\"\/b\/security\/archive\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure.aspx\">Read more<\/a><\/p>\n","protected":false},"author":61,"featured_media":9203,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ms_queue_id":[],"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","footnotes":""},"content-type":[3662],"topic":[],"products":[],"threat-intelligence":[],"tags":[3822],"coauthors":[1954],"class_list":["post-14","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","tag-microsoft-security-insights"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>New Guidance for Securing Public Key Infrastructure | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Guidance for Securing Public Key Infrastructure | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"Public Key Infrastructure (PKI) is used as a building block to provide key security controls, such as data protection and authentication for organizations. Many organizations operate their own PKI to support things like remote access, network authentication and securing communications. The threat of compromise to IT infrastructures from attacks is evolving. The motivations behind these attacks are varied, and compromising an organization&rsquo;s PKI can significantly help an attacker gain access to the sensitive data and systems they are after. To help enterprises design PKI and protect it from emerging threats, Microsoft IT has released a detailed technical reference document - &ldquo;Securing Public Key Infrastructure.&rdquo; Read more\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2014-06-11T11:06:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T06:07:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2014\/09\/2014-09-07_20-21-03.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"819\" \/>\n\t<meta property=\"og:image:height\" content=\"470\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tim Rains\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tim Rains\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/timrains\/\",\"@type\":\"Person\",\"@name\":\"Tim Rains\"}],\"headline\":\"New Guidance for Securing Public Key Infrastructure\",\"datePublished\":\"2014-06-11T11:06:14+00:00\",\"dateModified\":\"2023-05-16T06:07:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/\"},\"wordCount\":221,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2014\/09\/2014-09-07_20-21-03.jpg\",\"keywords\":[\"Microsoft Security Insights\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/\",\"name\":\"New Guidance for Securing Public Key Infrastructure | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2014\/09\/2014-09-07_20-21-03.jpg\",\"datePublished\":\"2014-06-11T11:06:14+00:00\",\"dateModified\":\"2023-05-16T06:07:02+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2014\/09\/2014-09-07_20-21-03.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2014\/09\/2014-09-07_20-21-03.jpg\",\"width\":819,\"height\":470},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New Guidance for Securing Public Key Infrastructure\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Guidance for Securing Public Key Infrastructure | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/","og_locale":"en_US","og_type":"article","og_title":"New Guidance for Securing Public Key Infrastructure | Microsoft Security Blog","og_description":"Public Key Infrastructure (PKI) is used as a building block to provide key security controls, such as data protection and authentication for organizations. Many organizations operate their own PKI to support things like remote access, network authentication and securing communications. The threat of compromise to IT infrastructures from attacks is evolving. The motivations behind these attacks are varied, and compromising an organization&rsquo;s PKI can significantly help an attacker gain access to the sensitive data and systems they are after. To help enterprises design PKI and protect it from emerging threats, Microsoft IT has released a detailed technical reference document - &ldquo;Securing Public Key Infrastructure.&rdquo; Read more","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/","og_site_name":"Microsoft Security Blog","article_published_time":"2014-06-11T11:06:14+00:00","article_modified_time":"2023-05-16T06:07:02+00:00","og_image":[{"width":819,"height":470,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2014\/09\/2014-09-07_20-21-03.jpg","type":"image\/jpeg"}],"author":"Tim Rains","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Tim Rains","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/timrains\/","@type":"Person","@name":"Tim Rains"}],"headline":"New Guidance for Securing Public Key Infrastructure","datePublished":"2014-06-11T11:06:14+00:00","dateModified":"2023-05-16T06:07:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/"},"wordCount":221,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2014\/09\/2014-09-07_20-21-03.jpg","keywords":["Microsoft Security Insights"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/","name":"New Guidance for Securing Public Key Infrastructure | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2014\/09\/2014-09-07_20-21-03.jpg","datePublished":"2014-06-11T11:06:14+00:00","dateModified":"2023-05-16T06:07:02+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2014\/09\/2014-09-07_20-21-03.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2014\/09\/2014-09-07_20-21-03.jpg","width":819,"height":470},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/06\/11\/new-guidance-for-securing-public-key-infrastructure\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"New Guidance for Securing Public Key Infrastructure"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/14","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/61"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=14"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/14\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/9203"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=14"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=14"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=14"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=14"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=14"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=14"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=14"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}