SCEE Certification Policy and Minimum Security Requirements

Document that defines a Certification Policy (hereinafter referred to Pcert) for the use of digital certificates for encryption and digital signatures.

This Policy describes certain standards and practices of the Autoridade Certificadora (Certificate Authority) operated by the Entidade Certificadora Raiz do Estado (State Root Certification Authority) to be used in the provision of electronic identification of the Certifying Entities, as necessary, and under the authority of ECEE  (Public Key Infrastructure).

This policy is intended for use by all entities related to the Autoridade Certificadora (Certification Authority) in the State of Portugal, including therein the Entidadades Certificadoras do Estado (State Certifying Entities) and Registration Entities undertaking to adhere to this Policy.

This policy is linked to the Entidade Certificadora Raiz do Estado (State Root Certification Authority) and its governing their performance relative to all certificates issued by it.

Declaration of Certification Practices ECEE

Document defining the specific practices and procedures by which the ECEE implements the requirements of the Certification Policy.

Trusted List (Trusted -Service Status List)

Accredited Certification Entities are entered automatically in this list, in accordance with Directive 1999/93/EC of 13 December 1999.

Standards, Requirements and References

GNS / NT- D 01

Requirements for the Security Auditor Accreditation provided for in Decree No. 25/2004 of 15 July

GNS / NT- D 02

Minimum Safety requirements of Certification Entities

• GNS / NT- D 03

Requirements for Certification Entities that issue Qualified Certificates

• GNS / NT- D 04

Rules for the Certification Entity Audit issuing Qualified Certificates

Sistema de Certificação Electrónica do Estado (SCEE)

The State Electronic Certification System (ECEE) – was created by Decree-Law nº 116-A/2006, of 16th June 2006, to assure the unity, the integration and effectiveness of the strong digital authentication systems in the electronic relations of individuals or legal entities with the State and among public entities.