/*

We value your privacy

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Cookie Policy

Customise Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorised as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors.

Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.

/*]]>*/
TEKRiSQ | Technology Risk Assessment Platform  

X.509 Certificate

March 5, 2022

How Can We Help?

X.509 Certificate

Created On
Last Updated On
Views17
You are here:
< Back

What is an X.509 Attribute Certificate?

DEFINITION: The X.509 public-key certificate or the X.509 attribute certificate, as defined by the ISO/ITU-T X.509 standard. Most commonly (including in this document), an X.509 certificate refers to the X.509 public-key certificate.
SOURCE: SP 800-57 Part 1

x.509 certificate cybersecurity best practices insurance cyber risk assessment

What is the Impact of X.509 Today? 

X.509 certificates & keys are an area of focus today as cyberattacks rise. Private keys are casually stored in devices handling SSL/TLS termination, and in most cases, in plain text without basic encryption. Most enterprises still use manual methods for certificate renewal and SSL certificate generation. This means that people who have full access to a key and its passphrase, or may have a plain text version of the key. The key and certs are stored in various devices and appliances that are managed independently.

This raises a serious concern that an attack on the device or tool storage can compromise private keys. Anyone who has access to the keys can decrypt traffic that flows to the original site, and they can set up phishing sites & steal information and sessions…. a security nightmare.

Supply Chain Relevance

There have been several threats targeting supply chains. These threats can compromise the security of supply chains and can affect the quality and/or safety of products. There is a proposal for a framework for mitigating supply chain threats being circulated. This is where all organizations in the supply chain self-assess their compliance to regulations/requirements. The results of the assessment will be shared with other organizations. In this report, an information-sharing platform using an ITU-T X.509 attribute certificate (ITU-T X.509-1997, ITU-T X.509-2000, IETF RFC 5755) is proposed. The attribute certificate is issued in order to prove that a certain requirement is satisfied and which is shared across the supply chain. An established framework for the issue, deployment and revocation of the certificate can be used. Another benefit of using ITU-T X.509 is that an existing software library for the implementation of the platform can be used.

See Use Case for X.509 For Supply Chains

Tags:

© Copyright 2025 TEKRiSQ, INC. All rights reserved.
Website by: Colophon

TEKRiSQ BBB Business Review