US: Device enrollment - Secure Internet (ITS)
Description:
This solution is used within the U.S.. It combines standards associated with US: Device enrollment with those for I-I: Secure Internet (ITS). The US: Device enrollment standards include upper-layer standards required to support device enrollment services. The I-I: Secure Internet (ITS) standards include lower-layer standards that support secure communications between ITS equipment using X.509 or IEEE 1609.2 security certificates.
Comm Profile: I-I: Secure Internet (ITS)
Standards in Profile:
Level | Doc # | Standard | Description |
Access
|
|
Internet Subnet Alternatives
|
A set of alternative standards that includes any Subnet Layer method of connecting to the Internet.
|
Mgmt
|
|
Bundle: SNMPv3 MIB
|
A bundle of standards (RFCs) that groups the common management information bases (MIBs) used to manage IP networks at the transport layer and below using SNMPv3.
|
Security
|
|
Secure Session Alternatives
|
A set of alternative standards that identifies standards that are used to establish and maintain secure Internet sessions. If an information exchange does not require encryption, the (D)TLS session can negotiate NULL encryption. NOTE: If TCP is selected in the TransNet Layer, one of the TLS alternatives must be selected from this alternative set; if UDP is selected in the TransNet Layer, one of the DTLS alternatives must be selected from this alternative set.
|
TransNet
|
|
Internet Transport Alternatives
|
A set of alternative standards that identifies the two major options for the transport layer for mainstream IP-based deployments.
|
TransNet
|
|
IP Alternatives
|
A set of alternative standards that allows for the selection of IPv4 or IPv6.
|
Data Profile: US: Device enrollment
Standards in Profile:
Level | Doc # | Standard | Description |
Facilities
|
IEEE 1609.2.1
|
IEEE 1609.2.1 WAVE - Certificate Management
|
This standard specifies certificate management protocols to support provisioning and management of digital certificates, as specified in IEEE Std 1609.2, to end-entities, i.e. entities other than certificate authorities.
|
ITS Application Entity
|
|
Application Specific
|
A placeholder representing that an ITS Information Entity is not required for this support service.
|
Security
|
IEEE 1609.2.1
|
IEEE 1609.2.1 WAVE - Certificate Management
|
This standard specifies certificate management protocols to support provisioning and management of digital certificates, as specified in IEEE Std 1609.2, to end-entities, i.e. entities other than certificate authorities.
|
Readiness Description:
One significant or possibly a couple minor issues. For existing deployments, the chosen solution likely has identified security or management issues not addressed by the communications solution. Deployers should consider additional security measures, such as communications link and physical security as part of these solutions. They should also review the management issues to see if they are relevant to their deployment and would require mitigation. For new deployments, the deployment efforts should consider a path to addressing these issues as a part of their design activities. The solution does not by itself provide a fully secure implementation without additional work.
Last Updated 4/16/2024