Ensure to have a CP and CPS created to suit the organization's
needs and ensure the PKI infrastructure meets all standards and
requirements with respect to the CP and CPS.
Any changes or addition of features ensure to capture in the CP
and CPS documents.
Ensure to renew the CA certificates (root and subordinate)
within half its lifecycle.
Enterprise key and certificate security policies should align
with the latest regulatory, industry-standard recommendations, and
guidelines such as key storage, secure communication protocols
(TLSv1.2), cryptographic algorithms (RSA-2048), and hashing
algorithms (SHA-2).
Enterprise security architects should constantly monitor
security standard recommendations and periodically update the
enterprise's security policy.
Ensure all security events are audited and a periodic security
audit is performed to validate the security adherences and
metrics.
Encourage short-lived certificates for all key usages.