On the request Digidentity B.V. (hereafter referred to as: Digidentity), the annual certification audit on all areas and processes was performed by BSI Group The Netherlands B.V. (John M. Keynesplein 9, 1066 EP Amsterdam, The Netherlands).
The full audit covered all applicable requirements from the audit criteria listed below (see “Audit Information”) and are defined in Digidentity’s Statement of Applicability, dated 25 September 2023, and the Overview of applicability, dated 1 August 2023
The scope of the assessment comprised the following Trust Service Provider component services:
-,,Registration Service
-,,Certificate Generation Service
-,,Dissemination Service
-,,Revocation Management Service
-,,Revocation Status Service
-,,Subject Device Provision Service
The TSP component services are performed, partly or completely by subcontractors under the final responsibility of Digidentity.
These TSP component services are being provided for the following trust services:
-,,Issuance of public key certificates (non-qualified trust service) in accordance with the policies: NCP, NCP+, OVCP
The certificates are issued through the issuing Certification Authorities, as specified below:
Root CA: Staat der Nederlanden Private Root CA - G1 (not in scope)
Domain CA: Staat der Nederlanden Private Services CA - G1 (not in scope)
-,,Issuing CA: Digidentity PKIoverheid Private Services CA – G1
Sha256 Fingerprint:
BFE8F634772B0EC2CD2A41A17FC7612577D7E24F934073DEC89A991B6169687E
+,,Private Server (OID 2.16.528.1.1003.1.2.8.6), in accordance with policy NCP
Root CA: Staat der Nederlanden Root CA - G3 (not in scope)
Domain CA: Staat der Nederlanden Organisatie Persoon CA - G3 (not in scope)
-,,Issuing CA: Digidentity BV PKIoverheid Organisatie Persoon CA - G3 (OID 2.16.528.1.1003.1.3.5.8.2)
Sha256 Fingerprint:
533FE97EB45FCED24049E41EFE9DB254A5DD9D90DFD53C9512C6207EDB21D82C
+,,Authentication (OID 2.16.528.1.1003.1.2.5.1), in accordance with policy: NCP+
+,,Encryption (OID 2.16.528.1.1003.1.2.5.3), in accordance with policy: NCP+
Domain CA: Staat der Nederlanden Burger CA - G3 (not in scope)
-,,Issuing CA: Digidentity BV PKIoverheid Burger CA – 2021 (OID 2.16.528.1.1003.1.3.3.2.1)
Sha256 Fingerprint:
9C64E24D2CAAA8DD45EF99BA62277CEEE6005C663624514B8C770E2D075BB611
+,,Authentication (OID 2.16.528.1.1003.1.2.5.1), in accordance with policy: NCP+
+,,Encryption (OID 2.16.528.1.1003.1.2.5.3), in accordance with policy: NCP+
Domain CA: Staat der Nederlanden Organisatie Services CA - G3 (not in scope)
-,,Issuing CA: Digidentity BV PKIoverheid Organisatie Services CA - 2021 (OID 2.16.528.1.1003.1.3.5.8.3)
Sha256 Fingerprint:
827A6B205D2E73FF379286DD0B2DED5AEC7239EFE6BC8CACB03ABCCD84B95750
+,,Authentication (OID 2.16.528.1.1003.1.2.5.4) in accordance with policy: NCP+
+,,Encryption (OID 2.16.528.1.1003.1.2.5.5) in accordance with policy: NCP+
Root CA: Digidentity SSCD Root CA
Sha256 Fingerprint:
C20451BD93D8FD6D0C43CD5CE832877FD5614055875126D170910E1209C9B77D
-,,Issuing CA: Digidentity Personal Qualified CA
Sha256 Fingerprint:
03E1AAEF72329B4DA1FCF0BA75FCB7B2F2F34B25AADE701AAAEACC0F65A3B4C4
+,,Authentication (OID 1.3.6.1.4.1.34471.3.1.1), in accordance with policy NCP+
+,,Encryption (OID 1.3.6.1.4.1.34471.3.1.2), in accordance with policy NCP+
-,,Issuing CA: Digidentity Business Qualified CA
Sha256 Fingerprint:
21E5D8CFBC2430AA45AD86D38394AE97B359C0E88835E4DE5E0AD1CE92A8201D
+,,Authentication (OID 1.3.6.1.4.1.34471.3.2.1), in accordance with policy NCP+
+,,Encryption (OID 1.3.6.1.4.1.34471.3.2.2), in accordance with policy NCP+
-,,Issuing CA: Digidentity Personal Advanced CA
Sha256 Fingerprint:
E152892576F4B40B1496F60F6711AA14C2AD54BAFE355331EE6E47397301E962
+,,Authentication (OID 1.3.6.1.4.1.34471.3.3.1), in accordance with policy NCP+
+,,Encryption (OID 1.3.6.1.4.1.34471.3.3.2), in accordance with policy NCP+
+,,Non-Repudiation (OID 1.3.6.1.4.1.34471.3.3.3), in accordance with policy NCP+
The Certification Authority processes and services are documented in the following documents:
-,,Certificate Practice Statement - PKIoverheid certificates, 2023v1, 8 August 2023, valid from: 15 August 2023
-,,PKI Disclosure Statement –PKIoverheid certificates, 2023v1, 8 August 2023, valid from: 15 August 2023
-,,Certificate Policy & Certificate Practice Statement Digidentity Certificates, 2023v1, 8 August 2023, valid from: 15 August 2023
-,,PKI Disclosure Statement - Digidentity Certificates, 2023v1, 8 August 2023, valid from: 15 August 2023
Our annual certification audit was performed in September, October, November 2023.
The result of the full audit is that based on the objective evidence collected during the certification audit for the period from 1 November 2022 through 31 October 2023, the areas assessed for:
-,,Issuance of public key certificates (non-qualified trust service), in accordance with the policies: NCP, NCP+, OVCP.
were generally found to be effective, based on the applicable requirements defined in Digidentity’s Statement of Applicability, dated 25 September 2023, and the Overview of applicability, dated 1 August 2023.
We confirm that the following identification method(s) provide equivalent assurance in terms of reliability to physical presence, pursuant to Regulation (EU) 910/2014 (eIDAS) art. 24.1 sub d, for the trust services (and Identity Proofing Context) covered by this Certificate of Conformity:
+,,Digidentity Remote Identity Proofing Level of Assurance 3 – EU Advanced or eIDAS Substantial”, supporting the ETSI TS 119461 Use Cases for Unattended remote identity proofing (9.2.3): "Hybrid manual and automated operation" (9.2.3.3)" and Automated Operation (9.2.3.4), and (where applicable) “Identity proofing of Legal Person” (9.3); and “Identity proofing of Natural Person representing Legal Person” (9.4).
Audit information:
Audit criteria:
-,,Regulation (EU) N 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, Chapter III – Trust Services
-,,ETSI EN 319 401 v2.3.1 (2021-05) General Policy Requirements for Trust Service Providers
-,,ETSI EN 319 411-1 v1.3.1 (2021-05) Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates - Part 1: General requirements, for the policies: NCP, NCP+, OVCP and PTC
Subordinate to ETSI EN 319411-1:
-,,ETSI TR 119 461 v1.1.1 (2021-07): Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service components providing identity proofing of trust service subjects
-,,CA/Browser Forum – Network and Certificate System Security Requirements v1.7 (5 April 2021)
-,,PKIoverheid - Programma van Eisen v4.11 (2023), part 3 Basiseisen, part 3 Aanvullende eisen and the requirements from parts 3a, 3b, 3c, 3h
Audit Period of Time:
1 November 2022 through 31 October 2023
Audit performed:
September, October, November 2023
Information and Contact:
BSI Group the Netherlands B.V., John M. Keynesplein 9, 1066 EP Amsterdam, NL
|