Separation of Duties

Separation of Duties (SoD) in CERTInext ensures that critical certificate lifecycle actions are distributed across multiple roles, preventing any single user from having unchecked control over certificate operations.

CERTInext enforces separation of duties through role-based access control, approval workflows, and permission scoping.

Role Segmentation Model

CERTInext allows organizations to assign distinct roles for different responsibilities, such as:

Requesting certificates
Approving certificate actions
Deploying or provisioning certificates
Managing Certificate Authorities
Viewing reports and audit logs

Each role is granted only the permissions required for its function.

Operational Enforcement

Separation of duties is enforced at runtime:

A user who initiates a request cannot approve the same request
CA administrative actions can be restricted to dedicated roles
Deployment permissions can be separated from issuance permissions

This reduces the risk of accidental misconfiguration or malicious misuse.

Compliance and Risk Reduction

By enforcing separation of duties, CERTInext helps organizations:

Meet regulatory and audit requirements
Reduce insider threat risk
Prevent unauthorized certificate issuance or revocation
Establish clear ownership and accountability

All role assignments and role-based actions are fully auditable.

PreviousApproval Roles and Delegation NextAPI tokens and Service Accounts

Last updated 1 month ago

hashtagRole Segmentation Model

hashtagOperational Enforcement

hashtagCompliance and Risk Reduction

Role Segmentation Model

Operational Enforcement

Compliance and Risk Reduction