Cryptographic Module Working Group Charter

By bringing together experts and stakeholders from across industries, the CM WG will act as a central forum of the PKI Consortium for addressing cryptographic module (CM) and hardware security module (HSM) related topics.

Cryptographic Module Working Group Charter (CM)

This Working Group Charter has been created according to the “Working Groups” section of the Bylaws of the PKI Consortium (“PKIC”). In the event of a conflict between this Charter and any provision in either the Bylaws or the IPR Policy, the provision in the Bylaws or IPR Policy shall take precedence.

Summary of the Working Group

NameCryptographic Module
AbbreviationCM
MissionTo make PKI knowledge more widely available and to provide a mechanism for organizations to attest (potential) employees on their knowledge.
ChairZsolt Rózsahegyi (i4p informatics)
Vice ChairDaniel Cervera (Microsoft)
CommunicationPrivate mailing list, Virtual meetings, Community discussions
Meeting scheduleVirtual meetings: approximately once every two weeks
Type(s) of members eligible to participateAll Member types of the PKIC that express interest in this Working Group
Voting structureAccording to the PKIC Bylaws
ExpirationThis Working Group is chartered indefinitely until it is dissolved
Members3Key Company, Airbus, AppViewX, B.EST Solutions, Common Crypto Authority, COEIA, ComSign, CREAPLUS, Crypto4A, eMudhra, Entrust, Eviden, Fortanix, i4p informatics, Information Network Security Administration of Ethiopia, Keyfactor, Microsoft, Safecipher, SafeLogic, SSL.com, Utimaco,

Introduction

By bringing together experts and stakeholders from across industries, the CM WG will act as a central forum of the PKI Consortium for addressing cryptographic module (CM) and hardware security module (HSM) related topics. Through our collaborative efforts, we aim to improve interoperability between CMs, HSMs, foster the broader adoption of strong security practices, and ultimately enhance the resilience and trustworthiness of the global digital infrastructure.

Scope

The scope of this working group is to provide a comprehensive platform for discussing cryptographic module (CM) and hardware security module (HSM) related topics, for identifying missing, but desirable and also problematic issues and for developing and modifying standards, solutions, suggestions, workarounds, testing environments and certification means for those issues.

Objectives and Goals

The objectives and goals of the Cryptographic Module Working Group are to:

  • Address general cryptographic module related topics and challenges,
  • Coordinate the development of practical and secure solutions to problems on its working plan,
  • Foster the development of certification programs to formally validate interoperability among implementations,
  • Develop test suites, reference architectures, and interoperability guidelines for crypto module interactions,
  • Produce advisory documents, including migration guides, risk assessments, and implementation templates for member use,
  • Enhance the overall security and integrity of digital communications and transactions.

The working plan of the working group defines the exact objectives to be reached, the success criteria, the deliverables and the planned due dates. The working plan shall be reviewed at least every six months and shall be accepted by the Members of the working group.

Means of Communication

A private mailing list is used for communication between Working Group Members. In the mail subjects the “[PKIC-CM]” prefix will be used.

Interested parties can contribute using the community discussions on GitHub, and Working Group Members will actively participate in those discussions.

Planning and action items are managed as issues within the same repository where the deliverables are published.

Membership and Participation

Organizations that are eligible to join this Working Group follow the membership process as described in the Bylaws of the PKIC, section “Membership”.

In accordance with the IPR policy, Members that choose to participate in this Working Group must declare their participation prior to participating by contacting the Chair of this Working Group.

The Chair of this Working Group must establish a list for declarations of participation and manage it in accordance with the PKIC Bylaws and the IPR policy and agreement.

Non-members can participate using the community discussions.

Decision Process

The decision process follows the Bylaws of the PKIC, with reference to sections “Voting” and “Working Group”.

All decisions in this Working Group shall be made by substantial consensus (as determined by the Working Group Chair) of all PKIC Members including interested parties. If substantial consensus cannot be reached (or upon the request of more than 25% of PKIC Members), the matter will be submitted for decision by the Executive Council.

Officers of the Working Group

The officers of the Working Group shall be a Chair and a Vice Chair (who will act as Chair when the Chair is absent). Each officer will be elected for a one (1) year term commencing on July 1 and may be elected to successive terms. Prior to election, the voting Member representatives will be asked who is interested in being elected to the positions. If there is only one candidate for an officer position, the election will occur by consensus. Otherwise, the election will be held by vote (one vote per Member). If there are only two candidates, then the candidate with the most votes wins. If there are more than two candidates, then there will be successive ballots (with the candidate with the fewest votes eliminated each time) until an officer is elected by at least 50% of the votes plus one vote.

IPR Policy

This Working Group is subject to the Intellectual Property Rights Agreement, Code of Conduct, and Bylaws of the PKIC, including the Antitrust Policy.

Antitrust Policy

In accordance with the PKIC antitrust policy, as stated by the PKIC Bylaws, an antitrust statement should be applied and read at the start of all Working Group meetings, in substantially the form written in PKIC Bylaws, chapter “Antitrust Policy”.

Other Applicable Policies

Any relevant PKIC policies defined by the Bylaws must be followed if not specifically excluded by this Working Group Charter.

Amendments to the Charter

This Charter may be amended by a two-third (⅔) vote of the Members of the Working Group.

Participate in our community discussions and/or join the consortium