Notification of rules for Certifying Authorities

THE GAZETTE OF INDIA 
EXTRAORDINARY

Part II- Section 3, Sub-Section (i)

Government of India

Ministry of Information Technology

New Delhi, the 17 th October, 2000

NOTIFICATION

G.S.R.789(E)

In exercise of the powers conferred by section 87 of the Information Technology Act, 2000 (21 of 2000), the Central Government hereby makes the following rules regulating the application and other guidelines for Certifying Authorities, namely:-

1. Short title and commencement.-

  • These Rules may be called Information Technology (Certifying Authorities) Rules, 2000.
  • They shall come into force on the date of their publication in the Official Gazette.

2. Definitions:-

In these Rules, unless the context otherwise requires -

  • "Act" means the Information Technology Act, 2000 (21 of 2000); means Certifying Authority applicant.
  • auditor" means any internationally accredited computer security professional or agency appointed by the Certifying Authority and recognized by the Controller for conducting technical audit of operation of Certifying Authority.
  • "Controller" means Controller of Certifying Authorities appointed under sub-section (1) of Section 17 of the Act.
  • "Digital Signature Certificate" means Digital Signature Certificate issued under sub-section (4) of section 35 of the Act.
  • "information asset" means all information resources utilized in the course of any organisation's business and includes all information, applications (software developed or purchased), and technology (hardware, system software and networks).
  • "licence" means a licence granted to Certifying Authorities for the issue of Digital Signature Certificates under these rules.
  • "licensed Certifying Authority" means Certifying Authority who has been granted a licence to issue Digital Signature Certificates.
  • "person" shall include an individual; or a company or association or body of individuals; whether incorporated or not; or Central Government or a State Government or any of the Ministries or Departments, Agencies or Authorities of such Governments.
  • "Schedule" means a schedule annexed to these rules.
  • "subscriber identity verification method" means the method used to verify and authenticate the identity of a subscriber.
  • trusted person" means any person who has:-
    • direct responsibilities for the day-to-day operations, security and performance of those business activities that are regulated under the Act or these Rules in respect of a Certifying Authority, or
    • duties directly involving the issuance, renewal, suspension, revocation of Digital Signature Certificates (including the identification of any person requesting a Digital Signature Certificate from a licensed Certifying Authority), creation of private keys or administration of a Certifying Authority's computing facilities.
  • words and expressions used herein and not defined but defined in Schedule-IV shall have the meaning respectively assigned to them in that schedule.