Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Architecture@ Formats and Policies; Part 3: Information Security Policy Requirements for REM Management Domains (V1.1.1)
The present document specifies requirements on the security of a Registered E-Mail Management Domain (REM-MD). These requirements are based on the REM-MD operating an Information Security Management System as specified in ISO/IEC 27001 [1]. Requirements relating to the handling of messages (e.g. message transfer or storage) which do not impact on the REM related evidence are outside the scope of the present document. The present document uses the concepts and models defined in TS 102 640-1 [i.1]. The present document considers the policy requirements applicable to the REM-MD as a whole. It is the responsibility of the management authority for that domain to ensure the requirements of that domain are met including any requirements which impact on external services.