A certification service provider shall specify the following particulars in respect of key pair generation and installation:
1.Who generates the public, private key pair of subscribers
2.Where the private key is not generated by the subscriber, how is it provided securely to the subscriber
3.How is the certification service provider’s　public key provided securely to subscribers or relying parties
4.Key sizes
5.Key parameters generation and the parameter quality checking
6.Keys usage purposes

A certification service provider shall specify the following particulars in respect of private key protection:
1.Whether cryptographic module meets certain standards
2.Whether the private key is under n out of m multi-person control
3.Whether the private key is escrowed, backed up, archived, or transferred and stored in a cryptographic module; if applicable, what methods and procedures are
4.Methods of activating, deactivating, and destroying the private key

A certification service provider shall specify the operational period of the certificates, whether the public key is archived, and the usage periods for the key pair.

A certification service provider shall specify the protection mechanism of activation data.

A certification service provider shall specify measures for software system and network security controls.