The European Union's Digital Operational Resilience Act (DORA) aims to strengthen the digital resilience of financial institutions. A key element of this regulation is the certificate register , which ensures the systematic collection and management of Public Key Infrastructure (PKI) certificates.

The significance of the DORA certificate register

The certificate registry serves as a comprehensive directory of PKI certificates within an organization. It enables financial institutions to maintain an overview of their digital certificates, monitor their validity, and identify potential security vulnerabilities early on. Regular updates to the registry allow outdated or insecure encryption algorithms to be identified and replaced with current standards, thereby increasing overall cybersecurity.

Requirements according to DORA

According to DORA, financial institutions should maintain a detailed certificate register that includes, among other things, the following information:

• Certificate type : Type of certificate (e.g., SSL/TLS, Code Signing).

• Issue and expiry date : Time of issue and expiry.

• Intended use : Applications or systems in which the certificate is used.

• Responsible persons : Contact information of the responsible employees.

This detailed documentation ensures that all certificates are properly managed and reduces the risk of security incidents due to expired or compromised certificates.

The RTS on ICT risk management (2024/1774) states in Article 7(4): "Financial undertakings shall establish and maintain a register of all certificates and certificate repositories for at least those ICT assets that support critical or important functions. Financial undertakings shall keep this register up to date."

Integration into existing systems

A certificate registry can be implemented using various tools that integrate seamlessly into existing IT infrastructures. These solutions offer features such as automatic notifications of upcoming certificate expiration, support for compliance, and the ability to generate detailed reports for audits.

Support provided by Blackfort Technology

Implementing a DORA-compliant certificate registry can be complex. Blackfort Technology has extensive expertise in this area and offers tailored solutions that integrate seamlessly with your existing infrastructure. Our team will support you in meeting DORA requirements and strengthening your company's digital resilience.

Conclusion

The DORA certificate registry is an indispensable tool for financial institutions to strengthen their digital resilience and meet increasing regulatory requirements. Careful management of PKI certificates minimizes potential risks and ensures the security of digital communication.