Aside from the equipment, software and tools required to operate a PKI, the principles of policies, procedures and controls define how trustworthy a PKI really is. Understanding how organization should and should not control and operate their PKI is paramount to properly deriving value from your PKI.
In this book, J.J. Stapleton and W. Clay Epstein layout the basic framework of the Certificate Policy and Certificate Practice Statement. These documents define the overall posture, operation and security procedures of a well-defined PKI.
Whether you are a private organization with no audit requirements or external partnerships, or you are subject to external annual audits, this book walks you through not only what it takes to define these policies, but how you should architecture, write and operate your PKI.
In a world of PKI, it's not about what your obscure, but how you protect what you have in a model of exposure to participating parties.