Prepare for the Digital

Operational Resilience Act

(DORA) with Keyfactor
If you operate in the financial sector in the European Union,
DORA entered into force on the 16th of January 2023, and will apply
as of 17th of January 2025, with significant fines for noncompliance.
See how Keyfactor enables your organization to stay compliant,
secure, and resilient.

Achieving DORA Compliance Keyfactor solutions:

with Keyfactor Quantum-ready PKI
Keyfactor’s EJBCA platform
The Digital Operational Resilience Act (DORA) is a regulation in force
offers a robust PKI program that
for organizations operating in the financial sector in the European Union
offers extensive integration and
aimed at ensuring operational resilience. Achieving DORA compliance
powerful automation capabilities.
is a comprehensive and multifaceted process. It involves assessing and Ensure your sensitive assets
mitigating operational risks, ensuring IT and security resilience, and remain protected and resilient.
complying with various regulatory obligations.
Certificate Lifecycle
Keyfactor has a proven record and technologies that are essential to Management
achieving DORA compliance. Working with over 1,500 enterprises
Keyfactor’s Command offers
globally, including many in the financial sector, and with 5 EU offices,
end-to-end certificate lifecycle
Keyfactor has local representatives and in-region partners to assist. management providing real-time
Keyfactor’s solutions offer a true one-stop-shop for PKI, signing, and discovery, automated renewals,
certificate management, while also making it easy to integrate into an and protection controls.
existing technology stack.
Secure Signing
Keyfactor offers flexibility of deployments from SaaS and cloud-hosted
Protect the integrity of
to on-premise or hybrid deployments for PKI, certificate lifecycle
documents, code, containers,
management, and signing. Organizations can also simplify complexity and software identified from
and reduce internal overhead even further with PKI as a Service , your ICT risk assessment with
combining expert-run PKI with powerful certificate lifecycle automation Keyfactor’s Signum.
in a single cloud platform.
PKI as a Service
Additional measures will be necessary to meet and maintain compliance
With PKIaaS, Keyfactor
with DORA, including people, process, and technology. No single vendor becomes a true one-stop shop
can provide complete DORA coverage as the legislation covers a wide for PKI. It combines expert-run
array of both technology and organizational requirements. However, PKI PKI with powerful certificate
and certificate management are key components of the regulation, and lifecycle automation in a single
organizations must ensure they have robust processes and solutions cloud platform.
in place.
5 Key DORA Regulations and
How to Approach Compliance
When it comes to PKI, certificates, keys, and signing, DORA establishes a high threshold of required
controls and capabilities for compliance. With Keyfactor’s longstanding expertise and experience
with PKI, we can ensure your organization has the right solutions and processes in place for PKI.
Section 4, Article 7 of DORA specifies what is required for cryptographic key management:

DORA Regulation Criteria How to Approach Compliance

Financial entities shall include in the cryptographic Having a properly set up PKI from key generation to retirement requires a PKI
key management policy referred to in Article 6(2), platform with flexibility to run as needed by your organization — in the cloud,
point (d), requirements for managing cryptographic on-prem, self-managed, or as a service. Keyfactor has years of experience
keys through their whole lifecycle, including implementing complex PKI deployments. Our team of experts helps set up the
generating, renewing, storing, backing up, archiving, correct components, protocols, and software for all your organization’s use
retrieving, transmitting, retiring, revoking, and cases to securely manage both internal and publicly trusted digital certificates
destroying those cryptographic keys. throughout their lifecycle.

Financial entities shall identify and implement controls Centrally managing users as well as CA, SSH, and other keys is critical to
to protect cryptographic keys through their whole security. Essential capabilities should include automating alerts for key rotation,
lifecycle against loss, unauthorised access, disclosure, enforcing role-based user permissions, and automating provisioning workflows.
and modification. Financial entities shall design those To demonstrate compliance, software should be able to produce audit log and
controls on the basis of the results of the approved reports on all lifecycle events. Organizations should consider signing solutions
data classification and the ICT risk assessment. for code, documents, and other sensitive assets from the ICT risk assessment.

Financial entities shall develop and implement It’s important to replace existing keys and certificates that have reached end
methods to replace the cryptographic keys in the of life or have been compromised. Software should be able to generate new
case of loss, or where those keys are compromised keys and replace old ones. Having an automated key and certificate rotation
or damaged. program in place reduces the likelihood of compromised keys being able to
access remote servers.

Financial entities shall create and maintain a register Organizations need to discover all potential unknown certificates and keys.
for all certificates and certificate-storing devices for Look for solutions offering real-time visibility into public and private CAs,
at least ICT assets supporting critical or important network endpoints, and key and certificate stores. Administrators should be
functions. Financial entities shall keep that register able to view certificates from a single dashboard and move away from manual
up to date. or siloed approaches that could leave blind spots or become out-of-date.

Financial entities shall ensure the prompt renewal Certificate lifecycle management should include automated certificate renewal.
of certificates in advance of their expiration. Organizations should look for solutions that can automate certificate renewal,
provisioning, and installation with minimal ongoing effort to reduce the likelihood
of outages, misconfigurations, or expiration.

Did you know? Keyfactor’s PKIaaS makes it easy to scale your PKI
and ensure resilience in the cloud with a true all-in-one solution
to everything PKI.
Quantum-ready PKI
Ensuring the security of keys throughout their lifecycle starts with a
trusted certificate authority (CA) and PKI platform, EJBCA Enterprise.
Powered by the most trusted and widely used open-source PKI, EJBCA
is fast to deploy, offers flexible deployment options, scales on-demand, Learn more ↗
and supports any use case.

End-to-end visibility and automation

Getting an accurate register starts with visibility. Establish an enter-
prise-wide inventory of all certificate authorities (CAs) and machine
identities with Keyfactor Command. Easily take back control of your
certificates and keys with automated workflows to reduce the likelihood Learn more ↗
of outages, misconfigurations, or expirations.

Secure Signing
Protect the integrity of documents, code, containers, and software
identified from your ICT risk assessment with secure signing as a service.
Keyfactor Signum protects sensitive keys & documents, automates
Learn more ↗
policy, and integrates with your native tools and build pipeline.

One-Stop PKI Solution

Keyfactor PKI as a Service combines a fully-managed PKI service and
certificate lifecycle automation into a single, cloud-delivered platform.
It’s your PKI, built and operated by experts, to reduce your operational
Learn more ↗
burden, improve efficiency, and provide unmatched security and compli-
ance for regulations like DORA.

Keyfactor brings digital trust to the hyper-connected world with

identity-first security for every machine and human. By simplifying PKI,
Contact us
automating certificate lifecycle management, and securing every device, • www.keyfactor.com
workload, and thing, Keyfactor helps organizations move fast to establish • +1 216 785 2946
digital trust at scale — and then maintain it. In a zero-trust world, every (North America)
machine needs an identity and every identity must be managed.
• +46 8 735 61 01
(Europe)
For more, visit keyfactor.com or follow @keyfactor.