The present document specifies generally applicable policy and security requirements for Trust Service Providers (TSPs) issuing public key certificates, including trusted web site certificates. The policy and security requirements are defined in terms of requirements for the issuance, maintenance and life-cycle management of certificates. These policy and security requirements support several reference certificate policies, defined in clauses 4 and 5. A framework for the definition of policy requirements for TSPs issuing certificates in a specific context where particular requirements apply is defined in clause 7. The present document covers requirements for CA hierarchies, however this is limited to supporting the policies as specified in the present document. It does not include requirements for root CAs and intermediate CAs for other purposes.