Operating model and RACI for discovery
Trust Architecture Playbook: Baseline pillar
Effective certificate discovery requires a clearly defined operating model that delineates responsibility across the teams involved:
The PKI or identity platform team is best positioned to own and operate the discovery tooling itself, as they possess the expertise to configure scanning infrastructure, interpret certificate metadata, and evaluate compliance against organizational policy.
Network and application teams play an essential supporting role, providing the access credentials, network visibility, and workload context necessary to ensure scans are both comprehensive and actionable.
Without that cross-functional input, discovery efforts risk producing incomplete inventories where certificates are identified but ownership remains ambiguous. Discovery does not operate in isolation.
Responsible, Accountable, Consulted, Informed (RACI)
A well-structured RACI model makes the division of responsibility explicit — ensuring that the PKI team drives the process, while application and network stakeholders are formally accountable for validating results and accepting ownership of the certificates within their domains. This clarity is not merely operational housekeeping; it’s the foundation upon which remediation, renewal workflows, and policy enforcement depend.
Suggested roles
Team | RACI roles | Activities |
|---|---|---|
PKI platform team | R/A |
|
Network team | R/C |
|
Application/service owners | R/C |
|
Governance/compliance | C/I |
|