The Certificate Services Remote Administration Protocol allows an administrator to manipulate the CA in various ways.
The two most security-sensitive tasks that an administrator can apply to a CA are as follows:
The CA has its own security requirements for preventing information tampering and keeping cryptographic keys secret, as specified in [MS-WCCE] section 5. All those requirements apply to an implementation of the CA. In addition, this protocol exposes a risk if the administrator is not authenticated properly, and this section lists only additional requirements about that function.