A security domain is a registry of PKI services. Certificate System subsystems register information about themselves in these domains so users of PKI services can find other services by inspecting the registry. The security domain service in Certificate System manages both the registration of PKI services for Certificate System subsystems and a set of shared trust policies. Security domains streamline information between subsystems. Each Certificate System subsystem instance must be a member of a security domain; a CA subsystem is the only subsystem which can host a security domain.

The security domain shares the CA internal database for privileged user and group information to determine which users can update the security domain, register new PKI services, and issue certificates. There must be at least one security domain for a PKI, but there can also be multiple domains.