Certificate Policy (CP) and Certification Practice Statement (CPS) are mandatory documents for Subordinate Certification Authorities (Sub-CAs) to explain their process business in Indonesia National Public Key Infrastructure (INPKI). Due to Sub-CAs' low proficiency in preparing CP and CPS, Ministry of Communication and Information Technology (MCIT) need to formulate CP and CPS framework for them. The usage of Request For Comment (RFC) 3647 as standard of CP and CPS format should be complemented with statements to comply with legal aspect of information security in Indonesia. This compliance explained in the relevant of provisions in CP and CPS. The research will contribute the acceleration of Sub-CA's readiness in CP and CPS requirements, both in technical and legal aspect. Sub-CAs CP and CPS are important in gaining trust from government as regulator and citizen as subscriber. This research provides guidance for Sub-CAs to compose sufficient CP and CPS related to three aspects: governance, technical, and human resources requirements. This research also promote future analysis about Level of Assurance, DN structure modification, and physical infrastructure standardization as recommendation for MCIT and Sub-CAs.