CA/BR Audit Guidance: Difference between revisions

CA/BR Audit Guidance (view source)

Revision as of 20:15, 2 September 2014

97 bytes added , 2 September 2014

→‎BR Point in Time Readiness Assessment (BR PITRA)

Kathleen Wilson

Confirmed users, Administrators

5,526

edits

@@ Line 75: / Line 75: @@
 There are two cases when a Point in Time Readiness Assessment of BR compliance (BR PITRA) may be used:
-# The CA has created a new root certificate, which is not yet in operation producing real certificates. In this case a BR PITRA prior to inclusion may be used, but the next annual audit after inclusion would need to be a full performance audit. Note: If the inclusion process spans more than one annual audit cycle, then more than one BR PITRA may be used, until the root certificate has been included.
+# The CA has created a new root certificate, which is not yet in operation producing real certificates. In this case a BR PITRA prior to inclusion may be used, but the next annual audit after inclusion would need to be a full performance audit. Note: If the inclusion process spans more than one annual audit cycle, then more than one BR PITRA may be used, until the root certificate has been included or the root certificate is put into operation producing real certificates, whichever comes first.
 # The CA did not know about the BRs, so did not get audited according to the BRs during their previous audit cycle. However, the CA does have a current valid audit statement indicating compliance with WebTrust Principles and Criteria for Certification Authorities or ETSI TS 102 042.
 #* The BR PITRA option was initially provided for CAs to use for their first BR audit, so they would not have to go through a full audit until their next regularly scheduled annual audit.

CA/BR Audit Guidance: Difference between revisions

CA/BR Audit Guidance (view source)

Revision as of 20:15, 2 September 2014

Navigation menu

Search