Confirmed users, Administrators
5,526
edits
CA/BR Audit Guidance: Difference between revisions
Jump to navigation
Jump to search
→BR Point in Time Readiness Assessment (BR PITRA)
| Line 78: | Line 78: | ||
# The CA did not know about the BRs, so did not get audited according to the BRs during their previous audit cycle. However, the CA does have a current valid audit statement indicating compliance with WebTrust Principles and Criteria for Certification Authorities or ETSI TS 102 042. | # The CA did not know about the BRs, so did not get audited according to the BRs during their previous audit cycle. However, the CA does have a current valid audit statement indicating compliance with WebTrust Principles and Criteria for Certification Authorities or ETSI TS 102 042. | ||
#* The BR PITRA option was initially provided for CAs to use for their first BR audit, so they would not have to go through a full audit until their next regularly scheduled annual audit. | #* The BR PITRA option was initially provided for CAs to use for their first BR audit, so they would not have to go through a full audit until their next regularly scheduled annual audit. | ||
#* The BR PITRA shall include a performance audit covering at least | #* The BR PITRA shall include a performance audit covering at least one month, or more as determined by the auditor. | ||
#* However, it means that an untold number of the previously issued certificates might not conform to the BRs. This could be serious, depending on which BRs the CA did not previously comply with. | #* However, it means that an untold number of the previously issued certificates might not conform to the BRs. This could be serious, depending on which BRs the CA did not previously comply with. | ||
#* The CA and/or auditor shall provide a list of the BRs that the previously issued certificates did not comply with. | #* The CA and/or auditor shall provide a list of the BRs that the previously issued certificates did not comply with. | ||