Confirmed users, Administrators
5,526
edits
CA/BR Audit Guidance: Difference between revisions
Jump to navigation
Jump to search
→Whole-Population Audit of Intermediate Certs
| Line 58: | Line 58: | ||
* Sub CA 3b is subject to audit, but not its end-entity certificates because the EKU restricts to SMIME only | * Sub CA 3b is subject to audit, but not its end-entity certificates because the EKU restricts to SMIME only | ||
* Sub CA 4, operated by XYZ Corp, is subject to audit, but not its end-entity certificates because Sub CA 4 is technically constrained in line with BRs | * Sub CA 4, operated by XYZ Corp, is subject to audit, but not its end-entity certificates because Sub CA 4 is technically constrained in line with BRs | ||
The colors in the above diagram represent the following: | |||
* Green -- All green certificates are in full scope, must be audited. End-entity certs may be sampled. | |||
* Yellow -- The subordinate CA certificate is in scope of audit, but the certificates below it are not in scope. | |||
* Red -- The certificates that are not in scope of audit. | |||
* Blue -- The blue certificates should not be in scope, but since the subordinate CA certificate did not have the EKU to prevent SSL certificate issuance, the auditor must perform procedures to confirm that there are no SSL certificates. | |||
== WebTrust BR Audit Statement == | == WebTrust BR Audit Statement == | ||