Confirmed users, Administrators
5,526
edits
CA/BR Audit Guidance: Difference between revisions
Jump to navigation
Jump to search
→WebTrust BR Audit Statement
| Line 70: | Line 70: | ||
* WebTrust Principles and Criteria for Certification Authorities – SSL Baseline with Network Security – Version 2 | * WebTrust Principles and Criteria for Certification Authorities – SSL Baseline with Network Security – Version 2 | ||
The audit statement must specify the dates | The audit statement must specify the audit period dates, and that the audit was based on the "AICPA/CICA WebTrust for Certification Authorities – SSL Baseline Requirements Audit Criteria" or the "WebTrust Principles and Criteria for Certification Authorities – SSL Baseline with Network Security". It is recommended that the audit statement include the version of the criteria that was used. | ||
The BR audit statement may be included in the same pdf file as the WebTrust for Certification Authorities audit statement. | The BR audit statement may be included in the same pdf file as the WebTrust for Certification Authorities audit statement. | ||
The BR audit statement may list BRs that the CA is not yet in compliance with. The second BR audit (the following year) is expected to confirm that the issues that were listed in the previous BR audit have been resolved. | The BR audit statement may be ''qualified'' and list BRs that the CA is not yet in compliance with. The second BR audit (the following year) is expected to confirm that the issues that were listed in the previous BR audit have been resolved. | ||
Definition: A ''qualified'' audit statement is issued when the auditor encountered one or more instances in which the CA does not comply with the audit criteria, however the CA is in compliance with the rest of the audit criteria. | |||
== ETSI BR Audit Statement/Certificate == | == ETSI BR Audit Statement/Certificate == | ||