CA/Audit Statements: Difference between revisions

Jump to navigation Jump to search

CA/Audit Statements (view source)

Revision as of 23:10, 10 March 2021

786 bytes added ,  10 March 2021
added BR regarding readiness assessment
(added note about OneCRL)
(added BR regarding readiness assessment)
Line 31: Line 31:
* Successive audits MUST be contiguous (no gaps).
* Successive audits MUST be contiguous (no gaps).
* Point-in-time audit statements may be used to confirm that all of the problems that an auditor previously identified in a qualified audit statement have been corrected. However, a point-in-time audit does not replace the period-of-time audit.
* Point-in-time audit statements may be used to confirm that all of the problems that an auditor previously identified in a qualified audit statement have been corrected. However, a point-in-time audit does not replace the period-of-time audit.
* Audit reports which are being supplied to maintain a certificate within the Mozilla root program MUST be provided to Mozilla via the CCADB within three months of the point-in-time date or the end date of the period.
* For Intermediate Certificates only: If the CA has a currently valid audit report at the time of creation of the certificate, then the new certificate MUST appear on the CA's next periodic audit reports.
* For Intermediate Certificates only: If the CA has a currently valid audit report at the time of creation of the certificate, then the new certificate MUST appear on the CA's next periodic audit reports.
* Point-in-Time Audits: Audit reports which are being supplied to maintain a certificate within the Mozilla root program MUST be provided to Mozilla via the CCADB within three months of the point-in-time date or the end date of the period.
Readiness Assessment: The [https://cabforum.org/baseline-requirements-documents/ CA/Browser Forum's Baseline Requirements] state: If the CA does not have a currently valid Audit Report indicating compliance with one of the audit schemes listed in Section 8.1, then, before issuing Publicly-Trusted Certificates, the CA SHALL successfully complete a point-in-time readiness assessment performed in accordance with applicable standards under one of the audit schemes listed in Section 8.1. The point-in-time readiness assessment SHALL be completed no earlier than twelve (12) months prior to issuing Publicly-Trusted Certificates and SHALL be followed by a complete audit under such scheme within ninety (90) days of issuing the first Publicly-Trusted Certificate.


= Audit Letter Validation =
= Audit Letter Validation =
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1234359"

Navigation menu