Confirmed users, Administrators
5,526
edits
CA/CertificatePolicyV2.1: Difference between revisions
Jump to navigation
Jump to search
m
→Audit Criteria
m (→Audit Criteria) |
|||
| Line 18: | Line 18: | ||
=== Audit Criteria === | === Audit Criteria === | ||
[http://www.mozilla.org/projects/security/certs/policy/ Version 2.1 of Mozilla's CA Certificate Policy] adds the requirement that SSL certificate issuance also be audited according to the CA/Browser Forum's Baseline Requirements. CAs with a root certificate that has the websites (SSL/TLS) trust bit enabled in Mozilla's CA Certificate Program shall have their SSL certificate issuance and operations audited according to the Baseline Requirements between February 15, 2013, and February 15, 2014. | [http://www.mozilla.org/projects/security/certs/policy/ Version 2.1 of Mozilla's CA Certificate Policy] adds the requirement that SSL certificate issuance also be audited according to the [https://www.cabforum.org/Baseline_Requirements_V1_1.pdf CA/Browser Forum's Baseline Requirements.] CAs with a root certificate that has the websites (SSL/TLS) trust bit enabled in Mozilla's CA Certificate Program shall have their SSL certificate issuance and operations audited according to the Baseline Requirements between February 15, 2013, and February 15, 2014. | ||
Audits performed for audit periods commencing before February 15, 2013, must be performed at least according to the criteria listed in [[CA:CertificatePolicyV2.0 | Version 2.0 of Mozilla's CA Certificate Policy.]] Additionally, if SSL certificates are issued, audits performed for audit periods commencing before February 15, 2013, must also be performed according to the Baseline Requirements audit criteria (WebTrust SSL Baseline Requirements Audit Criteria V.1.1, or ETSI TS 102 042 V2.3.1 DVCP and OVCP) as to CA operations occurring on or after February 15, 2013. If the Baseline Requirements audit would only apply to 120 days or less, then a Point in Time audit may be performed. At the CA's option, the Baseline Requirements audit may cover the entire audit period. | Audits performed for audit periods commencing before February 15, 2013, must be performed at least according to the criteria listed in [[CA:CertificatePolicyV2.0 | Version 2.0 of Mozilla's CA Certificate Policy.]] | ||
Additionally, if SSL certificates are issued, audits performed for audit periods commencing before February 15, 2013, must also be performed according to the Baseline Requirements audit criteria ([http://www.webtrust.org/homepage-documents/item72056.pdf WebTrust SSL Baseline Requirements Audit Criteria V.1.1,] or [http://pda.etsi.org/pda/home.asp?wki_id=LJfRMZJQbbbekfdgITkht ETSI TS 102 042 V2.3.1 DVCP and OVCP]) as to CA operations occurring on or after February 15, 2013. If the Baseline Requirements audit would only apply to 120 days or less, then a Point in Time audit may be performed. At the CA's option, the Baseline Requirements audit may cover the entire audit period. | |||
Audits performed for audit periods commencing on or after February 15, 2013, must be performed according to the criteria listed in [http://www.mozilla.org/projects/security/certs/policy/ Version 2.1 of Mozilla's CA Certificate Policy] as to all CA operations during the audit period. | Audits performed for audit periods commencing on or after February 15, 2013, must be performed according to the criteria listed in [http://www.mozilla.org/projects/security/certs/policy/ Version 2.1 of Mozilla's CA Certificate Policy] as to all CA operations during the audit period. | ||
An "audit period" is the time frame covered by an audit, and should be one year. | |||
=== Multi-Factor Authentication and CA Hierarchy === | === Multi-Factor Authentication and CA Hierarchy === | ||