136
edits
CA/Visa Issues: Difference between revisions
→Issue D: Inadequate Domain Validation Procedures (2016 - Present): PITRA --> PIT audit
(→Issue B. Qualified Audits (2016 - Present): PITRA --> PIT audit) |
(→Issue D: Inadequate Domain Validation Procedures (2016 - Present): PITRA --> PIT audit) |
||
| Line 61: | Line 61: | ||
“The CA maintains controls and procedures to provide reasonable assurance that as of the date the Certificate was issued, the CA obtains confirmation in accordance with the SSL Baseline Requirements Section 11.1 related to the Fully-Qualified Domain Name(s) and IP address(es) listed in the Certificate.” | “The CA maintains controls and procedures to provide reasonable assurance that as of the date the Certificate was issued, the CA obtains confirmation in accordance with the SSL Baseline Requirements Section 11.1 related to the Fully-Qualified Domain Name(s) and IP address(es) listed in the Certificate.” | ||
The | The point-in-time audit states that “Verification of the Fully-Qualified Domain Name(s) and IP address(es) listed in the certificates is not formally performed and documented per Baseline Requirements.” Visa responded that the issue had been remediated, but the 2017 audit states that “We were unable to obtain evidence of the domain validation documentation for a certificate issued.” (one specific certificate was identified as lacking documentation). Visa responded with the following statement: | ||
“Visa notes a plan to standardize and establish consistency across all Domain Validations to include our internal certificate requests, is in progress. This plan will be implemented in Q1 FY18 and include training to relevant personnel about the new standardized process.” | “Visa notes a plan to standardize and establish consistency across all Domain Validations to include our internal certificate requests, is in progress. This plan will be implemented in Q1 FY18 and include training to relevant personnel about the new standardized process.” | ||