CA/Audit Statements: Difference between revisions

← Older edit

CA/Audit Statements (view source)

Revision as of 17:54, 5 January 2024

531 bytes removed , 5 January 2024

→‎Audit Lifecycle: Removed quote from CABF's BR section 8.1

Bwilson

Confirmed users

377

edits

@@ Line 36: / Line 36: @@
 Other Audits:
-* Point-in-Time Audits: Point-in-time audit statements may be used to confirm that all of the problems that an auditor previously identified in a qualified audit statement have been corrected. However, a point-in-time audit does not replace the period-of-time audit.
+* Point-in-Time Audits: Point-in-time audit statements may be used to confirm that all problems previously identified by an auditor in a qualified audit statement have been corrected. However, a point-in-time audit does not replace the period-of-time audit.
-* Readiness Assessment: The [https://cabforum.org/baseline-requirements-documents/ CA/Browser Forum's Baseline Requirements] state: If the CA does not have a currently valid Audit Report indicating compliance with one of the audit schemes listed in Section 8.1, then, before issuing Publicly-Trusted Certificates, the CA SHALL successfully complete a point-in-time readiness assessment performed in accordance with applicable standards under one of the audit schemes listed in Section 8.1. The point-in-time readiness assessment SHALL be completed no earlier than twelve (12) months prior to issuing Publicly-Trusted Certificates and SHALL be followed by a complete audit under such scheme within ninety (90) days of issuing the first Publicly-Trusted Certificate.
+* Readiness Assessment: See section 8.1 of the [https://cabforum.org/baseline-requirements-documents/ CA/Browser Forum's Baseline Requirements].
 = Audit Letter Validation =
@@ Line 140: / Line 140: @@
 == Verifying ETSI Auditor Qualifications ==
-For ETSI auditors, a representative of Mozilla confirms that the auditor's name and [https://european-accreditation.org/ea-%20members/directory-of-ea-members-and-mla-signatories/ Accreditation Attestation] are listed in https://www.acab-c.com/members/.
+For ETSI auditors, a representative of Mozilla confirms that the auditor's name and [https://european-accreditation.org/ea-%20members/directory-of-ea-members-and-mla-signatories/ Accreditation Attestation] are listed in the [https://www.acab-c.com/members/ ACAB'c CAB-member List].
 Send email to secretary@acab-c.org for more information about this list or about the process to become a accredited auditor for Trust Services under the EU eIDAS scheme following ETSI normative requirements as applicable to serve the [https://cabforum.org/ CA/B Forum] ecosystem and the [https://www.mozilla.org/projects/security/certs/policy/ Mozilla Browser Root Store Policy].
+<br />
+'''Comprehensive Check'''<br />
-==== Comprehensive Check ====
+The following additional check is only needed if the auditor's name and Accreditation Attestation are not listed in the [https://www.acab-c.com/members/ ACAB'c CAB-member List].
-The following additional check is only needed if the auditor's name and Accreditation Attestation are not listed in https://www.acab-c.com/members/.
+* Require the ETSI auditor to provide a comprehensive written explanation about why they are not listed in not listed in the [https://www.acab-c.com/members/ ACAB'c CAB-member List].
-* Require the ETSI auditor to provide a comprehensive written explanation about why they are not listed in not listed in https://www.acab-c.com/members/
 * The auditor must provide a rationale clearly referring back to all of the following:
 ** European Accreditation to demonstrate they act under the EU accreditation scheme,