MozillaWiki

CA/Visa Issues: Difference between revisions

Page Discussion

CA/Visa Issues (view source)

Revision as of 20:33, 13 September 2018

14 bytes added ,  13 September 2018
→‎Issue E: Inadequate Organization Validation Procedures (2016): PITRA --> PIT audit
Line 70: Line 70:


==Issue E: Inadequate Organization Validation Procedures (2016)==
==Issue E: Inadequate Organization Validation Procedures (2016)==
Visa’s original BR PITRA describes the following deficiency:
Visa’s original BR point-in-time audit describes the following deficiency:


  "Visa has a detailed corporate onboarding process for new clients who may ultimately require publicly trusted SSL certificates to do business with VISA. However, it was noted that the VISA CA’s vetting procedures do not specifically address the referenced WTBR criteria at the time of certificate issuance for verification of the O, OU, L, C attributes. It was also noted that the VISA CA uses an internal system (VISA Profiler) to verify client organization and individual information, but there is no process in place to validate that information by using a third-party database considered a Reliable Data Source or attestation letters."
  "Visa has a detailed corporate onboarding process for new clients who may ultimately require publicly trusted SSL certificates to do business with VISA. However, it was noted that the VISA CA’s vetting procedures do not specifically address the referenced WTBR criteria at the time of certificate issuance for verification of the O, OU, L, C attributes. It was also noted that the VISA CA uses an internal system (VISA Profiler) to verify client organization and individual information, but there is no process in place to validate that information by using a third-party database considered a Reliable Data Source or attestation letters."
Wthayer
136

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1201013"