Consider adding NetSec audit requirement #251
Labels
Comments
|
Something like this?
|
|
For item 2, according to Dave Chin, the separate reporting for WebTrust for NetSec starts for audit periods beginning on or after April 1, 2025 and the minimum version should be bumped up to NetSec 2.0 |
|
Should also update the "Additional Compliance Date" table as follows | -- | NS003 | Comply with Network and Certificate System Security Requirements, Version 2.0 | November 12, 2024 | |
|
Draft text may be seen at srdavidson/smime@927a788...8919252 |
|
Note that a similar change needs to occur in the TLS BR. |
|
FWIW, I have an open PR for this in the TBRs here: https://github.com/cabforum/servercert/pull/514/files |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Now that CPA Canada has broken out the Audit Criteria which address assessment of compliance with the CA/B Forum's NCSSRs, we should consider requiring this audit (e.g.
WebTrust Principles and Criteria for Certification Authorities – Network Security – Version 1.7 or later) within Section 8.4 of the SBRs.The text was updated successfully, but these errors were encountered: