CA/Compliance Self-Assessment< CA
CAs with root certificates that have the websites trust bit set are required to perform self-assessments at various times to ensure that their CP and CPS documents and their practices continue to comply with the CA/Browser Forum's Baseline Requirements (BRs), Mozilla's Root Store Policy, and if applicable, the EV Guidelines. The preparation of this document reduces the load on the Mozilla administration team and makes it more likely the CA's request will be processed in a timely manner.
Compliance Self-Assessment - Annual
The BRs state: "The CA SHALL develop, implement, enforce, and annually update a Certificate Policy and/or Certification Practice Statement that describes in detail how the CA implements the latest version of these Requirements."
CAs with included root certificates that have the websites trust bit set must do an annual self-assessment of their compliance with the BRs and Mozilla's Root Store Policy using the above template, and must update their CP and CPS documents at least once every year. You should indicate that this has happened by incrementing the version number and adding a dated changelog entry, even if no other changes are made to the CP and CPS documents.
Compliance Self-Assessment - Root Inclusion or Update
Mozilla requires CAs to perform a side-by-side comparison of their CP and CPS documents to the BRs and Mozilla's Root Store Policy (and EV Guidelines, if applicable) using the above template, and attach their findings to their Bugzilla bug before their public discussion will be started. During the public discussion in the MDSP mailing list, members of the community will use the CA's self-assessment document to perform their own review, confirm the accuracy of the CA's self-assessment, ask questions, raise concerns, etc.