Confirm
344
edits
Changes
m
* Check for mis-issuance of certificates, especially for high-profile domains.
→Network Security Controls: Minor
=== Network Security Controls ===
CAs must maintain current best practices for network security, and have qualified network security audits performed on a regular basis. The [https://www.cabforum.org/ CA/Browser Forum] has published a document called the [https://cabforum.org/network-security-requirements/ Network and Certificate System Security Requirements] (NetSec Requirements) which should be used as guidance for protecting network and supporting systems. CAs should incorporate the NetSec Requirements by reference in either section 5 or section 6.7 of their CP/CPS.
It is expected that CAs do the following on a regular basis:
* Maintain network security controls that meet the [https://cabforum.org/network-security-requirements/ Network and Certificate System Security Requirements.]
* Review network infrastructure, monitoring, passwords, etc. for signs of intrusion or weakness.
* Ensure Intrusion Detection System and other monitoring software is up-to-date.
