Changes

[https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy#71-inclusions Mozilla's Root Store Policy] states: "Before being included, CAs MUST provide evidence that their CA certificates fully comply with the current Mozilla Root Store Requirements and Baseline Requirements, and have continually, from the time of CA private key creation, complied with the then-current Mozilla Root Store Policy and Baseline Requirements." It also states, "Full-surveillance period-of-time audits MUST be conducted and updated audit information provided no less frequently than annually from the time of CA key pair generation until the CA public key is no longer trusted by Mozilla's root store." ([https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy#313-audit-parameters MRSP § 3.1.3]) To meet these requirements, CAs must provide public-facing audit statements for all of the audits that have been conducted from the time of CA key creation, for both the root and the non-[https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#531-technically-constrained technically-constrained] intermediate certificates in the hierarchy.  This includes:

* Any Point in Period of time audits* All Period covering root private key protection (e.g. a period-of -time auditskey lifecycle management report providing reasonable assurance that the CA operator protected CA private keys following root key generation)