Confirmed users, Administrators
5,526
edits
CA/BR Audit Guidance: Difference between revisions
Jump to navigation
Jump to search
→BR Point in Time Readiness Assessment (BR PITRA)
| Line 79: | Line 79: | ||
#* The BR PITRA option was initially provided for CAs to use for their first BR audit, so they would not have to go through another full audit until their next regularly scheduled annual audit. | #* The BR PITRA option was initially provided for CAs to use for their first BR audit, so they would not have to go through another full audit until their next regularly scheduled annual audit. | ||
#* The BR PITRA shall include a performance audit covering at least one month, or more as determined by the auditor. | #* The BR PITRA shall include a performance audit covering at least one month, or more as determined by the auditor. | ||
#* However, it means that an untold number of the previously issued certificates might not conform to the BRs. This could be serious, depending on which BRs the CA did not previously comply with. | #* However, it means that an untold number of the previously issued certificates might not conform to the BRs. This could be serious, depending on which BRs the CA did not previously comply with, the number of BRs the CA did not previously comply with, and the quantity of such certificates issued. Depending on the situation, the CA may be asked to create a new root certificate for inclusion. | ||
#* The CA and/or auditor shall provide a list of the BRs that the previously issued certificates did not comply with. | #* The CA and/or auditor shall provide a list of the BRs that the previously issued certificates did not comply with. | ||
#* The CA's next annual audit must include a full BR performance audit. | #* The CA's next annual audit must include a full BR performance audit. | ||