Confirmed users
569
edits
CA/Required or Recommended Practices: Difference between revisions
Jump to navigation
Jump to search
CA/Required or Recommended Practices (view source)
Revision as of 23:27, 21 October 2022
, 21 October 2022→Audit Criteria: Updated language
(→CP/CPS Structured According to RFC 3647: Updated language) |
(→Audit Criteria: Updated language) |
||
| Line 53: | Line 53: | ||
* The CA must indicate exactly which criteria they are being evaluated against (i.e., which of the criteria listed in the Mozilla policy). | * The CA must indicate exactly which criteria they are being evaluated against (i.e., which of the criteria listed in the Mozilla policy). | ||
* All documents supplied as evidence must be publicly available. | * All documents supplied as evidence must be publicly available. | ||
* Documents purporting to be from the CA's auditor (or other evaluator) should be available directly from the auditor (e.g. | * Documents purporting to be from the CA's auditor (or other evaluator) should be available directly from the auditor (e.g. as documents downloadable from the auditor's website or from CPA Canada's Webtrust seal repository). | ||
==== Complete Audit History ==== | ==== Complete Audit History ==== | ||
| Line 65: | Line 65: | ||
* Providing the sequence of audit statements on the CA's website. | * Providing the sequence of audit statements on the CA's website. | ||
* Attaching the sequence of audit statements to the root inclusion request (Bugzilla Bug). | * Attaching the sequence of audit statements to the root inclusion request (Bugzilla Bug). | ||
CAs must also provide audit information in compliance with [https://www.ccadb.org/policy#5-policies-practices-and-audit-information section 5 of the CCADB Policy]. | |||
=== Revocation of Compromised Certificates === | === Revocation of Compromised Certificates === | ||