CA/Audit Statements: Difference between revisions

Jump to navigation Jump to search

CA/Audit Statements (view source)

Revision as of 17:01, 21 February 2025

48 bytes removed ,  21 February 2025
→‎Audited Locations: Changed definition of Facility
(→‎Audit Lifecycle: Removed quote from CABF's BR section 8.1)
(→‎Audited Locations: Changed definition of Facility)
Line 22: Line 22:
** If the CA has more than one location in the same state/province, then use terminology to clarify the number of facilities in that state/province and whether or not all of them were audited. For example: "Facility 1 in Province", "Facility 2 in Province, Facility 3 in Province" '''or''' "Primary Facility in Province", "Secondary Facility in Province", "Tertiary Facility in Province".  
** If the CA has more than one location in the same state/province, then use terminology to clarify the number of facilities in that state/province and whether or not all of them were audited. For example: "Facility 1 in Province", "Facility 2 in Province, Facility 3 in Province" '''or''' "Primary Facility in Province", "Secondary Facility in Province", "Tertiary Facility in Province".  
*** The public audit statement does not need to identify the type of Facility.
*** The public audit statement does not need to identify the type of Facility.
*** "Facility" includes: data center locations, registration authority locations, where IT and business process controls of CA operations are performed, facility hosting an active HSM with CA private keys, facility or bank deposit box storing a deactivated and encrypted copy of a private key.
*** "Facility" includes: data center locations, where IT and business process controls of CA operations are performed, facility hosting an active HSM with CA private keys, or facility storing a deactivated and encrypted copy of a CA private key.


= Audit Lifecycle =
= Audit Lifecycle =
Bwilson
Confirmed users
569

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1253428"

Navigation menu