CA/Mass Revocation Events: Difference between revisions

Jump to navigation Jump to search

CA/Mass Revocation Events (view source)

Revision as of 17:40, 29 April 2025

411 bytes added ,  29 April 2025
Added section for plan awareness and communication
m (Added bold)
(Added section for plan awareness and communication)
Line 39: Line 39:


It is also recommended that the CA operator include a statement in its Certification Practice Statement (CPS) (e.g. in Section 4.9 or Section 5.7). It can combine its mass revocation planning program with its annual business continuity and disaster recovery planning and testing. The CPS should affirm that the CA operator "maintains a comprehensive and actionable plan for mass revocation events, performs annual testing of its procedures, and incorporates lessons learned to improve preparedness over time." By including a statement about the CA operator’s mass revocation planning program in its CPS, the program can be formally included within the scope of the CA’s WebTrust or ETSI audit, making it easier for auditors/CABs to assess the program as part of the CA’s WebTrust or ETSI annual audits.
It is also recommended that the CA operator include a statement in its Certification Practice Statement (CPS) (e.g. in Section 4.9 or Section 5.7). It can combine its mass revocation planning program with its annual business continuity and disaster recovery planning and testing. The CPS should affirm that the CA operator "maintains a comprehensive and actionable plan for mass revocation events, performs annual testing of its procedures, and incorporates lessons learned to improve preparedness over time." By including a statement about the CA operator’s mass revocation planning program in its CPS, the program can be formally included within the scope of the CA’s WebTrust or ETSI audit, making it easier for auditors/CABs to assess the program as part of the CA’s WebTrust or ETSI annual audits.
== Plan Communication and Awareness ==
CA operators should communicate the Mass Revocation Incident Preparation and Testing Plan—and any related expectations or updates—to all personnel in trusted roles, both during onboarding and annually thereafter. This will ensure that such personnel remain familiar with their responsibilities and are prepared to execute the plan during a mass revocation incident.


== Template ==
== Template ==
Bwilson
Confirmed users
576

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1253947"

Navigation menu