Confirm, administrator
5,526
edits
Changes
→Network Security Controls
CAs must maintain current best practices regarding network security, and have qualified network security audits performed on a regular basis. The [https://www.cabforum.org/ CA/Browser Forum] has published a document called [https://www.cabforum.org/documents.html Network and Certificate System Security Requirements] which should be used a set of recommendations for protecting network and supporting systems.
CAs shall do the following on a regular basis:
* Check for mis-issuance of certificates, especially high-profile domains.
* Review network infrastructure, monitoring, passwords, etc. for signs of intrusion or weakness.
* Ensure Intrusion Detection System and other monitoring software is up-to-date.
* Confirm the ability to shut down certificate issuance quickly if alerted of intrusion.
== Notes for future work ==
