Confirmed users, Administrators
5,526
edits
CA/Audit Statements: Difference between revisions
continued drafting new section
(Created page with "= Audit Delay = <big>'''DRAFT'''</big><br /> When a CA realizes that their audits will be impacted by a [https://en.wikipedia.org/wiki/Force_majeure force majeure], the CA sho...") |
(continued drafting new section) |
||
| Line 1: | Line 1: | ||
= Audit Delay = | = Audit Delay = | ||
<big>'''DRAFT'''</big><br /> | <big>'''DRAFT'''</big><br /> | ||
When a CA realizes that their audits will be | CA Audits are one of the primary mechanisms relied upon by Mozilla to ensure that a CA is operating securely and in compliance with our policies. If a CA fails to deliver audit statements to Mozilla when they are due, Mozilla may take action to reduce the risks this presents to our users. The following guidance is intended for CAs in such a situation. | ||
<br /><br /> | |||
When a CA realizes that their audits will be delayed by a [https://en.wikipedia.org/wiki/Force_majeure force majeure], Mozilla expects the CA to promptly disclose the issue, to provide regular updates, and to remain fully compliant with all other aspects of the Mozilla Root Store policy. | |||
<br /> | |||
CAs that are unable to deliver timely and complete audit statements should arrange with their auditors to supply Mozilla with partial information whenever possible, via publicly-available audit statements listing qualifications, agreed-upon procedures (AUP) reports, or similar partial reporting mechanisms (described in more detail below). | |||
<br /> | |||
The CA must [https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance&version=other file an incident bug in Bugzilla] to provide an [[CA/Responding_To_An_Incident#Incident_Report|Incident Report]] explaining the situation with their audits, mitigations that have been or will be implemented, and their plan to move forward in reaching compliance again. | |||
* Whiteboard = [ca-compliance] Audit Delay | * Whiteboard = [ca-compliance] Audit Delay | ||
For audits that are impacted by the COVID-19 pandemic, append the Whiteboard with "COVID-19". | For audits that are impacted by the COVID-19 pandemic, append the Whiteboard with "COVID-19". | ||
* Whiteboard = [ca-compliance] Audit Delay COVID-19 | * Whiteboard = [ca-compliance] Audit Delay COVID-19 | ||