[Cscwg-public] DISCUSS/ENDORSE: Ballot CSC-11: Update to log data retention requirements

Ian McMillan ianmcm at microsoft.com
Thu Aug 26 16:28:46 UTC 2021 

Hi Folks,

I am looking for feedback and at least two endorsements on this new ballot I am proposing. Please share your feedback and if you are willing to endorse this ballot.


Ballot CSC-11: Update to log data retention requirements<https://wiki.cabforum.org/cscwg/csc_11_-_update_to_log_data_retention_requirements>

Purpose of this ballot:
Update the log data and retention of log data requirements in the Baseline Requirement for the Issuance and Management of Publicly-Trusted Code Signing Certificates v2.5.
The following motion has been proposed by Ian McMillan of Microsoft, and I am looking for endorsements from two other members of the CSCWG.

- MOTION BEGINS -
This ballot updates the “Baseline Requirements for the Issuance and Management of Publicly‐Trusted Code Signing Certificates“ version 2.5 according to the attached redline which including


-          Update section 15 “Data Records” to include sub-section 15.1 “Timestamp Authority Data Records”

-          Update section 15.1 to clarify 4(f) for security event logging on Timestamp Authority servers

-          Update section 15.1 on 4(d) for security event logging to no longer include “hardware failures”

-          Update section 15 “Data Records” to include sub-section 15.2 “Data Retention Period for Audit Logs”

-          Update section 15.2 to no longer reference Baseline Requirements section 5.4.3 and defined a specific retention period for CA, subscriber certificate, Timestamp Authority, and security event data records for at least 2 years

- MOTION ENDS -

Thanks,
Ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210826/bfad1b7d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Baseline Requirements for the Issuance and Management of Code Signing.v2.5+CSC-11_DataRetention.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 87950 bytes
Desc: Baseline Requirements for the Issuance and Management of Code Signing.v2.5+CSC-11_DataRetention.docx
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20210826/bfad1b7d/attachment-0001.docx>

More information about the Cscwg-public mailing list