[Cscwg-public] Subscriber Private Key Verification - internal or external IT audit

Adriano Santoni adriano.santoni at staff.aruba.it
Tue May 10 07:42:55 UTC 2022


All,

with reference to method no. 4 of section 16.3.2 ...

> The Subscriber provides an internal or external IT audit indicating 
> that it is only using a suitable Hardware Crypto Module to generate 
> Key Pairs to be associated with Code Signing Certificates;
>
... I would like to ask if anyone can share a real world example of such 
an audit or at least a template thereof.

Adriano

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20220510/69cc0761/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4557 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20220510/69cc0761/attachment.p7s>


More information about the Cscwg-public mailing list