[cabf_netsec] Draft Ballot SC 21

Ben Wilson ben.wilson at digicert.com
Mon Jul 29 15:56:31 MST 2019

In proposed new 3.g., would "resulting alerts" be overly broad?  Also, will
this new requirement burden CAs with additional recordkeeping to demonstrate
that they "addressed" alerts within the 7-day requirement?  Which
"objectives" of the NCSSRs are monitoring and alerting targeting?  Should we
narrow the scope of the proposal?


Currently drafted language:  g. If continuous automated monitoring and
alerting is utilized to satisfy any of the objectives of the Network and
Certificate System Security Requirements, resulting alerts must be addressed
within at most seven (7) days and follow up action instigated in accordance
with the CA's incident response procedures.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20190729/ae2893f9/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4934 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/netsec/attachments/20190729/ae2893f9/attachment.p7s>

More information about the Netsec mailing list