[cabf_netsec] Exceptions to NetSec Requirements for Offline Keys
Ben Wilson
ben.wilson at digicert.com
Thu Oct 17 08:00:42 MST 2019
Here is a proposal for consideration/discsussion:
The following provisions of the Requirements do not apply to Offline CAs
(because such systems are maintained in an offline state):
3.1 (Segment Systems),
3.5 (Implement Network Security Support Systems),
3.6 (Configure Network boundary controls),
3.7 (Disable services, protocols, ports),
3.8 (Remote administration),
4.5 (Multi-Factor Authentication for external access),
4.7 (Passwords for external access),
4.16 (Review system accounts every 3 months),
5.1 (Review configurations weekly),
5.2 (monitoring and detection),
5.4 (automated alerts - except for physical security),
6.2 (logical intrusion detection and prevention controls),
6.4 (Vulnerability Scans),
6.5 (Penetration Tests), and
6.6 (Qualified vulnerability / penetration tester).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20191017/a64c8d7f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4934 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/netsec/attachments/20191017/a64c8d7f/attachment.p7s>
More information about the Netsec
mailing list