[cabf_netsec] Draft Replacement to NCSSR 1.e. (Communications, /Zones Removal)

Ben Wilson bwilson at mozilla.com
Thu Sep 17 09:45:20 MST 2020


Section 1.e. of the NCSSRs currently reads,

1. Each CA or Delegated Third Party SHALL:

e. Implement and configure Security Support Systems that protect systems
and communications between systems inside Secure Zones and High Security
Zones, and communications with non-Certificate Systems outside those zones
(including those with organizational business units that do not provide
PKI-related services) and those on public networks


What about replacing it with this?

1. Each CA or Delegated Third Party SHALL: e. Ensure that:

(i) Communications with and within Certificate Systems are authenticated;

(ii) Communications with Certificate Systems are encrypted;

(iii) Communications with and access to Certificate Systems are authorized;
and

(iv) Communications with and access to Certificate Systems are logged and
available for auditing.

The methods used to meet the requirements of this section 1.e. MUST be
verified by an entity or collective group with the skills, tools,
proficiency, code of ethics, and independence necessary to provide a
reliable and unbiased verification of such systems.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/netsec/attachments/20200917/4b25f594/attachment.html>


More information about the Netsec mailing list