[Servercert-wg] Ballot SC 21 - Section 3 of the NetSec Requirements - Voting Period

Enrique Alvarez ealvarez at firmaprofesional.com
Tue Oct 1 07:18:32 MST 2019


Firmaprofesional votes Yes to ballot SC21.



*Enrique Álvarez Sendino*

Compliance Officer

+34 686 064 158



*Barcelona  *Edif. ESADECREAPOLIS - Av. Torre Blanca 57, Local 3B6 - 08173
Sant Cugat del Vallès / +34 934 774 245

*Madrid  *C/ Velázquez 59, 1º Ctro-Izda. - 28001 Madrid / +34 915 762 181



*www.firmaprofesional.com <http://www.firmaprofesional.com/>*


El contenido de este correo electrónico y de sus anexos es confidencial. Si
usted recibe este mensaje por error, debe saber que está prohibido hacer
uso, divulgación y/o copia del mismo. En tal caso le agradeceríamos que
advierta de inmediato a su remitente y que proceda a destruir el mensaje.



Le informamos que, cumpliendo la normativa en materia de protección de
datos, FIRMAPROFESIONAL tratará sus datos con la finalidad de garantizar
las relaciones con la empresa, entidad u organización a la que usted
representa o en la que trabaja y por el período que dure dicha relación. Podrá
ejercer sus derechos de acceso, rectificación, supresión, limitación,
portabilidad y oposición al tratamiento ante el Responsable:
FIRMAPROFESIONAL, S.A., Av. Torre Blanca, 57, local 3B6 (Edificio
ESADECREAPOLIS), 08173 Sant Cugat del Vallès (Barcelona), o bien mediante
correo electrónico a: rgpd at firmaprofesional.com, en cualquier caso
adjuntando una copia de su D.N.I. o documento equivalente. Asimismo, podrá
formular reclamaciones ante la Agencia Española de Protección de Datos. Para
más información puede consultar nuestra política de privacidad
<https://www.firmaprofesional.com/esp/aviso-legal>.


El vie., 27 sept. 2019 a las 1:16, Ben Wilson via Servercert-wg (<
servercert-wg at cabforum.org>) escribió:

> Ballot SC21: To Revise a Final Maintenance Guideline - the Network and
> Certificate Systems Security Requirements section 3.e. to allow for
> continuous, automated monitoring; edit section 3.f. to improve wording, and
> add section 3.g. to establish a response time for automated alerts.
>
> Purpose of Ballot
>
> The Network and Certificate System Security Requirements committee is
> proposing this ballot to revise the current requirements to better allow
> for automation and continuous monitoring of systems. The goal of this
> ballot is to remove manual efforts that can be less effective and more
> resource-intensive than automated monitoring and alerting.
>
> This ballot also adds specific requirements in terms of the timeliness for
> addressing alerting from automated monitoring and alerting to ensure the
> implementation of automation does not increase the length of time that a
> potential issue could go without being detected.
>
> It is proposed by Ben Wilson of DigiCert and endorsed by Trevoli
> Ponds-White of Amazon and Fotis Loukos of SSL.com to revise the Network and
> Certificate System Security Requirements (Requirements) as set forth in the
> following language of Section 3 of the Requirements, to be EFFECTIVE
> ninety (90) days after completion of the IPR Review Period:
>
> *— BALLOT BEGINS —*
>
> DELETE SUBSECTIONS e. and f. of SECTION 3 OF THE NETWORK AND CERTIFICATE
> SYSTEM SECURITY REQUIREMENTS
>
> AND
>
> INSERT THE FOLLOWING IN SECTION 3:
>
> e.        Monitor the integrity of the logging processes for application
> and system logs through continuous automated monitoring and alerting or
> through a human review to ensure that logging and log-integrity  functions
> are effective. Alternatively, if a human review is utilized and the system
> is online, the process must be performed at least once every 31 days.
>
> f.        Monitor the archival and retention of logs to ensure that logs
> are retained for the appropriate amount of time in accordance with the
> disclosed business practices and applicable legislation.
>
> g.        If continuous automated monitoring and alerting is utilized to
> satisfy sections 1.h. or 3.e. of these Requirements, respond to the alert
> and initiate a plan of action within at most twenty-four (24) hours.
>
> *— BALLOT ENDS —*
>
> The procedure for approval of this ballot is as follows:
>
> Voting (7 days)
>
> Start Time: 23:00 UTC, Thursday, September 26, 2019
>
> End Time: 23:00 UTC, Thursday, October 3, 2019
>
> *** WARNING ***:  USE THE PDF ATTACHMENT / GITHUB AT YOUR OWN RISK.  THE
> REDLINE VERSIONS PROVIDED ARE NOT THE OFFICIAL VERSION OF THE CHANGES AND
> THE BALLOT VERSION ABOVE TAKES PRECEDENCE OVER SUCH REDLINE VERSIONS IN
> ACCORDANCE WITH SECTION 2.4.1 OF THE FORUM BYLAWS:
> https://github.com/cabforum/documents/compare/master...tobij:25169b17812645641b9843426eb0af41d8e96ec6
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191001/c4792bfb/attachment.html>


More information about the Servercert-wg mailing list