[Servercert-wg] Ballot SC 21 - Section 3 of the NetSec Requirements - Voting Period

Tobias S. Josefowitz tobij at opera.com
Wed Oct 2 12:32:20 MST 2019


Opera votes YES on Ballot SC 21.

On Thu, 26 Sep 2019, Ben Wilson via Servercert-wg wrote:

> DELETE SUBSECTIONS e. and f. of SECTION 3 OF THE NETWORK AND CERTIFICATE
> SYSTEM SECURITY REQUIREMENTS
>
> AND
>
> INSERT THE FOLLOWING IN SECTION 3:
>
> e.        Monitor the integrity of the logging processes for application and
> system logs through continuous automated monitoring and alerting or through
> a human review to ensure that logging and log-integrity  functions are
> effective. Alternatively, if a human review is utilized and the system is
> online, the process must be performed at least once every 31 days.
>
> f.        Monitor the archival and retention of logs to ensure that logs are
> retained for the appropriate amount of time in accordance with the disclosed
> business practices and applicable legislation.
>
> g.        If continuous automated monitoring and alerting is utilized to
> satisfy sections 1.h. or 3.e. of these Requirements, respond to the alert
> and initiate a plan of action within at most twenty-four (24) hours.
>
> *- BALLOT ENDS -*


More information about the Servercert-wg mailing list