[Servercert-wg] Ballot SC 21 - Section 3 of the NetSec Requirements - Voting Period

Wojciech Trapczyński wojciech.trapczynski at assecods.pl
Thu Oct 3 05:00:15 MST 2019


Certum votes Yes to ballot SC 21.

-Wojciech Trapczyński

On 27.09.2019 01:15, Ben Wilson via Servercert-wg wrote:
> Ballot SC21: To Revise a Final Maintenance Guideline - the Network and 
> Certificate Systems Security Requirements section 3.e. to allow for 
> continuous, automated monitoring; edit section 3.f. to improve wording, 
> and add section 3.g. to establish a response time for automated alerts.
> 
> Purpose of Ballot
> 
> The Network and Certificate System Security Requirements committee is 
> proposing this ballot to revise the current requirements to better allow 
> for automation and continuous monitoring of systems. The goal of this 
> ballot is to remove manual efforts that can be less effective and more 
> resource-intensive than automated monitoring and alerting.
> 
> This ballot also adds specific requirements in terms of the timeliness 
> for addressing alerting from automated monitoring and alerting to ensure 
> the implementation of automation does not increase the length of time 
> that a potential issue could go without being detected.
> 
> It is proposed by Ben Wilson of DigiCert and endorsed by Trevoli 
> Ponds-White of Amazon and Fotis Loukos of SSL.com to revise the Network 
> and Certificate System Security Requirements (Requirements) as set forth 
> in the following language of Section 3 of the Requirements, to be 
> EFFECTIVE  ninety (90) days after completion of the IPR Review Period:
> 
> *— BALLOT BEGINS —*
> 
> DELETE SUBSECTIONS e. and f. of SECTION 3 OF THE NETWORK AND CERTIFICATE 
> SYSTEM SECURITY REQUIREMENTS
> 
> AND
> 
> INSERT THE FOLLOWING IN SECTION 3:
> 
> e.        Monitor the integrity of the logging processes for application 
> and system logs through continuous automated monitoring and alerting or 
> through a human review to ensure that logging and log-integrity  
> functions are effective. Alternatively, if a human review is utilized 
> and the system is online, the process must be performed at least once 
> every 31 days.
> 
> f.        Monitor the archival and retention of logs to ensure that logs 
> are retained for the appropriate amount of time in accordance with the 
> disclosed business practices and applicable legislation.
> 
> g.        If continuous automated monitoring and alerting is utilized to 
> satisfy sections 1.h. or 3.e. of these Requirements, respond to the 
> alert and initiate a plan of action within at most twenty-four (24) hours.
> 
> *— BALLOT ENDS —*
> 
> The procedure for approval of this ballot is as follows:
> 
> Voting (7 days)
> 
> Start Time: 23:00 UTC, Thursday, September 26, 2019
> 
> End Time: 23:00 UTC, Thursday, October 3, 2019
> 
> *** WARNING ***:  USE THE PDF ATTACHMENT / GITHUB AT YOUR OWN RISK.  THE 
> REDLINE VERSIONS PROVIDED ARE NOT THE OFFICIAL VERSION OF THE CHANGES 
> AND THE BALLOT VERSION ABOVE TAKES PRECEDENCE OVER SUCH REDLINE VERSIONS 
> IN ACCORDANCE WITH SECTION 2.4.1 OF THE FORUM BYLAWS: 
> https://github.com/cabforum/documents/compare/master...tobij:25169b17812645641b9843426eb0af41d8e96ec6 
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3785 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191003/b626a63d/attachment.p7s>


More information about the Servercert-wg mailing list