[Servercert-wg] Voting Begins: Ballot SC29v3: System Configuration Management
Tobias S. Josefowitz
tobij at opera.com
Thu May 7 05:23:15 MST 2020
Opera votes YES on Ballot SC29v3.
On Thu, 30 Apr 2020, Neil Dunbar via Servercert-wg wrote:
> The GitHub redline is:
> https://github.com/cabforum/documents/compare/16a5a9b...neildunbar:aefc8ad?diff=split
>
> Regards,
>
> Neil
>
> *--- MOTION BEGINS ---*
>
> *This ballot modifies the ?Network and Certificate System Security
> Requirements? based on Version 1.3.*
>
> *(Each CA or Delegated Third Party SHALL)
> (...)
> *
>
> *Insert as new Section 1(h)*
>
> *Ensure that the CA?s security policies encompass a change management
> process, following the principles of documentation, approval and review, and
> to ensure that all changes to Certificate Systems, Issuing Systems,
> Certificate Management Systems, Security Support Systems, and Front-End /
> Internal-Support Systems follow said change management process;*
>
> *Remove from Section 3(a)
> *
>
> *Implement a Security Support System under the control of CA or Delegated
> Third Party Trusted Roles that monitors, detects, and reports any
> security-related configuration change to Certificate Systems;*
>
> *Insert as new Section 3(a)*
>
> *Implement a System under the control of CA or Delegated Third Party that
> continuously monitors, detects, and alerts personnel to any modification to
> Certificate Systems, Issuing Systems, Certificate Management Systems,
> Security Support Systems, and Front-End / Internal-Support Systems unless the
> change has been authorized through a change management process. The CA or
> Delegated Third Party shall respond to the alert and initiate a plan of
> action within at most twenty-four (24) hours.*
>
> *Effective date*
>
> *The changes introduced by this Ballot take effect on 1 November 2020.
> Earlier adoption is permitted.
> *
>
> *--- MOTION ENDS ---
> *
More information about the Servercert-wg
mailing list