[Servercert-wg] Voting Begins: Ballot SC29v3: System Configuration Management

[Clint Wilson]

Apple votes YES on Ballot SC29v3.

> --- MOTION BEGINS ---
> This ballot modifies the “Network and Certificate System Security Requirements” based on Version 1.3.
> 
> (Each CA or Delegated Third Party SHALL)
> (...)
> 
> Insert as new Section 1(h)
> 
> Ensure that the CA’s security policies encompass a change management process, following the principles of documentation, approval and review, and to ensure that all changes to Certificate Systems, Issuing Systems, Certificate Management Systems, Security Support Systems, and Front-End / Internal-Support Systems follow said change management process;
> 
> Remove from Section 3(a) 
> 
> Implement a Security Support System under the control of CA or Delegated Third Party Trusted Roles that monitors, detects, and reports any security-related configuration change to Certificate Systems;
> 
> Insert as new Section 3(a)
> 
> Implement a System under the control of CA or Delegated Third Party that continuously monitors, detects, and alerts personnel to any modification to Certificate Systems, Issuing Systems, Certificate Management Systems, Security Support Systems, and Front-End / Internal-Support Systems unless the change has been authorized through a change management process.  The CA or Delegated Third Party shall respond to the alert and initiate a plan of action within at most twenty-four (24) hours.
> 
> Effective date
> 
> The changes introduced by this Ballot take effect on 1 November 2020. Earlier adoption is permitted.
> 
> --- MOTION ENDS ---
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200507/71284928/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3621 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200507/71284928/attachment.p7s>