[Servercert-wg] Voting Begins: Ballot SC29v3: System Configu ration Management

Thu May 7 08:08:42 MST 2020

Chunghwa Telecom Co., Ltd. votes YES on ballot SC29v3.

     Li-Chun 

-----Original message-----
From:Clint Wilson via Servercert-wg<servercert-wg at cabforum.org>
To:Neil Dunbar<ndunbar at trustcorsystems.com>,CA/B Forum Server Certificate WG Public Discussion List<servercert-wg at cabforum.org>
Date: Thu, 07 May 2020 22:42:34
Subject: [外部郵件] Re: [Servercert-wg] Voting Begins: Ballot SC29v3: System Configuration Management
Apple votes YES on Ballot SC29v3.

--- MOTION BEGINS ---

This ballot modifies the “Network and Certificate System Security Requirements” based on Version 1.3.

(Each CA or Delegated Third Party SHALL)
 (...)

Insert as new Section 1(h)

Ensure that the CA’s security policies encompass a change management process, following the principles of documentation, approval and review, and to ensure that all changes to Certificate Systems, Issuing Systems, Certificate Management Systems, Security Support Systems, and Front-End / Internal-Support Systems follow said change management process;

Remove from Section 3(a) 

Implement a Security Support System under the control of CA or Delegated Third Party Trusted Roles that monitors, detects, and reports any security-related configuration change to Certificate Systems;

Insert as new Section 3(a)

Implement a System under the control of CA or Delegated Third Party that continuously monitors, detects, and alerts personnel to any modification to Certificate Systems, Issuing Systems, Certificate Management Systems, Security Support Systems, and Front-End / Internal-Support Systems unless the change has been authorized through a change management process.  The CA or Delegated Third Party shall respond to the alert and initiate a plan of action within at most twenty-four (24) hours.

Effective date

The changes introduced by this Ballot take effect on 1 November 2020. Earlier adoption is permitted.

--- MOTION ENDS ---

_______________________________________________
Servercert-wg mailing list
Servercert-wg at cabforum.org
http://cabforum.org/mailman/listinfo/servercert-wg

本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件. 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任. 
Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200507/e73958e5/attachment-0001.html>