[Servercert-wg] Ballot SC40: Security Requirements for Air-Gapped CA Systems

Aaron Gable aaron at letsencrypt.org
Wed Feb 3 20:45:45 UTC 2021


Thanks! Just one questions on specifics:

> 5a. Review configurations of Air-Gapped CA Systems at least on an annual
basis;

Regular review of configuration of air-gapped systems seems good, but this
sounds like it requires CAs to retrieve and turn on air-gapped systems
which would otherwise be able to remain untouched. Is there another form of
configuration review which does not require access to the system itself
that is intended here?

Thanks,
Aaron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210203/65f7f06d/attachment.html>


More information about the Servercert-wg mailing list