[Servercert-wg] Voting period for Ballot SC51: Reduce and Clarify Audit Log and Records Archival Retention Requirements

Chema Lopez clopez at firmaprofesional.com
Tue Feb 22 16:04:44 UTC 2022 

Firmaprofesional votes "Yes" on Ballot SC51: Reduce and Clarify Audit Log
and Records Archival Retention Requirements.



*Chema López*

Director Área Innovación, Cumplimiento y Tecnología

+34 666 429 224






*Barcelona  *Av. Torre Blanca 57, Edif. Esadecreapolis, Local 3B6 - 08173
Sant Cugat del Vallès | +34 934 774 245

*Madrid  *C/ Velázquez 59, 1º Ctro-Izda. - 28001 Madrid | +34 915 762 181


www.firmaprofesional.com



*El contenido de este correo electrónico y de sus anexos es confidencial.
Si usted recibe este mensaje por error, debe saber que está prohibido hacer
uso, divulgación y/o copia del mismo. En tal caso le agradeceríamos que
advierta de inmediato a su remitente y que proceda a destruir el mensaje.*



*Le informamos que, cumpliendo la normativa en materia de protección de
datos, FIRMAPROFESIONAL tratará sus datos con la finalidad de garantizar
las relaciones con la empresa, entidad u organización a la que usted
representa o en la que trabaja y por el período que dure dicha
relación. Podrá ejercer sus derechos de acceso, rectificación, supresión,
limitación, portabilidad y oposición al tratamiento ante el Responsable:
FIRMAPROFESIONAL, S.A., Av. Torre Blanca, 57, local 3B6 (Edificio
Esadecreapolis), 08173 Sant Cugat del Vallès (Barcelona), o bien mediante
correo electrónico a: rgpd at firmaprofesional.com
<rgpd at firmaprofesional.com>, en cualquier caso adjuntando una copia de su
D.N.I. o documento equivalente. Asimismo, podrá formular reclamaciones ante
la Agencia Española de Protección de Datos. Para más información puede
consultar nuestra política de privacidad
<https://www.firmaprofesional.com/esp/aviso-legal>.*


On Fri, 18 Feb 2022 at 23:01, Clint Wilson via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> This email begins the Voting period for Ballot SC51: Reduce and Clarify
> Audit Log and Records Archival Retention Requirements
>
> BALLOT SC51: Reduce and Clarify Audit Log and Records Archival Retention
> Requirements
>
> PURPOSE OF BALLOT
>
> The purpose of this ballot is to consolidate and clarify aspects of audit
> log and records archival retention expectations and time-periods within
> 5.5.2.
>
> Foremost, this ballot reduces retention periods for records archival to 2
> years.
> Further, currently audit log events as outlined in section 5.4.1, and
> then referenced in 5.4.3 lead to confusion around the log retention that
> is defined and exclusive to each section, and how that retention feeds
> into records archival requirements. To further clarify the objectives
> of that interaction, an explicit requirement has been introduced in
> 5.5.1 stating that CAs must archive lifecycle event records.
>
> As minor adjustments to related requirements, this ballot also
> clarifies what is expected by the term “OCSP Entries” as a logged lifecycle
> event; as OCSP Entry is an undefined term, this was replaced with OCSP
> Response such that it should be clear that a CA will be logging the event
> of signing an OCSP Response (including the elements stipulated in
> 5.4.1). Similarly, some certificate lifecycle events expected to be
> retained are currently separated into 5.5.2; these have been incorporated
> into 5.4.1 instead. This ballot also explicitly calls out the need for
> delegated third parties to abide by the established retention periods for
> audit logging and records archival procedures.
> This ballot also formalizes incorporation of terms defined in the NCSSRs
> as also applying to the BRs.
>
> MOTION
>
> The following motion has been proposed by Clint Wilson of Apple and
> endorsed by Trevoli Ponds-White of Amazon and Dustin Hollenback of
> Microsoft.
>
> -----Motion Begins-----
>
> This ballot modifies the “Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates” as defined in the following
> redline, based on Version 1.8.1:
>
>
> https://github.com/cabforum/servercert/compare/65e80e07855ecc1d2264c040ecc7d398f997d2c5...2281a6c78692c3444db9a162df4ff217014b9f1f
>
> -----Motion Ends-----
>
> This ballot proposes a Final Maintenance Guideline. The procedure for
> approval of this ballot is as follows:
>
> Discussion (7+ days)
>
> Start Time: February 11 2022 21:00 UTC
> End Time: February 18 2022 21:00 UTC
>
> Vote for approval (7 days)
>
> Start Time: February 18 2022 22:00 UTC
> End Time: February 25 2022 22:00 UTC
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20220222/20e704e3/attachment.html>

More information about the Servercert-wg mailing list