On 21/03/2017 10:09, Kurt Roeckx wrote:
On 2017-03-17 16:30, Gervase Markham wrote:
The URL for the draft of the next CA Communication is here:
https://mozilla-mozillacaprogram.cs54.force.com/Communications/CACommunicationSurveySample?CACommunicationId=a050S000000G3K2
Action 6 says:
However, a point-in-time audit statement only validates CA’s practices
on that date. Therefore, period-of-time audit statements are still
required over that timeframe. Audit periods must be less than a year and
contiguous. There must not be gaps in audit periods.
I'm not sure what it's trying to say.
Kurt
Reading this in context seems to simply emphasize, in no uncertain
terms, that getting a point-in-time audit that a problem has been fixed
does not in any way, shape or form replace the need for regular audits
for the period that happens to overlap the date of such a clean-up
point-in-time audit.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
