On 8/26/20 12:35 PM, Nikolaos Soumelidis wrote:

One would expect that they would put that in the accreditation documents or references,

That helps answer part of my question -- that it is reasonable to expect the NAB's accreditation document to specifically list these ETSI EN standards.


If you feel that this is necessary, we can reach out to them again and provide 
feedback as soon as we get it.

I will greatly appreciate it if you can reach out to them again. Please let me know what information you would need.

According to the instructions for verifying ETSI auditor qualifications (https://wiki.mozilla.org/CA/Audit_Statements#Standard_Check) it is necessary that there be something on the NAB's website that clearly indicates that the CAB is accredited to perform audits for those specific standards. So my question in this m.d.s.p forum is: Is the information currently provided by Accredia specific enough, or do we need to get Accredia to update their documentation process?

Note that with the exception of 4 CABs accredited by Accredia and 1 CAB accredited by CAI, I was able to complete https://wiki.mozilla.org/CA/Audit_Statements#Standard_Check for the CABs used by CAs in Mozilla's root store.
The 5 CABs that I haven't been able to complete the Standard Check for are:

- Bureau Veritas Italia S.p.A. - NAB is Accredia
- CSQA - NAB is Accredia
- KIWA - NAB is Accredia
- QMSCERT - NAB is Accredia
- QSCert - NAB is CAI

Thanks,
Kathleen

_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to