As mentioned during our presentation at the face-to-face meeting in Berlin, the WebTrust for Certification Authorities Task Force has proposed new criteria be added to WebTrust for Certification Authorities to be included in a new version, 2.1. The changes are to cover event based activities that are not currently addressed in the WebTrust criteria and would add consistency in their treatment for auditors and CAs alike. Since they are event based, they should not cause any concerns for CAs when they become effective. Specifically, the added criteria relate to the following:
4.5 CA Key Archival and Destruction 4.9 CA Key Transportation 4.10 CA Key Migration Please see the attached document. It is in a tracked changes format so you can see what new criteria we are suggesting in 4.5, as well as the addition of sections 4.9 and 4.10. The criteria that are included today are based on ISO 21188. Since these proposed changes are not part of that standard, we need a public group (CABF qualifies as such) to approve the criteria. We would appreciate the CABF's review and balloting to approve these changes as soon as possible so we can release the new version, 2.1. Please let me know if you have any questions. On behalf of the WebTrust for Certification Authorities Task Force, Jeff Ward Chairman Jeff Ward, CPA, CGMA, CITP, CISA, CISSP, CEH Office Managing Partner & National Managing Partner Third Party Attestation Services (SOC/WebTrust/Cybersecurity) 314-889-1220 (Direct) 347-1220 (Internal) 314-889-1221 (Fax) [email protected]<mailto:[email protected]> BDO 101 S Hanley Rd, #800 St. Louis, MO 63105 UNITED STATES 314-889-1100 www.bdo.com<http://www.bdo.com> Please consider the environment before printing this e-mail [BDOC Networking Award]
WT4CA Controls 4.5 4.9 and 4.10.docx
Description: WT4CA Controls 4.5 4.9 and 4.10.docx
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
