Dear All,
Maybe we should consider to investigate how other security relevant / regulated verticals handle incident reporting and how they see their way forward? As example verticals, we may look at health care, critical infrastructures, air traffic control… all of these also try to improve the security/safety in their area by adopting the regulations around incident reporting. Kind regards Roman From: 'Clint Wilson' via CCADB Public <[email protected]> Sent: Donnerstag, 20. Juli 2023 17:19 To: public <[email protected]> Subject: Request for Input: CA Incident Reporting All, During the CA/Browser Forum Face-to-Face 59 meeting, several Root Store Programs expressed an interest in improving Web PKI incident reporting. The CCADB Steering Committee is interested in this community’s recommendations on improving the standards applicable to and the overall quality of incident reports submitted by Certification Authority (CA) Owners. We aim to facilitate effective collaboration, foster transparency, and promote the sharing of best practices and lessons learned among CAs and the broader community. Currently, some Root Store Programs require incident reports from CA Owners to address a list of items in a format detailed on ccadb.org <http://ccadb.org> [1]. While the CCADB format provides a framework for reporting, we would like to discuss ideas on how to improve the quality and usefulness of these reports. We would like to make incident reports more useful and effective where they: * Are consistent in quality, transparency, and format. * Demonstrate thoroughness and depth of investigation and incident analysis, including for variants. * Clearly identify the true root cause(s) while avoiding restating the issue. * Provide sufficient detail that enables other CA Owners or members of the public to comprehend and, where relevant, implement an equivalent solution. * Present a complete timeline of the incident, including the introduction of the root cause(s). * Include specific, actionable, and timebound steps for resolving the issue(s) that contributed to the root cause(s). * Are frequently updated when new information is found and steps for resolution are completed, delayed, or changed. * Allow a reader to quickly understand what happened, the scope of the impact, and how the remediation will sufficiently prevent the root cause of the incident from reoccuring. We appreciate, to state it lightly, members of this community and the general public who generate and review reports, offer their understanding of the situation and impact, and ask clarifying questions. Call to action: In the spirit of continuous improvement, we are requesting (and very much appreciate) this community’s suggestions for how CA incident reporting can be improved. Not every suggestion will be implemented, but we will commit to reviewing all suggestions and collectively working towards an improved standard. Thank you -Clint, on behalf of the CCADB Steering Committee [1] <https://www.ccadb.org/cas/incident-report> https://www.ccadb.org/cas/incident-report -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/3B253FFF-4070-4F0E-95D2-166FAC01C5A7%40apple.com <https://groups.google.com/a/ccadb.org/d/msgid/public/3B253FFF-4070-4F0E-95D2-166FAC01C5A7%40apple.com?utm_medium=email&utm_source=footer> . -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/ZRAP278MB056209AAF0A2CF355AC09AC2FA08A%40ZRAP278MB0562.CHEP278.PROD.OUTLOOK.COM.
smime.p7s
Description: S/MIME cryptographic signature
