Dear Wayne and rest of the community, as a follow-up of our request and the agreed plan, I'm pleased to inform you that the OISTE Foundation had a positive "Point-in-Time" audit report, which implies the start of separate audit track for our Roots, driven by OISTE, and that complements the WISeKey audit track for the rest of the hierarchy.
The audit reports are available at the OISTE website [1] together with the new CP/CPS documentation framework. In particular, you can check the reports as follows: - Webtrust for CA: https://oiste.org/wp-content/uploads/1-Audit-Report-and-Management-Assertions-WCA-UNQUALIFIED-Attestation-Engagement-Point-in-Time.pdf - Webtrust for BR/NS: https://oiste.org/wp-content/uploads/2-Audit-Report-and-Management-Assertions-WBR-UNQUALIFIED-Attestation-Engagement-Point-in-Time.pdf - Webtrust for EV: https://oiste.org/wp-content/uploads/3-Audit-Report-and-Management-Assertions-WEV-UNQUALIFIED-Attestation-Engagement-Point-in-Time.pdf I'd like to make these additional comments: - The PiT report is dated April 1st, and we will have the first audit 90-day period the first week of July. Once we have the first audit period, we'll get the first set of Webtrust seals for OISTE - The new CP/CPS framework implies that WISeKey issues a new CPS that implements the CP mandated by the OISTE Foundation. The new WISeKey CPS is available in [2] and I'll update ASAP the CCADB with this information - WISeKey's annual audit period ended in May the 9th and we'll issue soon the next audit report. This year we will still have overlapping of audit periods and scopes for WISeKey and OISTE, but next year we will synchronize and remove overlapping of scopes. I'll be glad to respond to any question or doubt that the community could have. Regards, Pedro [1] https://www.oiste.org/repository [2] https://www.wisekey.com/repository El viernes, 4 de enero de 2019, 1:45:55 (UTC+1), Wayne Thayer escribió: > I am satisfied with the response to my questions. If no additional comments > are received by Tuesday, 8-January 2019, I will consider this request to > have been "resolved with a positive conclusion" as required by Mozilla > policy section 8.1. > > - Wayne > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy