CA/Audit Letter Validation: Difference between revisions
(continued drafting) |
(continued drafting) |
||
| Line 1: | Line 1: | ||
The Common CA Database (CCADB) uses an Audit Letter Validation (ALV) tool to automatically parse and validate audit statements. This system eliminates manual processing, but it requires audit statements to follow some basic rules in order to function properly. | The [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy#4-common-ca-database Common CA Database (CCADB)] uses an Audit Letter Validation (ALV) tool to automatically parse and validate audit statements. This system eliminates manual processing, but it requires audit statements to follow some basic rules in order to function properly. | ||
* [https://www.ccadb.org/policy#51-audit-statement-content Audit Statement Requirements and Format Rules] - If an audit statement fails to meet any of these requirements, the CA will be asked to work with their auditor to provide an audit statement that passes ALV. | * [https://www.ccadb.org/policy#51-audit-statement-content Audit Statement Requirements and Format Rules] - If an audit statement fails to meet any of these requirements, the CA will be asked to work with their auditor to provide an audit statement that passes ALV. | ||
Revision as of 22:56, 2 January 2020
The Common CA Database (CCADB) uses an Audit Letter Validation (ALV) tool to automatically parse and validate audit statements. This system eliminates manual processing, but it requires audit statements to follow some basic rules in order to function properly.
- Audit Statement Requirements and Format Rules - If an audit statement fails to meet any of these requirements, the CA will be asked to work with their auditor to provide an audit statement that passes ALV.
Root Certificates
CAs are required to update the audit, CP, CPS and test website information for their certificate hierarchies at least annually. To provide this information for root certificates, create one Audit Case in the CCADB for a particular set of audits (e.g. Standard Audit, BR audit, EV Audit). Then create a set of corresponding Root Cases, one per root certificate, to tell the CCADB which Root Certificate records the audit statements in that Audit Case apply to.
Common ALV Findings
Resolve ALV Findings in Audit Case
Intermediate Certificates
CAs are required to update the audit, CP, CPS and test website information for their certificate hierarchies at least annually. CAs are expected to maintain their intermediate certificate records themselves and to directly enter the corresponding updated audit statements.