Notified by Cross-Signed CA of missing ICAs in report.Preliminary reports posted to CCADB using the “Test Preliminary Audit Statements” process published here ( ).This may include events before the incident was reported, such as when a particular requirement became applicable, or a document changed, or a bug was introduced, or an audit was done. A timeline is a date-and-time-stamped sequence of all relevant events. A timeline of the actions your CA took in response.Our management and our auditors were able to issue updated reports with the ICA’s in the assertions and the audit letters on. This partner notified us on that our preliminary audit reports were missing these ICA’s and that they needed an updated report that included them to post their audit letters successfully. These were Cross Signed ICAs issued by a partner. The second issue we had is that our reports failed to include 16 ICA’s that were included in the scope of the audit, but did not appear in our assertion or audit letters. We were able to get the final assertions/audit letters completed and signed off by our management and our auditors on, but we were not able to post the final audit letters to a CCADB audit case until. We were aware that we were in the three-month grace period allowed by the Mozilla Trusted Root Program, as we had been getting automated notifications of the impending deadline from Mozilla/CCADB. The first is that we were late in posting our final audit reports to CCADB. Our previous audit concluded on and our most recent audits concluded on. Specifically, for our WTBR and WTCA reports. There are two problems that we have run into with regard to posting our WebTrust Audit Letters. How your CA first became aware of the problem.Microsoft PKI Services should have uploaded audit reports to CCADB within 3 months of the audit period end date. We wanted to inform the community as soon as we realized the issue even though we do not have full information yet. This is a preliminary report due to some key personnel being out of communication until next week. We are currently troubleshooting an issue in the CCADB submission. We have posted the final reports to Bugzilla (1722411) and links to them within CCADB. We are working on understanding the root cause for why this incident occurred. Notified by Cross-Signed CA of missing ICAs in report Microsoft PKI Services did not upload audit reports to CCADB within 3 months of the audit period end date.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |