Ballot-71 passed

Ballot 71 – Auditor Qualification Requirements

Server Certificate Working Group

Key dates

Effective date: 01 Jan 2013 13 years ago
Voting opened: 01 May 2012 14 years ago
Voting closed: 08 May 2012 14 years ago
Discussion opened: 24 Apr 2012 14 years ago
Discussion closed: 01 May 2012 14 years ago

Resources

⤓ Document http://www.etsi.org/deliver/etsi_ts/119400_119499/119403/01.01.01_60/ts_119403v010101p.pdf http://www.etsi.org/deliver/etsi_ts/119400_119499/119403/01.01.01_60/ts_119403v010101p.pdf

AI Summary

Generated 2026-06-23 21:37 UTC

Ballot overview

Ballot 71 – Auditor Qualification Requirements is marked as Passed on the ballot page.
The motion was made by Tim Moses and endorsed by Inigo Barreira and Ben Wilson.
The ballot updates the Baseline Requirements v1.0 with new auditor qualification and audit scheme requirements.

Main changes

Adds ETSI TS 119 403 and updates the WebTrust reference to WebTrust for Certification Authorities Version 2.0.
Requires the audit report to explicitly state that it covers the relevant systems and processes used in the issuance of all Certificates that assert one or more of the policy identifiers listed in Section 9.3.1.
Replaces Section 17.1 with a new list of eligible audit schemes:
- WebTrust for Certification Authorities v2.0
- A national scheme that audits conformance to ETSI TS 102 042
- A scheme that audits conformance to ISO 21188:2006
- For a Government CA required by its Certificate Policy to use a different internal audit scheme, that scheme may be used if it either encompasses all requirements of one of the listed schemes or consists of comparable criteria available for public review
Requires whichever scheme is chosen to include periodic monitoring and/or accountability procedures.
Requires the audit to be conducted by a Qualified Auditor.
Defines Qualified Auditor qualifications, including independence, PKI and security auditing competence, and specific accreditation or licensing requirements for ETSI and WebTrust audits.
Requires Professional Liability/Errors & Omissions insurance of at least one million US dollars, except for an Internal Government Auditing Agency.

Dates

The motion states: Effective 1 Jan 2013.
The ballot review period runs from 21:00 UTC on April 24, 2012 to 21:00 UTC on May 1, 2012.
The voting period runs immediately after the review period and closes at 21:00 UTC on May 8, 2012.

Applicability

The effective date applies to the Baseline Requirements changes introduced by the ballot.
The Government CA exception applies only when a Government CA is required by its Certificate Policy to use a different internal audit scheme.
The insurance exception applies only to an Internal Government Auditing Agency.

Model: gpt-5.4-mini Confidence: 0.98 Result: passed

Effective date: 2013-01-01
Voting opened: 2012-05-01
Voting closed: 2012-05-08
Discussion opened: 2012-04-24
Discussion closed: 2012-05-01

Applicability and conditions

2013-01-01 — CAs must comply with the new auditor qualification and audit scheme requirements Baseline Requirements v1.0 changes introduced by Ballot 71

2013-01-01 — Such Government CAs may use the different internal audit scheme if it encompasses all requirements of one listed scheme or consists of comparable criteria available for public review Government CAs required by their Certificate Policy to use a different internal audit scheme

2013-01-01 — The Professional Liability/Errors & Omissions insurance requirement does not apply Internal Government Auditing Agencies

AI-generated from the CABF ballot page. The official CABF article remains the authoritative source.

Excerpt

SearchHome » All CA/Browser Forum Posts » Ballot 71 – Auditor Qualification RequirementsBallot 71 – Auditor Qualification RequirementsBallot 71 – Auditor Qualification Requirements (Passed)

View on cabforum.org → Last fetched 15 hours ago