SC-029v3 passed

Ballot SC029v3: System Configuration Management

Server Certificate Working Group

Key dates

Effective date: 01 Nov 2020 5 years ago
Voting opened: 30 Apr 2020 6 years ago
Voting closed: 07 May 2020 6 years ago
Discussion opened: 14 Apr 2020 6 years ago
Discussion closed: 30 Apr 2020 6 years ago

Resources

⎇ GitHub diff https://github.com/cabforum/documents/compare/16a5a9b...neildunbar:aefc8ad?diff=split https://github.com/cabforum/documents/compare/16a5a9b…neildunbar:aefc8ad?diff=split

AI Summary

Generated 2026-06-23 21:23 UTC

Result and voting

The ballot SC029v3 System Configuration Management is stated as Passed.
Voting by Certificate Issuers: 21 total votes (including abstentions), with 21 Yes votes and 0 No votes.
Voting by Certificate Consumers: 7 total votes (including abstentions), with 7 Yes votes and 0 No votes.
The page states that the Bylaw 2.3(f) approval requirements were met for both Certificate Issuers and Certificate Consumers.
The page states that quorum under Bylaw 2.3(g) was met (quorum was 11 votes; half of currently active Members as of the start of voting was 10).

Purpose and changes proposed

The ballot addresses configuration management requirements in two sections of the current NSRs:
- Section 1(h): weekly review.
- Section 3(a): a process to monitor, detect and report on security-related configuration changes.
The proposal seeks to encourage continuous monitoring rather than human reviews, noting that alerts from continuous monitoring can notify a CA within minutes rather than days.
The page states that automated patching via defined software vendor repositories is allowed by the text of the ballot.

Specific normative text changes described on the ballot page

Insert as new Section 1(h):
- Ensure CA security policies encompass a change management process with documentation, approval, and review.
- Ensure changes to Certificate Systems, Issuing Systems, Certificate Management Systems, Security Support Systems, and Front-End / Internal-Support Systems follow the change management process.
Remove from Section 3(a):
- Implement a Security Support System under the control of CA or Delegated Third Party Trusted Roles that monitors, detects, and reports security-related configuration changes.
Insert as new Section 3(a):
- Implement a System under the control of CA or Delegated Third Party that continuously monitors, detects, and alerts personnel to modifications to Certificate Systems, Issuing Systems, Certificate Management Systems, Security Support Systems, and Front-End / Internal-Support Systems unless the change has been authorized through a change management process.
- The CA or Delegated Third Party shall respond to the alert and initiate a plan of action within at most 24 hours.

Effective date

The page states that the changes introduced by this Ballot take effect on 1 November 2020, and earlier adoption is permitted.

Model: gpt-5.4-nano Confidence: 0.95 Result: passed

Effective date: 2020-11-01
Voting opened: 2020-04-30
Voting closed: 2020-05-07
Discussion opened: 2020-04-14
Discussion closed: 2020-04-30

AI-generated from the CABF ballot page. The official CABF article remains the authoritative source.

Vote result

0 Yes

0 No

0 Abstain

Excerpt

SearchHome » All CA/Browser Forum Posts » Ballot SC029v3: System Configuration ManagementBallot SC029v3: System Configuration ManagementThe voting period for Ballot SC29v3 has ended and the Ballot has Passed. Here are the results:

View on cabforum.org → Last fetched 16 hours ago