SC-069 passed

Ballot SC069: Clarify router and firewall logging requirements

Server Certificate Working Group

Key dates

Effective date: 15 Apr 2024 2 years ago
Voting opened: 26 Feb 2024 2 years ago
Voting closed: 04 Mar 2024 2 years ago
IPR review ends: 13 Apr 2024 2 years ago
Discussion opened: 26 Feb 2024 2 years ago
Discussion closed: 04 Mar 2024 2 years ago

Resources

⎇ GitHub diff https://github.com/cabforum/servercert/compare/41f01640748fa612386f8b1a3031cd1bff3d4f35...d5bd141e14de098ff00c10de7cf500668cbc6843 https://github.com/cabforum/servercert/compare/41f01640748fa612386f8b1a3031cd1bff3d4f35...d5bd141e14de098ff00c10de7cf500668cbc6843

± Redline https://cabforum.org/2024/03/12/ballot-sc069-clarify-router-and-firewall-logging-requirements/BR-redlined.pdf TLS-BRs-redlined.pdf

⤓ Document https://cabforum.org/2024/03/12/ballot-sc069-clarify-router-and-firewall-logging-requirements/BR.pdf TLS-BRs

⤓ Document https://cabforum.org/2024/03/12/ballot-sc069-clarify-router-and-firewall-logging-requirements/BR.docx TLS-BRs.docx

⤓ Document https://cabforum.org/uploads/CABF-IPR-Policy-v.1.3_4APR18.pdf CA/Browser Forum Intellectual Property Rights Policy

⤓ Document https://cabforum.org/uploads/Template-for-Exclusion-Notice.pdf here

AI Summary

Generated 2026-06-23 21:19 UTC

Ballot overview

Ballot SC069, Clarify router and firewall logging requirements, is a Final Maintenance Guideline for the TLS Baseline Requirements.
The ballot aims to clarify what data needs to be logged under the Firewall and router activities logging requirement.
It modifies the Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates, based on Version 2.0.2.

Voting and adoption

Voting results: 26 issuer votes yes, 0 no, 0 abstain.
Voting results: 2 consumer votes yes, 0 no, 0 abstain.
Bylaw 2.3(6) requirements were met for issuer, consumer, and category participation thresholds.
Quorum was 16 and this requirement was met.
The ballot page states that the ballot was adopted.

IPR review

Start of Review Period: 13 March 2024 at 18:00 UTC.
End of Review Period: 13 April 2024 at 18:00 UTC.
The evidence includes the IPR policy and exclusion notice template, but it does not explicitly state whether any exclusion notices were filed for this ballot.

Normative change

Section 5.4.1 was changed so the CA must record relevant router and firewall activities, as described in Section 5.4.1.1.
Log records must include at least:
- Date and time of event
- Identity of the person making the journal record, when applicable
- Description of the event
A new Section 5.4.1.1 was added for router and firewall activities logs.
Logging of router and firewall activities necessary to meet Section 5.4.1, Subsection 3.6 must at a minimum include:
- Successful and unsuccessful login attempts to routers and firewalls
- All administrative actions on routers and firewalls, including configuration changes, firmware updates, and access control modifications
- All changes to firewall rules, including additions, modifications, and deletions
- All system events and errors, including hardware failures, software crashes, and system restarts

Effective date

The redline artifact lists the ballot as SC69 with an effective date of 15-April-2024 in the revisions table.
The ballot page also shows the document version as 15-April-2024.
This is the compliance date for the adopted logging changes.

Model: gpt-5.4-mini Revised: 2026-06-23 21:19 UTC Confidence: 0.92 Result: passed

Effective date: 2024-04-15
Voting opened: 2024-02-26
Voting closed: 2024-03-04
IPR review ends: 2024-04-13
Discussion opened: 2024-02-26
Discussion closed: 2024-03-04

AI-generated from the CABF ballot page. The official CABF article remains the authoritative source.

Vote result

Certificate Issuers 26 yes 0 no 0 abstain

Certificate Consumers 2 yes 0 no 0 abstain

CABF ballot approval depends on both voting classes; CA votes alone are not decisive.

28 Yes

0 No

0 Abstain

100% yes · 0% no

Proposers

Martijn Katerbarg (Sectigo) and endorsed by Daniel Jeffery (Fastly) and Ben Wilson (Mozilla).

Excerpt

SearchHome » All CA/Browser Forum Posts » Ballot SC069: Clarify router and firewall logging requirementsBallot SC069: Clarify router and firewall logging requirementsVoting Results Certificate Issuers 26 votes total, with no abstentions:

View on cabforum.org → Last fetched 16 hours ago