← Autoridad de Certificacion Firmaprofesional cases
Bugzilla #1610448
Policy Compliance
Firmaprofesional: 2019 audit Finding #1 - 6.2 Identification and Authorization
RESOLVED
FIXED
Autoridad de Certificacion Firmaprofesional
AI Summary
The case addresses an audit finding from 2019 regarding Firmaprofesional's certificate revocation process. It was identified that revocation requests made via methods other than the web were not adequately documented, leading to a lack of evidence for timely updates to certificate status. Although no unauthorized revocations occurred, the CA implemented a new revocation process on October 14, 2019, to ensure all requests are recorded in their JIRA system. The issue arose during a transition from OTRS to JIRA, which resulted in gaps in evidence during that period.
Chronology
- eIDAS audit identified revocation documentation issues
- Non Conformity registered in JIRA and action plan established
- New revocation process implemented
Participants
chemalogo@isigma.es
ryan.sleevi@gmail.com
wthayer@fastly.com
External References
Similar Local Cases
Firmaprofesional: 2020 Audit Report Finding 1 out of 4
Firmaprofesional: 2023 - documentary inconsistency
Firmaprofesional: 2020 Audit Report Finding 2 out of 4
Firmaprofesional: Insufficient Audit Statements
Firmaprofesional: 2021 Audit Report Finding 2 out of 3
Microsoft PKI Services: Firewall log data retention
Firmaprofesional: Missing BR Self Assessment
Telia: Qualified BR Audit Statement 2020