← Deutsche Telekom Security GmbH cases
Bugzilla #1651611
Technical Compliance
Telekom Security: Finding in 2020 ETSI-Audit regarding weekly review of changes to configurations
RESOLVED
FIXED
Deutsche Telekom Security GmbH
AI Summary
During a 2020 ETSI audit, Telekom Security identified that a central network component was not subject to a weekly review of configuration changes due to the inapplicability of their standard monitoring solution. Although no unauthorized changes were found, the incident highlighted a gap in compliance with NCSSR v1.3. Following the audit, Telekom implemented a new process for reviewing changes and established a weekly review by qualified personnel. The auditors later confirmed that the new solution met the required standards.
Chronology
- Non-conformity identified during audit
- Weekly review of configuration changes established
- Auditors confirm new solution meets requirements
Participants
Arnold Essing
Ben Wilson
Ryan Sleevi
External References
Similar Local Cases
Asseco DS / Certum: Forward dating certificates (notBefore in the future)
E-Tugra: Forbidden Domain Validation Method 3.2.2.4.6
Firmaprofesional: 2022 - Title field
Let's Encrypt: Failure to audit log subscriber certificate OCSP updates
Firmaprofesional: 2023 - Ensure Timestamp service Logs Integrity
Firmaprofesional: 2022 - Define Device Obsolescence Process
Turn off Secure Email Trust Bit for certSIGN ROOT CA G2 cert
Entrust: CRLs and OCSP responses not issued as specified in the CPS