← Microsoft Corporation cases
Bugzilla #1652827
CCADB Compliance
Microsoft PKI Services: Incomplete Logical Access Review Audit Evidence
RESOLVED
FIXED
Microsoft Corporation
AI Summary
Microsoft Corporation reported an issue regarding incomplete documentation of logical access reviews during their audit period from July 2019 to June 2020. Although no non-compliant certificates were issued, the lack of proof of review artifacts was identified as a gap in their process. The CA has since updated its documentation and implemented automated monitoring to ensure compliance moving forward. The issue was resolved with the implementation of these changes by September 2020.
Chronology
- Last logical access review document created in previous audit period
- First logical access review document created in current audit period
- BDO identified evidence change and delay
- Annual audit concluded with evidence review
- Automated monitoring and alerting fully implemented
Participants
u654666@disabled.tld
ryan.sleevi@gmail.com
bwilson@mozilla.com
External References
Similar Local Cases
Microsoft PKI Services: Vulnerability Management Exception Tracking
IdenTrust: Missing Thumbprints for Intermediate CA certificates In Some Annual Audit Reports
Sectigo: CCADB failed ALV - Network Solutions Certificate Authority
Microsoft PKI Services: Failure to update action item status within 3 days
Microsoft PKI Services: Failure to report Bugzilla 2026452 within 72 hrs
CFCA: Delayed reporting of intermediate CA certificate
Firmaprofesional: 2019 audit Finding #2 - 6.4 Facility, management, and operational controls
Google Trust Services: New hire onboarding deviation from written procedure