← Microsoft Corporation cases
Bugzilla #1658995
Policy Compliance
Microsoft PKI Services: Firewall log data retention
RESOLVED
FIXED
Microsoft Corporation
AI Summary
Microsoft Corporation reported a compliance issue regarding the retention of firewall logs, which did not meet the 7-year requirement outlined in the Baseline Requirements. The issue was identified on July 29, 2020, during a manual log review, revealing a gap in log retention from July 21 to July 29, 2020. Although the logs were not retained, the company confirmed that no incidents occurred during the missing log period. The organization has since implemented measures to enhance monitoring sensitivity and log recovery capabilities to prevent future occurrences. The case has been resolved with no problematic certificates identified.
Chronology
- Beginning time of missing log data gap
- Issue identified after manual log review
- Confirmed that missing logs were rolled and not recoverable
- Confirmed no incidents during the time of missing logs
- Mitigation measures discussed and implemented
- Scheduled closure of the bug
Participants
u654666@disabled.tld
bwilson@mozilla.com
ryan.sleevi@gmail.com
External References
Similar Local Cases
Microsoft PKI Services: Failure to modify policy documents within 365 days
Firmaprofesional: 2020 Audit Report Finding 1 out of 4
Microsoft PKI Services: Policy Documentation, Failure to update Subscriber Certificate Max Validity Period
Microsoft PKI Services: Failure to disclose Unconstrained Intermediate within 7 Days
Microsoft PKI Services: Policy Documentation, Failure to update Domain Validation Method
IdenTrust: basicConstraints not flagged "Critical" Per Certification Practices Statement
Microsoft PKI Services: Failure to disclose Revocation of Intermediate CAs within 7 Days
iTrusChina: lacking 2018 KGC and GAP period audit report