← Cybertrust Japan / JCSI cases
Bugzilla #1769222
Policy Compliance
SECOM: Failed an annual CPS update of Cybertrust Japan (CTJ)
RESOLVED
FIXED
Cybertrust Japan / JCSI
AI Summary
Cybertrust Japan (CTJ) failed to update their Certificate Policy Statement (CPS) as required, with the last update being in April 2021. The issue was identified during a review process in May 2022, leading to an incident report being submitted. Although certificate issuance was not halted, CTJ has since strengthened their annual assessment procedures and transferred management of these assessments to their Policy Authority. They are confident that these changes will prevent future occurrences of similar issues.
Chronology
- CPS version 1.2 published
- CTJ identified CPS update issue
- CPS version 1.3 updated
- CTJ detailed remediation steps in incident report
- Confirmation of effective remediation steps
Participants
Hisashi Kamo
Ben Wilson
External References
Similar Local Cases
SECOM: Failed an annual CPS update of Cybertrust Japan (CTJ)
Microsoft PKI Services: Policy Documentation, Failure to update Subscriber Certificate Max Validity Period
NetLock: Replacement of enduser certificates after the EVGL 1.7.4 self-audit
NAVER Cloud Trust Services: Failure to Respond to May 2022 Survey
Entrust: Failed to provide a preliminary incident report according to TLS BR 4.9.5
SECOM: Non-BR-Compliant Certificate Issuance
NetLock: Cumulative report connected to EV verification
KIR S.A.: CP/CPS contains noncompliant DV method, does not specify CAA domains