← SwissSign AG cases
Bugzilla #1784881
Policy Compliance
SwissSign: Missed deadline of publication of 6 CPs and 1 CP/CPS
RESOLVED
FIXED
SwissSign AG
AI Summary
SwissSign AG missed the publication deadline for six Certificate Policies (CPs) and one Certificate Policy/Certificate Practice Statement (CP/CPS). The issue was identified during a preparation for an annual audit, revealing that the documents had not been reviewed or published for over a year. SwissSign took immediate action to review and publish the necessary documents, ensuring that no certificates were affected by this oversight. The CA has implemented a bi-monthly internal audit to prevent future occurrences and is currently addressing a CCADB workflow issue to update their records.
Chronology
- Realized CPs and CP/CPS were outdated during audit preparation.
- Reviewed and updated all CPs and CP/CPS.
- Published updated documents.
- Published incident report.
Participants
Mike Guenther
Chris Clements
Brett Wilson
External References
Similar Local Cases
SwissSign: Attribute Change process did not revoke single-domain certificates
iTrusChina: lacking 2018 KGC and GAP period audit report
SwissSign: Non-BR-Compliant Certificate Issuance
SwissSign: BRs require full annual audits
Google Trust Services: Out-of-date CPS disclosure
SwissSign: recommendation on risk assessment
SwissSign: recommendation on evaluation of cloud service providers
Sectigo: Missing Changelog in CPS