← Autoridad de Certificación (ANF AC) cases
Bugzilla #1970565
Policy Compliance
ANF AC: Finding #2 ETSI Audit - Information security policy not updated on the website
RESOLVED
FIXED
Autoridad de Certificación (ANF AC)
AI Summary
During an ETSI EN 319 401 audit, it was found that the Information Security Policy published on the ANF AC website was outdated. The publicly available version was 1.6, while the latest approved version was 1.7. This discrepancy was due to a rollback during website maintenance that restored an older version of the policy. The issue was identified by an external auditor, but it did not impact certificate issuance or security. ANF AC has since implemented measures to prevent recurrence, including post-rollback verification and automated checks.
Chronology
- Publication of version 1.7 of the Information Security Policy
- Rollback of the company’s website system
- Non-compliance identified by an external auditor
- Restoration of version 1.7 of the Information Security Policy on the website
Participants
Yulier Nuñez
External References
Similar Local Cases
ANF AC: Test Certificates Non-Compliance
ANF AC: Finding #4 ETSI Audit - Missing one Revocation circumstance on CPS
ANF AC: Finding #3 ETSI Audit - Improve documental explanation revocation request >24h on CPS
ANF AC: Finding #1 ETSI Audit - Missing log retention period in Terms and Conditions v1.9
ANF: Missing log retention period in Terms and Conditions v1.9
HARICA: P-384,ecdsa-with-SHA256 Certificates
IdenTrust: Failure to disclose Unconstrained intermediate Within 7 Days
DigiCert: Late background refreshment check