← Autoridad de Certificación (ANF AC) cases
Bugzilla #1970559
Policy Compliance
ANF AC: Finding #3 ETSI Audit - Improve documental explanation revocation request >24h on CPS
RESOLVED
FIXED
Autoridad de Certificación (ANF AC)
AI Summary
The ANF AC faced a non-conformity during an ETSI audit due to insufficient detail in their Certification Practices Statement (CPS) regarding the actions to be taken if a revocation request could not be confirmed within 24 hours. The auditor identified that the documentation did not specify concrete escalation steps. Although the operational mechanisms for immediate revocation were functioning properly, the documentation was updated to clarify these procedures. The issue was resolved by enhancing the CPS to include specific actions for delayed revocation confirmations.
Chronology
- Non-compliance identified during audit
- Non-compliance resolved with CPS update
- Final call for comments on incident report
Participants
Pablo Díaz
incident-reporting@ccadb.org
External References
Similar Local Cases
ANF AC: Finding #1 ETSI Audit - Missing log retention period in Terms and Conditions v1.9
ANF: Missing log retention period in Terms and Conditions v1.9
ANF AC: Finding #4 ETSI Audit - Missing one Revocation circumstance on CPS
ANF AC: Finding #2 ETSI Audit - Information security policy not updated on the website
ANF AC: Test Certificates Non-Compliance
Amazon Trust Services: Forbidden Domain Validation Method 3.2.2.4.6
DigiCert: Verizon CPS lacks CPR problem reporting instructions
Amazon Trust Services: CP/CPS does not specify key compromise methods