← Autoridad de Certificación (ANF AC) cases
Bugzilla #1969842
Policy Compliance
ANF AC: Finding #1 ETSI Audit - Missing log retention period in Terms and Conditions v1.9
RESOLVED
FIXED
Autoridad de Certificación (ANF AC)
AI Summary
During an ETSI EN 319 401 audit, it was discovered that ANF AC's Terms and Conditions document did not specify the log retention period for qualified website authentication certificates. Although the retention period was defined in other documents, the omission in the Terms and Conditions led to a non-conformity. This issue was identified on March 13, 2025, and was resolved by updating the document to include a 15-year log retention period for all services. The incident was attributed to human error during the document's versioning process.
Chronology
- Terms and Conditions document published
- Non-compliance identified
- Non-compliance resolved
Participants
Pablo Díaz
External References
Similar Local Cases
ANF: Missing log retention period in Terms and Conditions v1.9
ANF AC: Finding #3 ETSI Audit - Improve documental explanation revocation request >24h on CPS
ANF AC: Finding #4 ETSI Audit - Missing one Revocation circumstance on CPS
ANF AC: Finding #2 ETSI Audit - Information security policy not updated on the website
ANF AC: Test Certificates Non-Compliance
Apple: Intermediate CA certificates omitted from audit statement
Distrust ISRG Subordinate Certificate and Remove It Until the CA is Compliant with Mozilla Policies
DigiCert: Inconsistent EV audits