← Sectigo cases
Bugzilla #1812336
CCADB Compliance
Sectigo: Late CCADB update after CPS update
RESOLVED
FIXED
Sectigo
AI Summary
Sectigo reported a compliance issue regarding the late update of the CCADB following the publication of a new Certificate Practice Statement (CPS) by Apple. The CPS was published on November 15, 2022, but was not disclosed to CCADB within the required 30-day timeframe. This incident highlighted a gap in communication between Sectigo and Apple regarding CPS updates. To prevent future occurrences, Sectigo and Apple have agreed on new internal policies for timely notifications of CPS changes. The issue has been resolved with appropriate updates made to the CCADB records.
Chronology
- Apple publishes a new CPS.
- Sectigo is notified of outdated CPS documents.
- Sectigo confirms the new CPS and updates CCADB.
- Bug opened to address the compliance issue.
- Incident report completed and bug marked as resolved.
Participants
Martijn Katerbarg
Ben Wilson
External References
Similar Local Cases
Sectigo: Inadequate vulnerability scanning and patching
Sectigo: CCADB failed ALV - Ensured Root CA
CFCA: Overdue Audit Statements 2021
Entrust: Not updating CPR Problem Reporting Mechanism fields in CCADB
Sectigo: CCADB failed ALV - Network Solutions Certificate Authority
Firmaprofesional: 2022 - CPS without correct explanation about difference between OCSP and CRL
Chunghwa Telecom: Failure to Submit Annual CCADB Self-Assessment 2023 by GTLSCA.
Google Trust Services: Delayed publication of CPS removing DNS Operator Exception