← DigiCert cases
Bugzilla #1865235 · Policy Compliance
DigiCert: Late background refreshment check
DigiCert · RESOLVED
AI Summary
DigiCert reported a late background refreshment check for trusted role staff, which was noted during a recent Webtrust audit. While their CPS states checks should occur every five years, three of six sampled checks were completed slightly late. This issue does not impact public PKI systems as the BR’s and root programs do not require this frequency. DigiCert plans to update their CPS to remove this requirement.
Chronology
- DigiCert's auditors provided draft reports for Annual Webtrust.
- Discussion with auditors about background check tracking.
- Case scheduled for closure unless further questions arise.
Participants
Martin Sullivan
Ben Wilson
External References
Similar Local Cases
DigiCert: Inconsistent EV audits
DigiCert: Verizon CPS lacks CPR problem reporting instructions
Verify GlobalSign's continued conformance to EV guidelines
SHA-1 issuance by GlobalSign root
StartCom: Certificates using secp256k1
GoDaddy: Valid 1024 certificates
Distrust ISRG Subordinate Certificate and Remove It Until the CA is Compliant with Mozilla Policies