← Certigna cases
Bugzilla #1973034
Technical Compliance
Certigna: Finding #3 ETSI Audit – Event log protection beyond seven years shall be improved
RESOLVED
FIXED
Certigna
AI Summary
Certigna identified a non-compliance issue regarding the protection of event logs, which were configured to be retained for only seven years. This was found during an ETSI audit, where it was noted that logs linked to short-lived certificates were subject to the same retention policy. The issue was resolved by updating the logging procedures and raising team awareness about the new guidelines. No impact on certificates was reported, and all action items have been completed.
Chronology
- Protection of log repositories set to a maximum of 7 years.
- Non-compliance identified by auditor.
- Validation of deviation resolution by auditor.
Participants
Josselin Allemandou
R. Delval
External References
Similar Local Cases
GoDaddy: inconsistent CP/CPS disclosure
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #10 – Firewall Rules and Review
Entrust: Non-BR-Compliant OCSP Responder
Certainly: Root CRL validity period exceeds maximum by one second
Apple: CRL issuance frequency deviates from CPS in some cases
Amazon Trust Services: Missing CAA Check For Test Website Certificates
IdenTrust: OCSP responses for subordinate CA exceed the validity period per CPS guidelines
PKIoverheid: TSP CIBG Findings in 2025 ETSI Audit - Incident Report #6 – Access Control Management