← Government of The Netherlands, PKIoverheid (Logius) cases
Bugzilla #1983270
Technical Compliance
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #10 – Firewall Rules and Review
CLOSED
FIXED
Government of The Netherlands, PKIoverheid (Logius)
AI Summary
The incident report details a minor non-conformity identified during an annual ETSI audit regarding the Disaster Recovery (DR) site's firewall rules and review process. It was noted that no active target document was available for certain network zones, and a firewall rulebase review had not been performed. KPN has since executed a firewall review, which yielded no findings, and has implemented measures to ensure all environments are included in future reviews. All action items related to this incident have been completed, and the report is now closed.
Chronology
- Auditor identifies finding.
- Created Corrective Action Plan.
- Corrective Action Plan Approved by auditor.
- Firewall review executed, no findings.
- Non-compliance end date updated.
- Incident report closure.
Participants
Policy Authority PKIoverheid
Dustin Hollenback
Patrick Berg
External References
Similar Local Cases
PKIoverheid: TSP CIBG Findings in 2025 ETSI Audit - Incident Report #6 – Access Control Management
Certigna: Finding #3 ETSI Audit – Event log protection beyond seven years shall be improved
Telekom Security: Finding in 2020 ETSI-Audit regarding weekly review of changes to configurations
SwissSign: recommendation on synchronization of staging and production environments
Let's Encrypt: Failure to audit log subscriber certificate OCSP updates
SwissSign: recommendation on backup testing
Sectigo: Late termination of privileged access to Certificate Systems
Amazon Trust Services: CRL not DER-encoded