← Government of The Netherlands, PKIoverheid (Logius) cases
Bugzilla #1983275
Policy Compliance
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #15 – Outdated Software
RESOLVED
FIXED
Government of The Netherlands, PKIoverheid (Logius)
AI Summary
The incident report details a minor non-conformity identified during an ETSI audit, where KPN's CA software was found to be out-of-support. The issue arose due to the absence of a proper lifecycle management (LCM) plan for the software upgrade. KPN has since completed all action items to ensure compliance, including integrating the software manufacturer's release plan into their LCM process. The non-compliance period lasted from July 2024 until November 2025, with no certificates affected during this time.
Chronology
- End of support for the CA application version.
- Non-compliance identified by auditor.
- All action items completed.
Participants
pkioverheid@logius.nl
dhollenback@apple.com
External References
Similar Local Cases
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #7 – Change Management
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #2 – Compliance Management
PKIoverheid: KPN CPS lacks CPR problem reporting instructions
PKIoverheid: Missing Intermediate CA from audit statement
PKIoverheid: Compliance issues CIBG TLS certificates
PKIoverheid: No BR Audit for Intermediate CAs technically capable of issuing TLS certs
PKIoverheid: KPN CPS Lists Forbidden Domain Validation Method 3.2.2.4.6
Staat der Nederlandend / PKIoverheid: Non-BR-Compliant Certificate Issuance