← SwissSign AG cases
Bugzilla #1990274
Technical Compliance
SwissSign: recommendation on synchronization of staging and production environments
RESOLVED
FIXED
SwissSign AG
AI Summary
The audit report for SwissSign recommended improvements in the synchronization between their staging and production environments. This recommendation arose from the continued reliance on manual processes, which auditors suggested could be enhanced through automation. SwissSign has since implemented automated synchronization using an infrastructure-as-code approach, which has been reviewed and approved by auditors. All action items related to this recommendation have been completed, and SwissSign is committed to further strengthening its PKI systems.
Chronology
- Audit report containing recommendation published
- Automation of sync from test to production completed and reviewed
Participants
Sandy Balzer
External References
Similar Local Cases
SwissSign: recommendation on backup testing
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #10 – Firewall Rules and Review
PKIoverheid: TSP CIBG Findings in 2025 ETSI Audit - Incident Report #6 – Access Control Management
Sectigo: Late termination of privileged access to Certificate Systems
DigiCert: SCEE / Justica: Non-BR-Compliant Certificate Issuance
Update Microsoft field names and automate filling in the EV checkboxes based on the Microsoft Policy OIDs
Sectigo: Lack of technical controls for multiparty control access to Secure Zone
Visa: Non-BR-Compliant OCSP Responders