← Government of The Netherlands, PKIoverheid (Logius) cases
Bugzilla #2008027
Technical Compliance
PKIoverheid: TSP CIBG Findings in 2025 ETSI Audit - Incident Report #6 – Access Control Management
RESOLVED
FIXED
Government of The Netherlands, PKIoverheid (Logius)
AI Summary
The PKIoverheid CA faced compliance issues related to Access Control Management, identified during an annual ETSI audit. The audit revealed inconsistencies in the Access Control Management document, including errors in the number of trusted roles and a lack of measures to ensure deadlines for revocation requests were met. Additionally, not all historical versions of the document were available. Following the audit, corrective actions were implemented, including expanding the document management process and automating the sharing of termination information. All action items have been completed, and the case is now resolved.
Chronology
- Non-compliance identified by auditor
- Corrective Action Plan created
- Corrective Action Plan approved by auditor
- Report Closure Summary posted
Participants
Patrick van den Berg
Policy Authority PKIoverheid
External References
Similar Local Cases
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #10 – Firewall Rules and Review
Entrust: Non-BR-Compliant OCSP Responder
Amazon Trust Services: CRL not DER-encoded
Certigna: Finding #3 ETSI Audit – Event log protection beyond seven years shall be improved
Telekom Security: Finding in 2020 ETSI-Audit regarding weekly review of changes to configurations
SwissSign: recommendation on backup testing
SwissSign: recommendation on synchronization of staging and production environments
Sectigo: Late termination of privileged access to Certificate Systems