← Chunghwa Telecom cases
Bugzilla #2008799
Audit Related
Chunghwa Telecom: Findings in 2025 WebTrust Audit - GTLSCA Audit Incident Report #3 - Missing vulnerability scan
RESOLVED
FIXED
Chunghwa Telecom
AI Summary
Chunghwa Telecom's GTLSCA faced non-compliance during the 2025 WebTrust audit due to missing vulnerability scans. Only one scan was conducted in Q4 2024, while the required quarterly scans for 2025 were inadequately managed by a third-party provider. This oversight led to incomplete coverage and failure to meet WebTrust standards. Following the audit findings, Chunghwa Telecom implemented corrective actions, including enhanced monitoring and automation of vulnerability scans to ensure compliance moving forward.
Chronology
- Initiation of new annual GTLSCA system maintenance contract
- Start of non-compliance due to missed Q1 vulnerability scan
- Non-compliance identified during audit
- End of non-compliance after remediation
- Final call for comments on incident report
Participants
Tsung-Min Kuo
External References
Similar Local Cases
Chunghwa Telecom: Findings in 2025 WebTrust Audit - GTLSCA Audit Incident Report #4 - Missing evaluation for third parties
Chunghwa Telecom: Findings in 2025 WebTrust Audit - GTLSCA Audit Incident Report #2 - Domain validation records without the TLS BR version
Chunghwa Telecom: Findings in 2025 WebTrust Audit - GTLSCA Audit Incident Report #1 - mass certificate revocation plan
Chunghwa Telecom Audit Statements
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #3 – Internal Audit
PKIoverheid: TSP CIBG Findings in 2025 ETSI Audit - Incident Report #5 – Risk Management
PKIoverheid: TSP CIBG Findings in 2025 ETSI Audit - Incident Report #8 – Human Resources Management
Telia: Findings in 2024 Audit