← IdenTrust Services, LLC cases
Bugzilla #2025917
Policy Compliance
IdenTrust: Full Incident Report for bug 2016585 was not published within 14 days of discovering the issue
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust failed to publish a Full Incident Report for Bug 2016585 within the required 14-day timeframe as mandated by CCADB policy. The incident was identified on February 24, 2026, but the report was not posted until February 26, 2026, leading to a compliance issue. No customer impact was reported, and the root cause was a misunderstanding of the incident reporting guidelines. IdenTrust has since standardized its reporting process and implemented reminders for future compliance.
Chronology
- Non-compliance start date
- Full Incident report was posted for Bug 2016585
- Public follow-up comments note that required 14-day requirement was not met
- Introduced reminders for reporting milestones
- All action items completed; closure report submitted
Participants
IdenTrust
External References
Similar Local Cases
IdenTrust: Full Incident Report for Bug 2014609 was not published within 14 days of discovering the issue
IdenTrust: Full Incident Report for bug 2014610 was not published within 14 days of discovering the issue
IdenTrust: Failure to disclose Unconstrained intermediate Within 7 Days
IdenTrust: basicConstraints not flagged "Critical" Per Certification Practices Statement
NETLOCK: did not file a preliminary incident report or respond to a third-party report within the 72-hour timeframe
Microsoft PKI Services: Failure to disclose Unconstrained Intermediate within 7 Days
KIR: Intermediate CA - SZAFIR Trusted CA3 - revocation status not changed in CCADB
SECOM: Failed an annual CPS update of Cybertrust Japan (CTJ)