← Certigna cases
Bugzilla #2041368
CCADB Compliance
Certigna: Finding #1 ETSI Audit – Missing system configuration information in the CP/CPS
RESOLVED
FIXED
Certigna
AI Summary
Certigna reported a finding from their ETSI audit indicating that their Certificate Policy/Certificate Practice Statement (CP/CPS) did not specify the maximum interval for system configuration checks, as required by the ETSI EN 319 401 standard. This information was included in their configuration management procedure but was not explicitly stated in the CP/CPS. The non-compliance was identified on February 27, 2026, and resolved by April 1, 2026, with no impact on certificates reported. All action items related to this incident have been completed.
Chronology
- Last version of the CP/CPS does not include explicitly the maximum interval for system configuration checks.
- Auditor identifies the missing specification in the CP/CPS.
- Revision of the CP/CPS to include the maximum interval for system configuration checks.
- Auditor validates the resolution of the deviation.
Participants
Josselin Allemandou
External References
Similar Local Cases
Certigna: Delay in reporting an audit finding
Dhimyotis / Certigna: Intermediate Cert(s) not disclosed in CCADB
SwissSign: Audit Letter Validation failures on intermediate certificates
Firmaprofesional: 2019 audit Finding #2 - 6.4 Facility, management, and operational controls
Firmaprofesional: 2021 Audit Report Finding 3 out of 3
Chunghwa Telecom: Delayed disclosure to Bug 2008782 GTLSCA Audit Incident Report #1 - mass certificate revocation plan
IdenTrust: Delay in updating a Bugzilla ticket Bug 2014610 - Next update
Sectigo: Late CCADB update after CPS update