← Autoridad de Certificación (ANF AC) cases
Bugzilla #2047579 Incident Problem Reporting Failure Self Assessment

ANF AC: 2026 Audit Report Finding 1 out of 3 — Business continuity plan not updated after CAB transition

ASSIGNED Autoridad de Certificación (ANF AC)
This summary was auto-generated by AI and revised by me when needed — accuracy improves with each update. Always refer to the official Bugzilla thread as the authoritative source. If you spot an inaccuracy, let me know via the contact form.
AI Summary

This case concerns an ETSI EN 319 401 audit finding for ANF AC. The business continuity plan and disaster recovery (OID 1.3.6.1.4.1.18332.13.1.1), version 2.5, still referenced the previous conformity assessment body (CAB) CSQA Certificazioni instead of the current CAB DEKRA Testing and Certification. The finding was treated as non-conformity against ETSI EN 319 401, Section 7.11.1, REQ-7.11.1-01X, because the continuity plan had not been maintained up to date following the CAB transition. ANF AC stated the impact was exclusively documentary and did not affect any issued certificates, OCSP responses, or CRLs. ANF AC updated and approved the business continuity plan on 2026-02-23 to replace the CAB reference, and on 2026-04-17 updated its internal document review procedure to verify external third-party references when organizational, contractual, or audit-related changes occur. A participant also commented that the CCADB incident-report timeline did not meet expectations for when preliminary and full reports should be posted.

Model: gpt-5.4-nano Generated: 2026-06-19 19:21 UTC Confidence: 0.66 2 comments
Chronology
  1. ANF AC changed its CAB from CSQA Certificazioni to DEKRA Testing and Certification.
  2. ANF AC performed the annual review of its business continuity plan and approved version 2.5 without detecting the outdated CAB reference.
  3. During the annual ETSI EN 319 401 audit, the auditor identified the non-conformity regarding the outdated CAB reference.
  4. ANF AC updated and approved the business continuity plan to replace CSQA Certificazioni with DEKRA Testing and Certification.
  5. ANF AC updated its internal document review procedure to require verification of external third-party references after relevant changes.
Thread Activity
  1. yulier.nunez@anf.es — Posted the full incident report describing the audit finding, the outdated CAB reference in the business continuity plan, the stated documentary-only impact, and the remediation timeline.
  2. dean.f.reed@protonmail.com — Commented that the CCADB incident-report timeline did not meet expectations for preliminary/full report posting dates and referenced good practice about closure summaries.
Participants
yulier.nunez@anf.es dean.f.reed@protonmail.com
External References
Original Bugzilla Case www.ccadb.org bugzilla.mozilla.org
Related Bugzilla IDs Mentioned
#2041368
Similar Local Cases
#2032482 ASSIGNED Ca Certificate Compliance Incident Self Reported Incident Certificate Misissuance Opened 2026-04-16 Still Open · 76% similar
OATI: Misissuance detected by PKIMetal
AI Summary CA Owner
#2041774 ASSIGNED Incident Repository Issue Problem Reporting Failure Ccadb Disclosure Issue Opened 2026-05-22 Still Open · 69% similar
OATI: AIA CA Issuer field pointing to PEM encoded cert
AI Summary CA Owner
#2007116 ASSIGNED Ccadb Disclosure Issue Incident Externally Reported Incident Opened By Ca Opened 2025-12-19 Still Open · 66% similar
D-Trust: CRL URL Disclosure
AI Summary CA Owner
#2047580 ASSIGNED Policy Document Issue Repository Issue Incident Self Reported Incident Opened 2026-06-15 Still Open · 60% similar
ANF AC: 2026 Audit Report Finding 2 out of 3
AI Summary CA Owner
#1967929 RESOLVED Incident Opened 2025-05-22 · Closed 2025-07-17 · 59% similar
KIR: Failed to respond a Certificate Problem Report within 24 hours
AI Summary CA Owner
#1676003 RESOLVED Incident Opened 2020-11-08 · Closed 2023-02-22 · 57% similar
DigiCert: Entity not verified in organizationalUnitName
AI Summary CA Owner
#1974325 RESOLVED Incident Self Reported Incident Opened 2025-06-26 · Closed 2025-07-16 · 56% similar
ANF AC: Test Certificates Non-Compliance
AI Summary CA Owner
#1969842 RESOLVED Ca Documents Incident Opened 2025-06-02 · Closed 2025-07-16 · 48% similar
ANF AC: Finding #1 ETSI Audit - Missing log retention period in Terms and Conditions v1.9
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action