ACTION 4: Ensure Audit Reports are Properly Formatted
We have implemented automated audit letter validation (ALV) to process audit cases submitted to the CCADB. To improve the success rate of ALV, please ensure that your auditors comply with the following requirements in all future audit statements. This has been added to the CCADB Policy (section 5.1), and is especially important now that we have extended ALV to intermediate certificates.
|
|---|
| ACTION 4 COMMENTS |
| CA Owner | Response | Response |
|---|---|---|
| AC Camerfirma, S.A. | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Actalis | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | In our current audit report, dates not follow the expected format(s) and SHA256 thumbprints have embedded spaces and linefeeds. We have requested our CAB to fix those details in future audit reports. |
| Amazon Trust Services | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Asseco Data Systems S.A. (previously Unizeto Certum) | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | Our current audit reports do not follow the expected formats.We have made request to our auditors to follow expected formats in future audit reports. |
| Atos | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Autoridad de Certificacion Firmaprofesional | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Buypass | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Certisign Certificadora Digital | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| China Financial Certification Authority (CFCA) | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Chunghwa Telecom | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| ComSign | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Consorci Administració Oberta de Catalunya (Consorci AOC, CATCert) | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Cybertrust Japan / JCSI | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| D-TRUST | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| DarkMatter LLC | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Deutsche Telekom Security GmbH | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Dhimyotis / Certigna | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| DigiCert | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Disig, a.s. | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| E-Tugra | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Entrust | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA)) | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| GlobalSign nv-sa | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| GoDaddy | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Google Trust Services LLC | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Government of Hong Kong (SAR), Hongkong Post, Certizen | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Government of Taiwan, Government Root Certification Authority (GRCA) | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Government of The Netherlands, PKIoverheid (Logius) | Other (please describe below) | The Webtrust management assertion and auditor's opinion for 2019 will comply with these requirements. For the ETSI audit statements issued by BSI for our TSPs we're currently working with BSI for these to be compliant. For future audits of PKIoverheid TSPs conducted by auditors previously not involved with PKIoverheid we will discuss these requirements to ensure continued compliance of PKIoverheid with ALV requirements. |
| Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| HARICA | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| IdenTrust Services, LLC | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Internet Security Research Group | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Izenpe S.A. | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Krajowa Izba Rozliczeniowa S.A. (KIR) | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| LuxTrust | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Microsec Ltd. | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | Our present audit reports already conform to these requirements. |
| Microsoft Corporation | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| NETLOCK Kft. | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| OISTE | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| QuoVadis | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| SECOM Trust Systems CO., LTD. | Other (please describe below) | We plan to create and update the audit report that complies with the requirements at the next audit. All audit reports will be updated around September 2020. |
| SK ID Solutions AS | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| SSL.com | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Sectigo | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| SecureTrust | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Shanghai Electronic Certification Authority Co., Ltd. | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| SwissSign AG | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Swisscom (Switzerland) Ltd | Other (please describe below) | Swisscom Certificates are not in the root store any more. Nevertheless we received the "Mozilla CA Communication: Action requested by January 31, 2020" mail from Wayne. Was this an error or is there something additional Swisscom needs to do in order not to receive the root store communications? |
| Taiwan-CA Inc. (TWCA) | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Telia Company | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| TrustCor Systems | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Trustis | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| Web.com | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| certSIGN | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements | |
| eMudhra Technologies Limited | We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements |