CA Compliance Self-Assessment Update
230 views
Skip to first unread message
Chris Clements
Sep 1, 2022, 4:31:51 PM9/1/22
to dev-secur...@mozilla.org
All,
In the 2022-06-01 Chrome Root Program policy release, we announced a requirement for CA owners to complete and submit a self-assessment to CCADB annually, beginning in 2023.
The Chrome Root Program will temporarily adopt the existing Template: CA Compliance Self-Assessment used by Mozilla. The template has been updated to include a sheet specific to Chrome. This approach will avoid requiring CA owners participating in multiple root programs from having to complete multiple similar, yet separate self-assessment processes. We are continuing to work with Mozilla and other members of the CCADB Steering Committee on an updated, common self-assessment format that will be accepted by multiple programs.
Effective the release of the Chrome Root Program policy version 1.2 on 2022-09-01, CA owners applying for inclusion in the Chrome Root Store must complete the Baseline Requirements sheet and the Google Chrome-Specific Requirements sheet included in the self-assessment template above.
For any questions or concerns, please email us at chrome-ro...@google.com.
Thank you
-Chris
[Sent on behalf of the Chrome Root Program]
In the 2022-06-01 Chrome Root Program policy release, we announced a requirement for CA owners to complete and submit a self-assessment to CCADB annually, beginning in 2023.
The Chrome Root Program will temporarily adopt the existing Template: CA Compliance Self-Assessment used by Mozilla. The template has been updated to include a sheet specific to Chrome. This approach will avoid requiring CA owners participating in multiple root programs from having to complete multiple similar, yet separate self-assessment processes. We are continuing to work with Mozilla and other members of the CCADB Steering Committee on an updated, common self-assessment format that will be accepted by multiple programs.
Effective the release of the Chrome Root Program policy version 1.2 on 2022-09-01, CA owners applying for inclusion in the Chrome Root Store must complete the Baseline Requirements sheet and the Google Chrome-Specific Requirements sheet included in the self-assessment template above.
For any questions or concerns, please email us at chrome-ro...@google.com.
Thank you
-Chris
[Sent on behalf of the Chrome Root Program]
Dimitris Zacharopoulos
Sep 2, 2022, 6:31:39 AM9/2/22
to dev-secur...@mozilla.org
On 1/9/2022 11:31 μ.μ., 'Chris
Clements' via dev-secur...@mozilla.org wrote:
The Chrome Root Program will temporarily adopt the existing Template: CA Compliance Self-Assessment used by Mozilla. The template has been updated to include a sheet specific to Chrome. This approach will avoid requiring CA owners participating in multiple root programs from having to complete multiple similar, yet separate self-assessment processes. We are continuing to work with Mozilla and other members of the CCADB Steering Committee on an updated, common self-assessment format that will be accepted by multiple programs.
Perhaps it might be worth aligning with
https://wiki.mozilla.org/CA/Compliance_Self-Assessment and use the
same template link for consistency. Chrome's version seems to
incorporate v. 1.8.4 of the BRs vs 1.8.3 of the Mozilla's current
template).
Thanks,
Dimitris.
Thanks,
Dimitris.
Ben Wilson
Sep 2, 2022, 9:31:31 AM9/2/22
to Dimitris Zacharopoulos, dev-secur...@mozilla.org
Hi Dimitris,
I have just updated the link to the template at
https://wiki.mozilla.org/CA/Compliance_Self-Assessment.
Thanks,
Ben
--
You received this message because you are subscribed to the Google Groups "dev-secur...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-po...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/aae840e3-3ce2-7402-5f02-72bc7f980b02%40it.auth.gr.
Man Ho
Sep 7, 2022, 1:57:44 AM9/7/22
to dev-secur...@mozilla.org, bwi...@mozilla.com, dev-secur...@mozilla.org, ji...@it.auth.gr
Hi Chris,
Should CA owner submit the self-assessment worksheet to Chrome Root Program via email to chrome-ro...@google.com or opening a case in CCADB?
Thank you
-Man
Thank you
-Man
Chris Clements
Sep 7, 2022, 10:49:04 AM9/7/22
to dev-secur...@mozilla.org, manho4c...@gmail.com, dev-secur...@mozilla.org
Hi Man,
We are working with the CCADB Steering Committee to enable functionality for including self-assessments within a case. Once enabled, we will communicate the new functionality with the community. The capability should be available prior to the annual self-assessment requirement becoming effective in 2023.
Meanwhile, any CA owner who meets the requirements in our policy and is applying to the Chrome Root Program can email the team at chrome-ro...@google.com and we will provide instructions for the collection of the self-assessment and other required documents.
Thank you!
-Chris
We are working with the CCADB Steering Committee to enable functionality for including self-assessments within a case. Once enabled, we will communicate the new functionality with the community. The capability should be available prior to the annual self-assessment requirement becoming effective in 2023.
Meanwhile, any CA owner who meets the requirements in our policy and is applying to the Chrome Root Program can email the team at chrome-ro...@google.com and we will provide instructions for the collection of the self-assessment and other required documents.
Thank you!
-Chris
Reply all
Reply to author
Forward
0 new messages