Policy 2.7.1: MRSP Issue #154: Require Management Assertions to list Non-compliance
80 views
Skip to first unread message
Ben Wilson
unread,
Oct 22, 2020, 2:40:11 PM10/22/20
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to mozilla-dev-security-policy
The purpose of this email is to begin public discussion on an addition to
section 2.4 of the Mozilla Root Store Policy. Issue #154
<https://github.com/mozilla/pkipolicy/issues/154> in GitHub proposes to
require that management assertions (CA disclosures to auditors) provide
written mention of all incidents occurring (or open) during the audit
period.
This issue is a companion to Issue 187
<https://github.com/mozilla/pkipolicy/issues/187> (Consider requiring audit
reports to list all incidents that occurred during the audit period or
clearly state that the auditor is not aware of any)
Please provide your comments and suggestions in response to this email.