SlideShare una empresa de Scribd logo

CA Self Regulation

Descargar como PPTX, PDF
CASCouncil
CASCouncil

This document summarizes the chronology of frameworks for CA self-governance from 1995-2013. It discusses the CA/Browser Forum guidelines, WebTrust program for CAs, baseline requirements, and efforts of the CA Security Council to advance security. The path ahead involves addressing SSL/TLS vulnerabilities, improving audit coordination, and increasing public education on secure SSL/TLS implementation.

Tecnología
1 de 10
CA Self-Governance: CA / Browser Forum Guidelines and Other Industry Developments Ben Wilson, Chair, CA / Browser Forum
Chronology of Frameworks 1995 - 1996 – PKIX chartered, BS 7799 published, EU Recommendation - Information Technology Security Evaluation Criteria (ITSEC), X.509v.3, ABA’s Digital Signature Guidelines 1997-1999 – ETSI Guide on Requirements for Trusted Third Parties, Certificate Policy and Certification Practices framework (ISO/TC68/SC 2 and RFC 2527), Gatekeeper Criteria for Accreditation of CAs, NIST Common Criteria, CS2/CSPP for COTS Protection Profile 2000 -2003 – ANSI X9.79, WebTrust for CAs, ETSI TS 101 456, ISO 17799, ABA’s PKI Assessment Guidelines, RFC 3647, ETSI TS 102 042, Certificate Issuing and Management Components (CIMCs) Protection Profile 2005 - 2007 – Meetings of the CA / Browser Forum to work on guidelines for EV SSL certificates, ISO 27001 adopted and ISO 17799 revised into ISO 27002 2011-2013 – ISO 27007/27008; ETSI TS 119 403 (EN 319 411-3), Baseline Requirements, Security Requirements, WebTrust 2.0 and ETSI updates, WPKOPS, CA Security Council, OTA’s CA Best Practices, NIST Workshop on Improving Trust in the Online Marketplace
WebTrust Program for CAs Audit of Management’s Assertion that it has: • assessed the controls over its CA operations • maintained effective controls providing reasonable assurance that • CA systems development, maintenance and operations were – properly authorized and – performed to maintain CA systems integrity. http://www.webtrust.org/homepage- documents/item27839.aspx
Audit Coordination for Baselines • Catch-22 for Browser Audit Report Requirements • Final draft of 1.0 ready in Q2-2011 for public comment • Effective date of July 1, 2012, but 2011 CA hacker • SSL Baseline Requirements Audit Criteria v1.1 – Effective January 1, 2013 – Added nearly 60 new checklist items to WebTrust 2.0 • ETSI TS 102 042 v.2.2.3 and ETSI TR 103 123 v.1.1.1 (2012-11) - Guidance for Auditors and CSPs on ETSI TS 102 042 for Issuing Publicly- Trusted TLS/SSL Certificates
CA / B Forum Baseline Requirements Rationale: Common security concerns exist for SSL/TLS and PKI for the Web. Various stakeholders should not create (and then have to maintain) multiple, conflicting criteria that Certification Authorities have to meet. If common baselines and reference points exist, then the number of variations will be reduced in root trust programs and audit schemes.
More about Baseline Requirements CAs must assert that they comply with the Baseline Requirements and identify which certificates they issue and manage comply. Profiles are specified, as well as time periods for validity of certificates and certificate information, and there are sunsetting / grandfathering provisions to effectuate change. A foundation is in place among key participants that will facilitate ecosystem improvements over time. Working with Mozilla and others on CA Practices
OTA’s CA Best Practices • CA checks reliable third party records, operates a quality control program, and screens and trains its employees. • CA audited for compliance with Baseline Requirements and other CA / Browser Forum guidelines, and auditors are competent in computer security auditing. • CA logs computer activity, reviews those logs, and conducts vulnerability scans and penetration tests. Roots are offline / air-gapped and protected by multiple layers of controls. • CA maintains and regularly reviews practice statements, including business continuity, disaster recovery, and security incident response plans. • CA stays current with developments by participating in industry-related organizations and events. https://otalliance.org/resources/SSL/CABestPractices.html
CA Security Council Group of commercial CAs formed in February 2013- to advance internet security by promoting deployments and enhancements to publicly trusted certificates [and to address SSL security awareness] through public education, collaboration, and advocacy. The CASC strives for the adoption of digital certificate best practices and the proper issuance and use of digital certificates by CAs, browsers, and other interested parties [and their potential impact on the internet infrastructure]. https://casecurity.org/mission/
CA / Browser Forum Transparency • April – May 2011 – draft Baseline Requirements published and public comments solicited on Mozilla list (and over 100 comments were received and addressed or logged for resolution) • May 2012 – public discussion email list created • June 2012 – draft Network and Certificate System Security Requirements published for public comment on Mozilla list (no comments received) • February 2013 – member votes are fully public
Path Ahead for CAs / Browsers • Address SSL/TLS vulnerabilities by gathering information and following up after workshop • Improve coordination with WebTrust, ETSI, and other key stakeholders • Code Signing Working Group to identify and address weaknesses in code signing PKI • Increased public outreach and education on secure implementation of SSL/TLS

Recomendados

eduTEAMS
eduTEAMSeduTEAMS
eduTEAMSJisc
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Smart Grid Interoperability Panel
 
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA PhiladelphiaThe Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA PhiladelphiaPatrick Sklodowski
 
1 final secnet_pci
1 final secnet_pci1 final secnet_pci
1 final secnet_pcimosyas
 
Our Software
Our SoftwareOur Software
Our SoftwareAssurance Screening
 
The Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCThe Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCPatrick Sklodowski
 
Externally Hosted Web 2.0 Services
Externally Hosted Web 2.0 ServicesExternally Hosted Web 2.0 Services
Externally Hosted Web 2.0 Servicesmarkvanharmelen
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustInformation Security Services SA
 

Recomendados

eduTEAMS
eduTEAMSeduTEAMS
eduTEAMSJisc
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Smart Grid Interoperability Panel
 
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA PhiladelphiaThe Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA PhiladelphiaPatrick Sklodowski
 
1 final secnet_pci
1 final secnet_pci1 final secnet_pci
1 final secnet_pcimosyas
 
Our Software
Our SoftwareOur Software
Our SoftwareAssurance Screening
 
The Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCThe Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCPatrick Sklodowski
 
Externally Hosted Web 2.0 Services
Externally Hosted Web 2.0 ServicesExternally Hosted Web 2.0 Services
Externally Hosted Web 2.0 Servicesmarkvanharmelen
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustInformation Security Services SA
 
The NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkThe NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkEMMAIntl
 
Cybersecurity Vendor Considerations
Cybersecurity Vendor ConsiderationsCybersecurity Vendor Considerations
Cybersecurity Vendor ConsiderationsEnergySec
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...Compliance Global Inc
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationSchellman & Company
 
Achieving Cyber Essentials
Achieving Cyber Essentials Achieving Cyber Essentials
Achieving Cyber Essentials Qonex
 
Cybersecurity Essentials - Certification
Cybersecurity Essentials - CertificationCybersecurity Essentials - Certification
Cybersecurity Essentials - CertificationMohamed Haathim Sharfraz
 
PCI presentation
PCI presentationPCI presentation
PCI presentationMahmoud Salaheldin
 
Verderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIVerderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIBen Rothke
 
Securing Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSecuring Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSmart Grid Interoperability Panel
 
What Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your BusinessWhat Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your BusinessData Foundry
 
OpenID Foundation Research & Education Working Group Update - October 22, 2018
OpenID Foundation Research & Education Working Group Update - October 22, 2018OpenID Foundation Research & Education Working Group Update - October 22, 2018
OpenID Foundation Research & Education Working Group Update - October 22, 2018OpenIDFoundation
 
productsheet_csi70_brief
productsheet_csi70_briefproductsheet_csi70_brief
productsheet_csi70_briefSagren Naidoo
 
Brian m cv
Brian m cvBrian m cv
Brian m cvAmir Shahzad Afridi
 
Accelerate Digital Transformation with Application Delivery Automation
Accelerate Digital Transformation with Application Delivery AutomationAccelerate Digital Transformation with Application Delivery Automation
Accelerate Digital Transformation with Application Delivery AutomationAppViewX
 
Application security and pa dss certification
Application security and pa dss certificationApplication security and pa dss certification
Application security and pa dss certificationAlexander Polyakov
 
PA-DSS
PA-DSSPA-DSS
PA-DSSChristian Heinrich
 
Security Software Datasheet Template
Security Software Datasheet TemplateSecurity Software Datasheet Template
Security Software Datasheet TemplateTDSmaker
 
Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44Jisc
 
Final project
Final projectFinal project
Final projectallison garfield
 
Social Media to grow your business - for Mortgage Brokers
Social Media to grow your business - for Mortgage BrokersSocial Media to grow your business - for Mortgage Brokers
Social Media to grow your business - for Mortgage BrokersSandra Pigram
 
New Ideas on CAA, CT and Public Key Pinning for a Safer Internet
New Ideas on CAA, CT and Public Key Pinning for a Safer InternetNew Ideas on CAA, CT and Public Key Pinning for a Safer Internet
New Ideas on CAA, CT and Public Key Pinning for a Safer InternetCASCouncil
 

Más contenido relacionado

La actualidad más candente

The NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkThe NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkEMMAIntl
 
Cybersecurity Vendor Considerations
Cybersecurity Vendor ConsiderationsCybersecurity Vendor Considerations
Cybersecurity Vendor ConsiderationsEnergySec
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...Compliance Global Inc
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationSchellman & Company
 
Achieving Cyber Essentials
Achieving Cyber Essentials Achieving Cyber Essentials
Achieving Cyber Essentials Qonex
 
Verderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIVerderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIBen Rothke
 
What Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your BusinessWhat Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your BusinessData Foundry
 
OpenID Foundation Research & Education Working Group Update - October 22, 2018
OpenID Foundation Research & Education Working Group Update - October 22, 2018OpenID Foundation Research & Education Working Group Update - October 22, 2018
OpenID Foundation Research & Education Working Group Update - October 22, 2018OpenIDFoundation
 
productsheet_csi70_brief
productsheet_csi70_briefproductsheet_csi70_brief
productsheet_csi70_briefSagren Naidoo
 
Accelerate Digital Transformation with Application Delivery Automation
Accelerate Digital Transformation with Application Delivery AutomationAccelerate Digital Transformation with Application Delivery Automation
Accelerate Digital Transformation with Application Delivery AutomationAppViewX
 
Application security and pa dss certification
Application security and pa dss certificationApplication security and pa dss certification
Application security and pa dss certificationAlexander Polyakov
 
Security Software Datasheet Template
Security Software Datasheet TemplateSecurity Software Datasheet Template
Security Software Datasheet TemplateTDSmaker
 
Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44Jisc
 

La actualidad más candente (19)

The NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework
 
Cybersecurity Vendor Considerations
Cybersecurity Vendor ConsiderationsCybersecurity Vendor Considerations
Cybersecurity Vendor Considerations
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
 
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & Attestation
 
Achieving Cyber Essentials
Achieving Cyber Essentials Achieving Cyber Essentials
Achieving Cyber Essentials
 
Cybersecurity Essentials - Certification
Cybersecurity Essentials - CertificationCybersecurity Essentials - Certification
Cybersecurity Essentials - Certification
 
PCI presentation
PCI presentationPCI presentation
PCI presentation
 
Verderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCIVerderber Rothke What’s New With PCI
Verderber Rothke What’s New With PCI
 
Securing Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSecuring Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy Sector
 
What Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your BusinessWhat Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your Business
 
OpenID Foundation Research & Education Working Group Update - October 22, 2018
OpenID Foundation Research & Education Working Group Update - October 22, 2018OpenID Foundation Research & Education Working Group Update - October 22, 2018
OpenID Foundation Research & Education Working Group Update - October 22, 2018
 
productsheet_csi70_brief
productsheet_csi70_briefproductsheet_csi70_brief
productsheet_csi70_brief
 
Brian m cv
Brian m cvBrian m cv
Brian m cv
 
Accelerate Digital Transformation with Application Delivery Automation
Accelerate Digital Transformation with Application Delivery AutomationAccelerate Digital Transformation with Application Delivery Automation
Accelerate Digital Transformation with Application Delivery Automation
 
Application security and pa dss certification
Application security and pa dss certificationApplication security and pa dss certification
Application security and pa dss certification
 
PA-DSS
PA-DSSPA-DSS
PA-DSS
 
Security Software Datasheet Template
Security Software Datasheet TemplateSecurity Software Datasheet Template
Security Software Datasheet Template
 
Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44
 

Destacado

Social Media to grow your business - for Mortgage Brokers
Social Media to grow your business - for Mortgage BrokersSocial Media to grow your business - for Mortgage Brokers
Social Media to grow your business - for Mortgage BrokersSandra Pigram
 
New Ideas on CAA, CT and Public Key Pinning for a Safer Internet
New Ideas on CAA, CT and Public Key Pinning for a Safer InternetNew Ideas on CAA, CT and Public Key Pinning for a Safer Internet
New Ideas on CAA, CT and Public Key Pinning for a Safer InternetCASCouncil
 
Certificates, Revocation and the new gTLD's Oh My!
Certificates, Revocation and the new gTLD's Oh My!Certificates, Revocation and the new gTLD's Oh My!
Certificates, Revocation and the new gTLD's Oh My!CASCouncil
 
TLS Certificates on the Web – The Good, The Bad and The Ugly
TLS Certificates on the Web – The Good, The Bad and The Ugly TLS Certificates on the Web – The Good, The Bad and The Ugly
TLS Certificates on the Web – The Good, The Bad and The Ugly CASCouncil
 
Symantec’s View of the Current State of ECDSA on the Web
Symantec’s View of the Current State of ECDSA on the WebSymantec’s View of the Current State of ECDSA on the Web
Symantec’s View of the Current State of ECDSA on the WebCASCouncil
 
Craig James Presentation - Back to Normal #nMBPortDouglas
Craig James Presentation - Back to Normal #nMBPortDouglasCraig James Presentation - Back to Normal #nMBPortDouglas
Craig James Presentation - Back to Normal #nMBPortDouglasSandra Pigram
 
CAs And The New Paradigm Shift
CAs And The New Paradigm ShiftCAs And The New Paradigm Shift
CAs And The New Paradigm ShiftCASCouncil
 
State of the Web
State of the WebState of the Web
State of the WebCASCouncil
 
Pandiruppu maha vidyalayam
Pandiruppu maha vidyalayamPandiruppu maha vidyalayam
Pandiruppu maha vidyalayamkalpandiruppu
 
Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements
Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements
Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements CASCouncil
 
Portofolio dan bentuk komunikasi lainnya (rahmat hidayat)
Portofolio dan bentuk komunikasi lainnya (rahmat hidayat)Portofolio dan bentuk komunikasi lainnya (rahmat hidayat)
Portofolio dan bentuk komunikasi lainnya (rahmat hidayat)rahida44
 
Trust Service Providers: Self-Regulatory Processes
Trust Service Providers: Self-Regulatory ProcessesTrust Service Providers: Self-Regulatory Processes
Trust Service Providers: Self-Regulatory ProcessesCASCouncil
 
Raiche, lindsay order of operations
Raiche, lindsay order of operationsRaiche, lindsay order of operations
Raiche, lindsay order of operationsLindsay Raiche
 
Presentación p point diplomado (2)
Presentación p point diplomado (2)Presentación p point diplomado (2)
Presentación p point diplomado (2)16032543
 
Presentacion.ppt historia clinica en odontopediatria
Presentacion.ppt historia clinica en odontopediatriaPresentacion.ppt historia clinica en odontopediatria
Presentacion.ppt historia clinica en odontopediatria16032543
 

Destacado (18)

Final project
Final projectFinal project
Final project
 
Social Media to grow your business - for Mortgage Brokers
Social Media to grow your business - for Mortgage BrokersSocial Media to grow your business - for Mortgage Brokers
Social Media to grow your business - for Mortgage Brokers
 
New Ideas on CAA, CT and Public Key Pinning for a Safer Internet
New Ideas on CAA, CT and Public Key Pinning for a Safer InternetNew Ideas on CAA, CT and Public Key Pinning for a Safer Internet
New Ideas on CAA, CT and Public Key Pinning for a Safer Internet
 
Certificates, Revocation and the new gTLD's Oh My!
Certificates, Revocation and the new gTLD's Oh My!Certificates, Revocation and the new gTLD's Oh My!
Certificates, Revocation and the new gTLD's Oh My!
 
TLS Certificates on the Web – The Good, The Bad and The Ugly
TLS Certificates on the Web – The Good, The Bad and The Ugly TLS Certificates on the Web – The Good, The Bad and The Ugly
TLS Certificates on the Web – The Good, The Bad and The Ugly
 
Symantec’s View of the Current State of ECDSA on the Web
Symantec’s View of the Current State of ECDSA on the WebSymantec’s View of the Current State of ECDSA on the Web
Symantec’s View of the Current State of ECDSA on the Web
 
Craig James Presentation - Back to Normal #nMBPortDouglas
Craig James Presentation - Back to Normal #nMBPortDouglasCraig James Presentation - Back to Normal #nMBPortDouglas
Craig James Presentation - Back to Normal #nMBPortDouglas
 
CAs And The New Paradigm Shift
CAs And The New Paradigm ShiftCAs And The New Paradigm Shift
CAs And The New Paradigm Shift
 
State of the Web
State of the WebState of the Web
State of the Web
 
Pandiruppu maha vidyalayam
Pandiruppu maha vidyalayamPandiruppu maha vidyalayam
Pandiruppu maha vidyalayam
 
Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements
Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements
Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements
 
Curso de Ejemplo
Curso de EjemploCurso de Ejemplo
Curso de Ejemplo
 
Portofolio dan bentuk komunikasi lainnya (rahmat hidayat)
Portofolio dan bentuk komunikasi lainnya (rahmat hidayat)Portofolio dan bentuk komunikasi lainnya (rahmat hidayat)
Portofolio dan bentuk komunikasi lainnya (rahmat hidayat)
 
ielts
ieltsielts
ielts
 
Trust Service Providers: Self-Regulatory Processes
Trust Service Providers: Self-Regulatory ProcessesTrust Service Providers: Self-Regulatory Processes
Trust Service Providers: Self-Regulatory Processes
 
Raiche, lindsay order of operations
Raiche, lindsay order of operationsRaiche, lindsay order of operations
Raiche, lindsay order of operations
 
Presentación p point diplomado (2)
Presentación p point diplomado (2)Presentación p point diplomado (2)
Presentación p point diplomado (2)
 
Presentacion.ppt historia clinica en odontopediatria
Presentacion.ppt historia clinica en odontopediatriaPresentacion.ppt historia clinica en odontopediatria
Presentacion.ppt historia clinica en odontopediatria
 

Similar a CA Self Regulation

Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applicationskanimozhin
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsTechcello
 
Dealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleDealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleRochester Security Summit
 
Meeting Today’s IT Support Challenges with CompTIA A+
Meeting Today’s IT Support Challenges with CompTIA A+Meeting Today’s IT Support Challenges with CompTIA A+
Meeting Today’s IT Support Challenges with CompTIA A+CompTIA
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixJohn Yeoh
 
Nana Owusu resume today
Nana Owusu resume todayNana Owusu resume today
Nana Owusu resume todayNana Owusu
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0Valdez Ladd MBA, CISSP, CISA,
 
G6 independent certification for CSP v3
G6 independent certification for CSP v3G6 independent certification for CSP v3
G6 independent certification for CSP v3Ummey Humayra
 
Cloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptxCloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptxAdityaChawan4
 
Development of Digital Identity Systems
Development of Digital Identity Systems Development of Digital Identity Systems
Development of Digital Identity Systems Maganathin Veeraragaloo
 
IRJET- Survey on Blockchain based Digital Certificate System
IRJET- Survey on Blockchain based Digital Certificate SystemIRJET- Survey on Blockchain based Digital Certificate System
IRJET- Survey on Blockchain based Digital Certificate SystemIRJET Journal
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controlsEnclaveSecurity
 

Similar a CA Self Regulation (20)

Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
 
Governing in the Cloud
Governing in the CloudGoverning in the Cloud
Governing in the Cloud
 
Dealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleDealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation Style
 
CompTIA Cybersecurity Analyst Certification Tips and Tricks
CompTIA Cybersecurity Analyst Certification Tips and TricksCompTIA Cybersecurity Analyst Certification Tips and Tricks
CompTIA Cybersecurity Analyst Certification Tips and Tricks
 
Jason Allred Resume
Jason Allred ResumeJason Allred Resume
Jason Allred Resume
 
Meeting Today’s IT Support Challenges with CompTIA A+
Meeting Today’s IT Support Challenges with CompTIA A+Meeting Today’s IT Support Challenges with CompTIA A+
Meeting Today’s IT Support Challenges with CompTIA A+
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls Matrix
 
Nana Owusu resume today
Nana Owusu resume todayNana Owusu resume today
Nana Owusu resume today
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
 
G6 independent certification for CSP v3
G6 independent certification for CSP v3G6 independent certification for CSP v3
G6 independent certification for CSP v3
 
Cloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptxCloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptx
 
Hogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityHogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing Secutity
 
Development of Digital Identity Systems
Development of Digital Identity Systems Development of Digital Identity Systems
Development of Digital Identity Systems
 
IRJET- Survey on Blockchain based Digital Certificate System
IRJET- Survey on Blockchain based Digital Certificate SystemIRJET- Survey on Blockchain based Digital Certificate System
IRJET- Survey on Blockchain based Digital Certificate System
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controls
 

Más de CASCouncil

100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017
100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017
100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017CASCouncil
 
Six Reasons http Will Become a Thing of the Past
Six Reasons http Will Become a Thing of the PastSix Reasons http Will Become a Thing of the Past
Six Reasons http Will Become a Thing of the PastCASCouncil
 
What Kind of SSL/TLS Certificate Do I Need?
What Kind of SSL/TLS Certificate Do I Need?What Kind of SSL/TLS Certificate Do I Need?
What Kind of SSL/TLS Certificate Do I Need?CASCouncil
 
Payments Security – Vital Information all Payment Processors need to know
Payments Security – Vital Information all Payment Processors need to knowPayments Security – Vital Information all Payment Processors need to know
Payments Security – Vital Information all Payment Processors need to knowCASCouncil
 
2016 IRS Free e-File Audit & Honor Roll
2016 IRS Free e-File Audit & Honor Roll2016 IRS Free e-File Audit & Honor Roll
2016 IRS Free e-File Audit & Honor RollCASCouncil
 
CA/Browser Forum—To effect positive changes to improve internet security
CA/Browser Forum—To effect positive changes to improve internet security CA/Browser Forum—To effect positive changes to improve internet security
CA/Browser Forum—To effect positive changes to improve internet security CASCouncil
 
Update on the Work of the CA / Browser Forum
Update on the Work of the CA / Browser ForumUpdate on the Work of the CA / Browser Forum
Update on the Work of the CA / Browser ForumCASCouncil
 
Extended Validation Builds Trust
Extended Validation Builds TrustExtended Validation Builds Trust
Extended Validation Builds TrustCASCouncil
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
 
Alternatives and Enhancements to CAs for a Secure Web
Alternatives and Enhancements to CAs for a Secure WebAlternatives and Enhancements to CAs for a Secure Web
Alternatives and Enhancements to CAs for a Secure WebCASCouncil
 
New Window of Opportunity
New Window of OpportunityNew Window of Opportunity
New Window of OpportunityCASCouncil
 
Nation-State Attacks On PKI
Nation-State Attacks On PKI Nation-State Attacks On PKI
Nation-State Attacks On PKI CASCouncil
 
Alternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebAlternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebCASCouncil
 

Más de CASCouncil (14)

100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017
100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017
100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017
 
Six Reasons http Will Become a Thing of the Past
Six Reasons http Will Become a Thing of the PastSix Reasons http Will Become a Thing of the Past
Six Reasons http Will Become a Thing of the Past
 
What Kind of SSL/TLS Certificate Do I Need?
What Kind of SSL/TLS Certificate Do I Need?What Kind of SSL/TLS Certificate Do I Need?
What Kind of SSL/TLS Certificate Do I Need?
 
Payments Security – Vital Information all Payment Processors need to know
Payments Security – Vital Information all Payment Processors need to knowPayments Security – Vital Information all Payment Processors need to know
Payments Security – Vital Information all Payment Processors need to know
 
2016 IRS Free e-File Audit & Honor Roll
2016 IRS Free e-File Audit & Honor Roll2016 IRS Free e-File Audit & Honor Roll
2016 IRS Free e-File Audit & Honor Roll
 
CA/Browser Forum—To effect positive changes to improve internet security
CA/Browser Forum—To effect positive changes to improve internet security CA/Browser Forum—To effect positive changes to improve internet security
CA/Browser Forum—To effect positive changes to improve internet security
 
Update on the Work of the CA / Browser Forum
Update on the Work of the CA / Browser ForumUpdate on the Work of the CA / Browser Forum
Update on the Work of the CA / Browser Forum
 
Extended Validation Builds Trust
Extended Validation Builds TrustExtended Validation Builds Trust
Extended Validation Builds Trust
 
CA Day 2014
CA Day 2014 CA Day 2014
CA Day 2014
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
 
Alternatives and Enhancements to CAs for a Secure Web
Alternatives and Enhancements to CAs for a Secure WebAlternatives and Enhancements to CAs for a Secure Web
Alternatives and Enhancements to CAs for a Secure Web
 
New Window of Opportunity
New Window of OpportunityNew Window of Opportunity
New Window of Opportunity
 
Nation-State Attacks On PKI
Nation-State Attacks On PKI Nation-State Attacks On PKI
Nation-State Attacks On PKI
 
Alternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebAlternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure Web
 

Último

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Último (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

CA Self Regulation

  • 1. CA Self-Governance: CA / Browser Forum Guidelines and Other Industry Developments Ben Wilson, Chair, CA / Browser Forum
  • 2. Chronology of Frameworks 1995 - 1996 – PKIX chartered, BS 7799 published, EU Recommendation - Information Technology Security Evaluation Criteria (ITSEC), X.509v.3, ABA’s Digital Signature Guidelines 1997-1999 – ETSI Guide on Requirements for Trusted Third Parties, Certificate Policy and Certification Practices framework (ISO/TC68/SC 2 and RFC 2527), Gatekeeper Criteria for Accreditation of CAs, NIST Common Criteria, CS2/CSPP for COTS Protection Profile 2000 -2003 – ANSI X9.79, WebTrust for CAs, ETSI TS 101 456, ISO 17799, ABA’s PKI Assessment Guidelines, RFC 3647, ETSI TS 102 042, Certificate Issuing and Management Components (CIMCs) Protection Profile 2005 - 2007 – Meetings of the CA / Browser Forum to work on guidelines for EV SSL certificates, ISO 27001 adopted and ISO 17799 revised into ISO 27002 2011-2013 – ISO 27007/27008; ETSI TS 119 403 (EN 319 411-3), Baseline Requirements, Security Requirements, WebTrust 2.0 and ETSI updates, WPKOPS, CA Security Council, OTA’s CA Best Practices, NIST Workshop on Improving Trust in the Online Marketplace
  • 3. WebTrust Program for CAs Audit of Management’s Assertion that it has: • assessed the controls over its CA operations • maintained effective controls providing reasonable assurance that • CA systems development, maintenance and operations were – properly authorized and – performed to maintain CA systems integrity. http://www.webtrust.org/homepage- documents/item27839.aspx
  • 4. Audit Coordination for Baselines • Catch-22 for Browser Audit Report Requirements • Final draft of 1.0 ready in Q2-2011 for public comment • Effective date of July 1, 2012, but 2011 CA hacker • SSL Baseline Requirements Audit Criteria v1.1 – Effective January 1, 2013 – Added nearly 60 new checklist items to WebTrust 2.0 • ETSI TS 102 042 v.2.2.3 and ETSI TR 103 123 v.1.1.1 (2012-11) - Guidance for Auditors and CSPs on ETSI TS 102 042 for Issuing Publicly- Trusted TLS/SSL Certificates
  • 5. CA / B Forum Baseline Requirements Rationale: Common security concerns exist for SSL/TLS and PKI for the Web. Various stakeholders should not create (and then have to maintain) multiple, conflicting criteria that Certification Authorities have to meet. If common baselines and reference points exist, then the number of variations will be reduced in root trust programs and audit schemes.
  • 6. More about Baseline Requirements CAs must assert that they comply with the Baseline Requirements and identify which certificates they issue and manage comply. Profiles are specified, as well as time periods for validity of certificates and certificate information, and there are sunsetting / grandfathering provisions to effectuate change. A foundation is in place among key participants that will facilitate ecosystem improvements over time. Working with Mozilla and others on CA Practices
  • 7. OTA’s CA Best Practices • CA checks reliable third party records, operates a quality control program, and screens and trains its employees. • CA audited for compliance with Baseline Requirements and other CA / Browser Forum guidelines, and auditors are competent in computer security auditing. • CA logs computer activity, reviews those logs, and conducts vulnerability scans and penetration tests. Roots are offline / air-gapped and protected by multiple layers of controls. • CA maintains and regularly reviews practice statements, including business continuity, disaster recovery, and security incident response plans. • CA stays current with developments by participating in industry-related organizations and events. https://otalliance.org/resources/SSL/CABestPractices.html
  • 8. CA Security Council Group of commercial CAs formed in February 2013- to advance internet security by promoting deployments and enhancements to publicly trusted certificates [and to address SSL security awareness] through public education, collaboration, and advocacy. The CASC strives for the adoption of digital certificate best practices and the proper issuance and use of digital certificates by CAs, browsers, and other interested parties [and their potential impact on the internet infrastructure]. https://casecurity.org/mission/
  • 9. CA / Browser Forum Transparency • April – May 2011 – draft Baseline Requirements published and public comments solicited on Mozilla list (and over 100 comments were received and addressed or logged for resolution) • May 2012 – public discussion email list created • June 2012 – draft Network and Certificate System Security Requirements published for public comment on Mozilla list (no comments received) • February 2013 – member votes are fully public
  • 10. Path Ahead for CAs / Browsers • Address SSL/TLS vulnerabilities by gathering information and following up after workshop • Improve coordination with WebTrust, ETSI, and other key stakeholders • Code Signing Working Group to identify and address weaknesses in code signing PKI • Increased public outreach and education on secure implementation of SSL/TLS