[Servercert-wg] Ballot SC 21 - Section 3 of the NetSec Requirements - Voting Period
Tobias S. Josefowitz
tobij at opera.com
Wed Oct 2 12:32:20 MST 2019
Opera votes YES on Ballot SC 21.
On Thu, 26 Sep 2019, Ben Wilson via Servercert-wg wrote:
> DELETE SUBSECTIONS e. and f. of SECTION 3 OF THE NETWORK AND CERTIFICATE
> SYSTEM SECURITY REQUIREMENTS
>
> AND
>
> INSERT THE FOLLOWING IN SECTION 3:
>
> e. Monitor the integrity of the logging processes for application and
> system logs through continuous automated monitoring and alerting or through
> a human review to ensure that logging and log-integrity functions are
> effective. Alternatively, if a human review is utilized and the system is
> online, the process must be performed at least once every 31 days.
>
> f. Monitor the archival and retention of logs to ensure that logs are
> retained for the appropriate amount of time in accordance with the disclosed
> business practices and applicable legislation.
>
> g. If continuous automated monitoring and alerting is utilized to
> satisfy sections 1.h. or 3.e. of these Requirements, respond to the alert
> and initiate a plan of action within at most twenty-four (24) hours.
>
> *- BALLOT ENDS -*
More information about the Servercert-wg
mailing list