[Servercert-wg] Ballot SC21: To Revise a Final Maintenance Guideline - the Network and Certificate Systems Security Requirements section 3

Adriano Santoni adriano.santoni at staff.aruba.it
Thu Oct 3 02:47:11 MST 2019


Actalis votes YES to Ballot SC21.

Il 19/09/2019 21:13, Ben Wilson via Servercert-wg ha scritto:
>
> Ballot SC21: To Revise a Final Maintenance Guideline - the Network and 
> Certificate Systems Security Requirements section 3.e. to allow for 
> continuous, automated monitoring; edit section 3.f. to improve 
> wording, and add section 3.g. to establish a response time for 
> automated alerts.
>
> Purpose of Ballot
>
> The Network and Certificate System Security Requirements committee is 
> proposing this ballot to revise the current requirements to better 
> allow for automation and continuous monitoring of systems. The goal of 
> this ballot is to remove manual efforts that can be less effective and 
> more resource-intensive than automated monitoring and alerting.
>
> This ballot also adds specific requirements in terms of the timeliness 
> for addressing alerting from automated monitoring and alerting to 
> ensure the implementation of automation does not increase the length 
> of time that a potential issue could go without being detected.
>
> It is proposed by Ben Wilson of DigiCert and endorsed by Trevoli 
> Ponds-White of Amazon and Fotis Loukos of SSL.com to revise the 
> Network and Certificate System Security Requirements (Requirements) as 
> set forth in the following language of Section 3 of the Requirements, 
> to be EFFECTIVE  ninety (90) days after completion of the IPR Review 
> Period:
>
> *— BALLOT BEGINS —*
>
> e.        Monitor the integrity of the logging processes for 
> application and system logs through continuous automated monitoring 
> and alerting or through a human review to ensure that logging and 
> log-integrity  functions are effective. Alternatively, if a human 
> review is utilized and the system is online, the process must be 
> performed at least once every 31 days.
>
> f.        Monitor the archival and retention of logs to ensure that 
> logs are retained for the appropriate amount of time in accordance 
> with the disclosed business practices and applicable legislation.
>
> g.        If continuous automated monitoring and alerting is utilized 
> to satisfy sections 1.h. or 3.e. of these Requirements, respond to the 
> alert and initiate a plan of action within at most twenty-four (24) hours.
>
> *— BALLOT ENDS —*
>
> The procedure for approval of this ballot is as follows:
>
> Discussion (7+ days)
>
> Start Time: 19:00 UTC, Thursday, September 19, 2019
>
> End Time: 19:00 UTC, Thursday, September 26, 2019
>
> Immediately following the conclusion of the discussion period, one of 
> the above proposers/endorsers will announce commencement of the 7-day 
> voting period and will re-post this ballot in accordance with Bylaw 
> 2.4.3.
>
> If this ballot passes, then an IPR Review Period will occur in 
> accordance with Bylaws 2.4.5 and 2.4.6.
>
> *** WARNING ***: USE THE PDF ATTACHMENT / GITHUB AT YOUR OWN RISK.  
> THE REDLINE VERSIONS PROVIDED ARE NOT THE OFFICIAL VERSION OF THE 
> CHANGES AND THE BALLOT VERSION ABOVE TAKES PRECEDENCE OVER SUCH 
> REDLINE VERSIONS IN ACCORDANCE WITH SECTION 2.4.1 OF THE FORUM BYLAWS:
>
> https://github.com/tobij/documents/blob/25169b17812645641b9843426eb0af41d8e96ec6/docs/NSR.md 
>
>
> https://github.com/tobij/documents/commit/25169b17812645641b9843426eb0af41d8e96ec6 
> (ONLY SHOWS MOST RECENT CHANGES MADE DURING COMMITTEE DISCUSSIONS, AND 
> NOT REDLINES FROM THE CURRENT VERSION – USE THE PDF FOR THOSE)
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191003/b0817e8f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4076 bytes
Desc: Firma crittografica S/MIME
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191003/b0817e8f/attachment-0001.p7s>


More information about the Servercert-wg mailing list