cabforum/netsec

Issues

• Update Section 4.5 to cover identification of vulnerabilities

  #37 opened 7 months ago by clintwilson
  0

• Consistent date formatting

  #36 opened 9 months ago by srdavidson
  0

• Clarify scope between physical and logical access

  #31 opened 9 months ago by dja852
  3

• Revise 2.g-k. authentication

  #16 opened 9 months ago by BenWilson-Mozilla
  2

• Replace "Zones" with more specific terminology

  #17 opened 9 months ago by BenWilson-Mozilla
  2

• Adopt a High-Level Statement of Objectives

  #15 opened 9 months ago by BenWilson-Mozilla
  3

• Document structure

  #26 opened 9 months ago by vanbroup
  3

• Define "Workstation"

  #7 opened 9 months ago by BenWilson-Mozilla
  1

• NetSec: Clarify software enforcing bridging is insufficient for network segmentation

  #24 opened 9 months ago by tomrittervg
  3

• NetSec: Improve multi-party authentication option

  #25 opened 9 months ago by tomrittervg
  1

• NCSSRs: Replace "Zones" Concept

  #27 opened 9 months ago by BenWilson-Mozilla
  1

• NCSSRs: Offline CAs should have different requirements

  #28 opened 4 years ago by benwilsonusa
  1

• Define "air-gapped" and "offline"

  #4 opened 3 years ago by BenWilson-Mozilla
  4

• NCSSRs should address software development vulnerabilities and processes

  #12 opened 3 years ago by BenWilson-Mozilla
  0

• NCSSRs should address wireless security vulnerabilities

  #13 opened 3 years ago by BenWilson-Mozilla
  1

• Add requirement that private keys corresponding to publicly trusted CAs shall be physically secured

  #19 opened 3 years ago by BenWilson-Mozilla
  0

• Keys used to sign OCSP responses must be protected in HSMs

  #22 opened 3 years ago by BenWilson-Mozilla
  2

• Remove or modify defined term "Security Support System"

  #32 opened a year ago by clintwilson
  0

• Clarify the definitions of 'Certificate Management System' and 'Certificate Systems'

  #21 opened 3 years ago by pjain-fastly
  1

• Separate the requirements for offline/air-gapped CAs and online CAs

  #5 opened a year ago by BenWilson-Mozilla
  1

• Revise use of "Account"

  #6 opened 3 years ago by BenWilson-Mozilla
  2

• Clarify audit documentation required for system configurations

  #11 opened 3 years ago by BenWilson-Mozilla
  1

• Add requirement that CAs implement and maintain a Security Program

  #18 opened 3 years ago by BenWilson-Mozilla
  0

• Restrict the scope of the NCSSRs

  #14 opened 3 years ago by BenWilson-Mozilla
  0

• Provide guidance on penetration tests and vulnerability scans

  #9 opened 3 years ago by BenWilson-Mozilla
  0

• Clarify the 96-hour vulnerability remediation process

  #8 opened 3 years ago by BenWilson-Mozilla
  1

• Allow CAs to claim mitigating factors and compensating controls

  #10 opened 3 years ago by BenWilson-Mozilla
  2