Closed Bug 1662533 Opened 4 years ago Closed 4 years ago

QSCert: Insufficient Evidence of Auditor Qualifications.

Categories

(CA Program :: CA Certificate Compliance, task)

Product:
CA Program
Component:
CA Certificate Compliance
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: kathleen.a.wilson, Assigned: peter.miskovic)

Details

(Whiteboard: [auditor-compliance])

Attachments

(2 files)

1739-P-049_20170531_P_EN_QSCert.pdf
88.95 KB, application/pdf
Details
English translation - QSCert Accreditation
489.08 KB, application/pdf
Details

I have not been able to verify QSCert's qualifications per
https://wiki.mozilla.org/CA/Audit_Statements#Standard_Check

Note that QSCert is now accredited in the Slovak Republic by the Slovak National Accreditation Service (SNAS); previously it was accredited in the Czech Republic by CAI.

Here's QSCert's information in https://ec.europa.eu/futurium/en/system/files/ged/list_of_eidas_accredited_cabs-2020-08-28.pdf

NAB Name: SNAS (Slovak National Accreditation Service)
URL to body: www.snas.skContact
URL to eIDAS accreditation scheme: http://snas.sk/index.php?l=sk&p=20&ps=167

Name: QSCert, spol. s r.o.
URL to body: https://www.qscert.sk
Date of accreditation: 31.05.2017 (until 31.05.2022)
URL to accreditation certificate: 'sk'P-049https://ais.snas.sk/ais/?restartApplication#!WebReports/6/list.accredited.subject.search.byfield/AccreditedSubjectsByFields
QTSP/QTS type(s) for which accreditation is granted: All
Accreditation scheme: ISO/IEC 17065 + ETSI EN 319 403 (MSA-CP/05 SNAS)
URL to eIDAS conformity assessment scheme: http://ep.nbu.gov.sk/kca/tsl/CertifikacnaSchemaNBU.pdf
URL to CAB's Directory of assessed QTSP/QTS: https://www.qscert.sk/klienti/vydane-certifikaty.html?page_id=334

The CA (Disig) provided this link:
https://ais.snas.sk/ais/APP/connector/0/0/6746654d-3fd8-48d7-823c-adec353cb3ba/1739-P-049_20170531_P_EN_QSCert.pdf

But the link doesn't work for me, so the CA provided it as an email attachment. It lists eIDAS certification schemes and regulations, standards, like:
Certification scheme for eIDAS NBÚ SR
Regulation (EU) no. 910/2014:
Art. 5, art. 8, art. 11 sec. 3, art. 13, art. 15, art. 17 sec. 5, art. 19, art. 21, art. 22, art. 23, art. 24, art. 45 and Annex IV

But does not list ETSI EN 319 403, ETSI EN 319 401, ETSI EN 319 411-1, and ETSI EN 319 411-2.

So I do not believe there is sufficient information to confirm that this CAB is accredited according to https://wiki.mozilla.org/CA/Audit_Statements#Standard_Check

Assignee: bwilson → peter.miskovic

Hi Kathleen,

I contacted our CAB today and ask them to contact our NAB to solve the accreditation scope to be conform with the Mozilla policy requirement.
I will inform you as soon as I have the response from our CAB.
Regards,
Peter

Status: NEW → ASSIGNED

Hi Kathleen, Ben,

today we received a statement from the NAB - SNAS (Slovak National Accreditation Service) on the scope of accreditation of QSCert, s.r.o. Unfortunately, the statement is only in Slovak. We are going to make an official translation and we will send it to you as soon as we have it.

Regards
Peter

I've uploaded the English translation of the accreditation document for QSCert. I note that it does accredit QSCert for ETSI EN 319 403, ETSI EN 319 401, ETSI EN 319 4 11-1 and ETSI EN 3 19 411-2, so I think this bug can be closed.

I accept this accreditation document for this year.

Peter, please continue to work with the CAB and NAB so they will meet the requirements for when we re-verify the CAB qualifications next year per
https://wiki.mozilla.org/CA/Audit_Statements#Standard_Check

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: