Closed Bug 1837386 Opened 2 years ago Closed 2 years ago

ANF AC: 2023 Audit Report Finding

Categories

(CA Program :: CA Certificate Compliance, task)

Product:
CA Program
Component:
CA Certificate Compliance
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: yulier.nunez, Assigned: yulier.nunez)

Details

(Whiteboard: [ca-compliance] [audit-finding])

NC_I. The test activities about the provider replacement scenario (as specified in the BCP), didn't consider all possible extra time Verified Acta simulacro plan contingencias 03/18/2023 [Ref. OVR-6.4.8-05 of ETSI EN 319 411-1]

The audit team positively analyzed the disaster contingency plan at the main CPD and the replacement for the disaster CPD. However, when examining the evidence of the annual testing of the plan, they detected that the testing did not consider the time frames for the availability of disaster CPD personnel, necessary for access to the ANF AC rack, in the event of a holiday or outside of business working hours.

  1. How your CA first became aware of the problem and the time and date.

It is a finding identified in the eIDAS/ETSI audit carried out in March-April (21st to 7th) 2023.

  1. A timeline of the actions your CA took in response.

2023-05-04 17:32: The issue is registered in our Ticketing System
2023-05-16: Update of the contingency procedure for the scenarios that require using the DR site as primary CPD.

  1. Whether your CA has stopped, or has not yet stopped, certificate issuance or the process giving rise to the problem or incident.

It does not apply.

  1. In a case involving certificates, a summary of the problematic certificates. In other incidents that do not involve enumerating the affected certificates (e.g., OCSP failures, delayed responses, etc.), please provide other similar statistics, aggregates, and a summary for each type of problem identified. This will help measure the severity of each problem.

It does not apply.

  1. In a case involving TLS server certificates, the complete certificate data for the problematic certificates.

It does not apply.

  1. When the incident being reported involves an SMIME certificate, if disclosure of personally identifiable information in the certificate may be contrary to applicable law, please provide at least the certificate serial number and SHA256 hash of the certificate. In other cases not involving a review of affected certificates, please provide other similar, relevant specifics, if any.

It does not apply.

  1. Explanation about how and why the mistakes were made or bugs introduced, and how they avoided detection until now.

ANF AC carries out an annual simulation of the contingency plan in the event of a disaster. In the event of a disaster in the main CPD, it is necessary to activate the alternative CPD, which is passive, and a physical visit from ANF AC's trusted role personnel (2 people) would be required to put it into operation (load the keys in the HSM) and initiate service restoration tasks.

In addition to ANF AC personnel, the accompaniment of CPD personnel is required to enter the Housing room and open the rack.

The procedure to access the alternative CPD is as follows. A trusted role of ANF AC contacts customer service, either by email or by phone, and provides the list of personnel who will access the CPD, date, time of entry and estimated time of stay. The customer service contacts the operational officer who is on duty at the CPD, providing him with the list of names of ANF AC personnel who will access the CPD. Once the ANF AC staff arrives at the CPD, the operational officer accompanies the staff to the rack where the ANF AC servers are located.

This procedure has been tested on several occasions during working hours and allows the times set out in the continuity plan to be met.

The execution of the audit carried out in 2023 was close to a period of national holidays, which led the auditors to inquire about the availability of the operational officer directly at the workplace (the CPD) during non-working hours, this is, overnight, weekends and holidays.

It was possible to verify that the operational officer is available 24 hours a day, but not in person at the CPD during non-working hours. This means that if an incident occurs, the customer service contacts the operational officer, so that he travels from his place of residence to the CPD, incurring additional travel time that had not been contemplated. Initial and consequently has not been tested.

The travel time of the operational officer to the CPD during non-working hours is not long, although it depends on several factors (distance from the CPD, traffic, etc.), but it can mean a difference of 1-2 hours compared to during working hours.

  1. List of steps your CA is taking to resolve the situation and ensure that such a situation or incident will not be repeated in the future.

The contingency procedure in the event of a disaster in the main CPD was updated on 2023-05-16, taking into account the additional hours that could be incurred in case the disaster occurred during a holiday and non-working period to obtain a time frame more adjusted to reality.

Assignee: nobody → yulier.nunez
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Whiteboard: [ca-compliance] [audit-finding]

Are there any action items remaining to be performed? If not, can this bug be closed?

Flags: needinfo?(yulier.nunez)

This bug can be closed under our consideration, unless there is any matter that needs further clarification. Thank you.

Flags: needinfo?(yulier.nunez)

I will close this on Wed. 11-Oct-2023.

Flags: needinfo?(bwilson)
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Flags: needinfo?(bwilson)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.