Open Bug 2008799 Opened 2 days ago Updated 2 days ago

Chunghwa Telecom: Findings in 2025 WebTrust Audit - GTLSCA Audit Incident Report #3 - Missing vulnerability scan

Tracking

(Not tracked)

Status:

ASSIGNED

People

(Reporter: tmkuo, Assigned: tmkuo)

Details

(Whiteboard: [ca-compliance] [audit-finding] )

Tsung-Min Kuo

Assignee

Description

•

2 days ago

Preliminary Incident Report

Summary

Incident description: During the audit period, the vulnerability scan was only performed in Q4 2024 .
Relevant policies: WebTrust for CA - Network Security V1.7 (Criterion 4.3)

The CA maintains controls to provide reasonable assurance that a Vulnerability Scan is performed on public and private IP addresses identified by the CA or Delegated Third Party as the CA's or Delegated Third Party's Certificate Systems based on the following:
• within one(1) week of receiving a request from the CA/Browser Forum;
• After any system or network changes that the CA determines are significant; and
• At least every three(3) months.

Source of incident disclosure: Audit

incident-reporting

Updated

•

2 days ago

Assignee: nobody → tmkuo

Status: UNCONFIRMED → ASSIGNED

Ever confirmed: true

Whiteboard: [ca-compliance] [audit-finding]

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Chunghwa Telecom: Findings in 2025 WebTrust Audit - GTLSCA Audit Incident Report #3 - Missing vulnerability scan

Categories

(CA Program :: CA Certificate Compliance, task)

Tracking

(Not tracked)

People

(Reporter: tmkuo, Assigned: tmkuo)

References

Details

(Whiteboard: [ca-compliance] [audit-finding] )

Crash Data

Security

(public)

User Story

Description

Preliminary Incident Report

Summary

Updated