All,
It recently came to my attention that I need to be more diligent in
verifying auditor qualifications. Therefore, we have added a field in
the CCADB called “Date Qualifications Verified” (on Auditor Location
objects), which will be used to remind root store operators to check
each auditor’s qualifications every year. This field can only be edited
by a root store operator, and we will enter this date whenever we
confirm that the auditor is still qualified to perform ETSI or WebTrust
audits.
Some of you may notice that your Audit Case or Root Inclusion Case has
the message: “Auditor Verification Date is blank”. This warning message
is intended to remind root store operators that we need to verify the
auditor's qualifications. In the future you may also notice a warning
message when the date in that field is over a year old, reminding us
root store operators to re-verify the auditor's qualifications.
I will greatly appreciate your input on the following new wiki page
section, especially in regards to verifying auditor qualifications.
https://wiki.mozilla.org/CA/Audit_Statements#Auditor_Qualifications
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
