Dear Kathleen, We have been informed by ACCREDIA that the accreditation pages have now been updated to include ETSI EN 319 403. This removes any ambiguity.
URLs remain the same; for example, QMSCERT's accreditation: https://services.accredia.it/ppsearch/accredia_orgmask.jsp?ID_LINK=1733&area=310&PPSEARCH_ORG_SEARCH_MASK_ORG=3761&PPSEARCH_ORG_SEARCH_MASK_SCHEMI=&PPSEARCH_ORG_SEARCH_MASK_SCHEMI_ALTRI=&PPSEARCH_ODC_SEARCH_MASK_SETTORE_ACCR=&PPSEARCH_ORG_SEARCH_MASK_CITTA=&PPSEARCH_ORG_SEARCH_MASK_PROVINCIA=&PPSEARCH_ORG_SEARCH_MASK_REGIONE=&PPSEARCH_ORG_SEARCH_MASK_STATO=&orgtype=all&PPSEARCH_ORG_SEARCH_MASK_SCOPO=&PPSEARCH_ORG_SEARCH_MASK_PDFACCREDITAMENTO=&submitBtn=Cerca >From a quick check, this applies for the other ACCREDIA CABs as well. In addition to the above fix, the new accreditation documents will include similar explicit references. Best regards, Nikolaos Soumelidis -----Original Message----- From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> On Behalf Of Kathleen Wilson via dev-security-policy Sent: Tuesday, September 1, 2020 9:47 PM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Verifying Auditor Qualifications On 8/31/20 11:07 AM, Kathleen Wilson wrote: > On 8/28/20 3:59 PM, Kathleen Wilson wrote: >> On 8/26/20 1:41 PM, Kathleen Wilson wrote: >>> The 5 CABs that I haven't been able to complete the Standard Check >>> for are: >>> >>> - Bureau Veritas Italia S.p.A. - NAB is Accredia >>> - CSQA - NAB is Accredia >>> - KIWA - NAB is Accredia >>> - QMSCERT - NAB is Accredia >>> - QSCert - NAB is CAI >>> >> >> Update: I received email from Accredia declaring the ETSI EN >> standards that the KIWA CAB is accredited for. I think it is >> reasonable to accept that for this auditor's re-verification. And I >> have asked that KIWA request Accredia to provide this information >> directly on their website for future reference. > > > Updates: > > 1) I received email from Accredia declaring the ETSI EN standards that > the QMSCERT CAB is accredited for, and I will accept that for now. > > 2) The email from Accredia also said "We are working to provide this > information directly on our website for future references." > > 3) > https://ec.europa.eu/futurium/en/content/list-conformity-assessment-bo > dies-cabs-accredited-against-requirements-eidas-regulation > was updated to provide the updated > list_of_eidas_accredited_cabs-2020-08-28.pdf > > Note: The > https://ec.europa.eu/futurium/en/content/list-conformity-assessment-bo > dies-cabs-accredited-against-requirements-eidas-regulation > site says: > "Please note that the list is an informative tool." > So, the list_of_eidas_accredited_cabs-2020-08-28.pdf is not in itself > sufficient proof of a CAB's qualifications. It is very helpful in > making it easy to find the NAB and CAB accreditation information, but > we must still check the NAB and CAB accreditation information and make > sure the CAB accreditation document lists the ETSI EN 319 403, ETSI EN > 319 401, ETSI EN 319 411-1, and ETSI EN 319 411-2 standards as per > https://wiki.mozilla.org/CA/Audit_Statements#Standard_Check > > Thanks to all of you who have been helping with this! > > Kathleen Update: I received email from Accredia declaring the ETSI EN standards that the Bureau Veritas Italia S.p.A. and CSQA CABs are accredited for, and I will accept those for now. So the remaining CAB that I still need to verify is QSCert, and I filed the following bug for it: https://bugzilla.mozilla.org/show_bug.cgi?id=1662533 Thanks, Kathleen _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
