CA/Browser Forum – Guidelines

After the Diginotar CA incident in 2011, the CA/Browser Forum recognized that minimum requirements around Network Security needed to be consistent for all Certificate Authorities which issue publicly trusted certificates. Hence the Network Security Guidelines document was prepared, reviewed and approved by the CA/Browser Forum. The WebTrust and ETSI audit standards are being updated to include these Network Security controls. Once this is completed, all Certificate Authorities with roots in browsers will be audited against these guidelines.

Certificate Authorities are constantly reviewing their own network security to insure they are vigilant against threats. This includes not only their own infrastructure but that of delegated third parties. Members of the CA Security Council share information about threats that may be common, such as specific attacks against CA’s and revocation infrastructures. The Network Security guidelines will continue to be enhanced as part of the work of the CA/Browser Forum. Members of the CA Security Council are also members of the CA/Browser Forum and as such are active in the enhancement of this document.