Accredited Conformity Assessment Bodies' Council
Accredited Conformity Assessment Bodies'                                         Council

Downloads

The ACAB'c provides support for the community with regard to interpretation of standards and their use throughout audit and certification. Overall goal is the harmonized use and interpretation of requirements.

 

Audit Attestation Letter templates (ALL)

These AAL templates consider the CA/B Forum as well as the browser requirements on audit attestation letters following an ETSI audit for a CA/TSP. The template is crosschecked by the colleagues of the Mozilla Root Store program for browser compliance. It will be amended and updated asap on any changes at CA/B Forum or Root Store level.

 

Note:

To identify all of a CA Owner’s SHA256 thumbprints that should be included in a specific AAL, it is recommended that you download a copy of the “All Certificate Information (root and intermediate) in CCADB (CSV)” file from ccadb.org/resources and apply a filter for the “CA Owner” and “[TLS/TLS EVG/S-MIME/Code Signing] Capable” columns. (e.g., if you want to identify all thumbprints that should be included in a TLS-BR AAL you can filter first by the “CA Owner” column and then by the “TLS Capable” column where the value is TRUE.)"


Release note (Oct. 2024):  Reference to CA/B Forum Network Security Requirments added!  

 

Those are the new set of templates for the audit attestation letter. A completely new concept is introduced. With this new concept, a set of different attestation letters is now required for each audit attestation :

  • Standard Audit Attestation Letter

This is the same attestation that was issued all the time. It must list all PTC Roots and all corresponding SubCA's (Intermediate & Issuing CAs) that have been within the scope of the conformity assessment.

 

  • SMIME-BR Audit Attestation Letter

This must include those (and only those!) PTC Roots and only the corresponding SubCAs to the Roots (Intermediate & Issuing CAs) that have been assessed against the SMIME BRs (=> ETSI TS 119 411-6)

  • TLS-BR Audit Attestation Letter

This must include those (and only those!) PTC Roots and only the corresponding SubCAs to the Roots (Intermediate & Issuing CAs) that have been assessed against the TLS BRs (ETSI policies DVCP, IVCP, OVCP, QNCP-w)

  • TSL-EV Audit Attestation Letter

This must include those (and only those!) PTC Roots and only the corresponding SubCAs to the Roots (Intermediate & Issuing CAs) that have been assessed against the TLS EV Guidelines (=> ETSI policies EVCP, QEVCP-w)

  • Code Signing-BR Audit Attestation Letter

This must include those (and only those!) PTC Roots and only the corresponding SubCAs to the Roots (Intermediate & Issuing CAs) that have been assessed against the Code Signing BRs (=> ETSI policies NCP, NCP).

 

Root Store Operators suggested to switch to this new reporting as soon as possible. All attestations issued after September 1st, 2023 shall follow the new concept.

 

Full set of Audit Attestation Letter (AAL) templates V3.3 mandatory to be used to summarize audit results following the CA/Browser Forum and Browser Root Store Policy requirements.
Template in MS-Word format.
20241008_AAL_Templates.zip
Fichier compressé au format ZIP [486.7 KB]

Contact

ACAB'c
18 rue Balard

75015 PARIS 15

FRANCE

 

E-mail:

secretary (at) acab-c.org

members (at) acab-c.org

chair (at) acab-c.org

Want to join ACAB'c ?

Just send us an email to receive terms and conditions to join in!