Downloads
The ACAB'c provides support for the community with regard to interpretation of standards and their use throughout audit and certification. Overall goal is the harmonized use and interpretation of requirements.
Audit Attestation Letter templates (ALL)
These AAL templates consider the CA/B Forum as well as the browser requirements on audit attestation letters following an ETSI audit for a CA/TSP. The template is crosschecked by the colleagues of the Mozilla Root Store program for browser compliance. It will be amended and updated asap on any changes at CA/B Forum or Root Store level.
Note:
To identify all of a CA Owner’s SHA256 thumbprints that should be included in a specific AAL, it is recommended that you download a copy of the “All Certificate Information (root and intermediate) in CCADB (CSV)” file from ccadb.org/resources and apply a filter for the “CA Owner” and “[TLS/TLS EVG/S-MIME/Code Signing] Capable” columns. (e.g., if you want to identify all thumbprints that should be included in a TLS-BR AAL you can filter first by the “CA Owner” column and then by the “TLS Capable” column where the value is TRUE.)"
Release note (Oct.
2024): Reference to CA/B Forum Network Security Requirments added!
Those are the new set of templates for the audit attestation letter. A completely new concept is introduced. With this new concept, a set of different attestation letters is now required for each audit attestation :
This is the same attestation that was issued all the time. It must list all PTC Roots and all corresponding SubCA's (Intermediate & Issuing CAs) that have been within the scope of the conformity assessment.
This must include those (and only those!) PTC Roots and only the corresponding SubCAs to the Roots (Intermediate & Issuing CAs) that have been assessed against the SMIME BRs (=> ETSI TS 119 411-6)
This must include those (and only those!) PTC Roots and only the corresponding SubCAs to the Roots (Intermediate & Issuing CAs) that have been assessed against the TLS BRs (ETSI policies DVCP, IVCP, OVCP, QNCP-w)
This must include those (and only those!) PTC Roots and only the corresponding SubCAs to the Roots (Intermediate & Issuing CAs) that have been assessed against the TLS EV Guidelines (=> ETSI policies EVCP, QEVCP-w)
This must include those (and only those!) PTC Roots and only the corresponding SubCAs to the Roots (Intermediate & Issuing CAs) that have been assessed against the Code Signing BRs (=> ETSI policies NCP, NCP).
Root Store Operators suggested to switch to this new reporting as soon as possible. All attestations issued after September 1st, 2023 shall follow the new concept.