Downloads

The ACAB'c provides support for the community with regard to interpetation of standards and their use throughout audit and certification. Overall goal is the harmonized use and interpretation of requirements.

Audit Attestation Letter templates (ALL)

These AAL templates consider the CA/B Forum as well as the browser requirements on audit attestation letters following an ETSI audit for a CA/TSP. The template is crosschecked by the colleagues of the Mozilla Root Store programme for browser compliance. It will be amended and updated asap on any changes at CA/B Forum or Root Store level.

Release note (Sept. 2023): the AAL follow a Root-CA policy based structure now!  

Those are the new set of templates for the audit attestation letter. A completely new concept is introduced. With this new concept, a set of different attestations letters is now required for each audit attestation:

• Standard Audit Attestation Letter

This is the same attestation that was issued all the time. It must list all PTC Roots and all corresponding SubCA’s (Intermediate & Issuing CAs) that have been in the scope of the conformity assessment.

• SMIME-BR Audit Attestation Letter

This must include those (and only those!) PTC Roots and only the corresponding SubCAs to the Roots (Intermediate & Issuing CAs) that have been assessed against the SMIME BRs (=> ETSI TS 119 411-6)

• TLS-BR Audit Attestation Letter

This must include those (and only those!) PTC Roots and only the corresponding SubCAs to the Roots  (Intermediate & Issuing CAs) that have been assessed against the TLS BRs (ETSI policies DVCP, IVCP, OVCP, QNCP-w)

• TSL-EV Audit Attestation Letter

This must include those (and only those!) PTC Roots and only the corresponding SubCAs to the Roots  (Intermediate & Issuing CAs) that have been assessed against the TLS EV Guidelines (=> ETSI policies EVCP, QEVCP-w)

• Code Signing-BR Audit Attestation Letter

This must include those (and only those!) PTC Roots and only the corresponding SubCAs to the Roots (Intermediate & Issuing CAs) that have been assessed against the Code Signing BRs (=> ETSI policies NCP, NCP).

Root Store Operators suggested to switch to this new reporting as soon as possible. All attestations issued after September 1st, 2023 shall follow the new concept.