Downloads

The ACAB'c provides support for the community with regard to interpretation of standards and their use throughout audit and certification. Overall goal is the harmonized use and interpretation of requirements.

Audit Attestation Letter templates (AAL )

These AAL templates consider the CA/B Forum as well as the browser requirements on audit attestation letters following an ETSI audit for a CA/TSP. The template is crosschecked by the colleagues of the Mozilla Root Store program for browser compliance. It will be amended and updated asap on any changes at CA/B Forum or Root Store level.

Note:

To identify all of a CA Owner's SHA256 thumbprints that should be included in a specific AAL, it is recommended that you download a copy of the “All Certificate Information (root and intermediate) in CCADB ( CSV )” file from  ccadb.org/resources  and apply a filter for the “CA Owner” and “[TLS/TLS EVG/S-MIME/Code Signing] Capable” columns. (eg, if you want to identify all thumbprints that should be included in a TLS-BR AAL you can filter first by the “CA Owner” column and then by the “TLS Capable” column where the value is TRUE.)"

Release note (Jan. 2025): Key- and Certificate-Ceremony AAL added!  

Those are the new set of templates for the audit attestation letter. A completely new concept is introduced. With this new concept, a set of different attestation letters is now required for each audit attestation :

• Standard Audit Attestation Letter

This is the same attestation that was issued all the time. It must list all PTC Roots and all corresponding SubCA's (Intermediate & Issuing CAs) that have been within the scope of the conformity assessment.

• SMIME-BR Audit Attestation Letter

This must include those (and only those!) PTC Roots and only the corresponding SubCAs to the Roots (Intermediate & Issuing CAs) that have been assessed against the SMIME BRs (=> ETSI TS 119 411-6)

• TLS-BR Audit Attestation Letter

This must include those (and only those!) PTC Roots and only the corresponding SubCAs to the Roots (Intermediate & Issuing CAs) that have been assessed against the TLS BRs (ETSI policies DVCP, IVCP, OVCP, QNCP-w)

• TLS-EV Audit Attestation Letter

This must include those (and only those!) PTC Roots and only the corresponding SubCAs to the Roots (Intermediate & Issuing CAs) that have been assessed against the TLS EV Guidelines (=> ETSI policies EVCP, QEVCP-w)

• Code Signing-BR Audit Attestation Letter

This must include those (and only those!) PTC Roots and only the corresponding SubCAs to the Roots (Intermediate & Issuing CAs) that have been assessed against the Code Signing BRs (=> ETSI policies NCP, NCP).

Special AAL templates:

• Key- and Certificate-Ceremony  Audit Attestation Letter

To be employed in any cases of key- and certificate-ceremonies attended and witnessed by the auditor.