Accredited Conformity Assessment Bodies' Council
Accredited Conformity Assessment Bodies'                                         Council

Downloads

The ACAB'c provides support for the community with regard to interpetation of standards and their use throughout audit and certification. Overall goal is the harmonized use and interpretation of requirements.

 

Audit Attestation Letter templates (ALL)

These AAL templates consider the CA/B Forum as well as the browser requirements on audit attestation letters following an ETSI audit for a CA/TSP. The template is crosschecked by the colleagues of the Mozilla Root Store programme for browser compliance. It will be amended and updated asap on any changes at CA/B Forum or Root Store level.


Release note (Sept. 2023): the AAL follow a Root-CA policy based structure now!  

 

Those are the new set of templates for the audit attestation letter. A completely new concept is introduced. With this new concept, a set of different attestations letters is now required for each audit attestation:

  • Standard Audit Attestation Letter

This is the same attestation that was issued all the time. It must list all PTC Roots and all corresponding SubCA’s (Intermediate & Issuing CAs) that have been in the scope of the conformity assessment.

 

  • SMIME-BR Audit Attestation Letter

This must include those (and only those!) PTC Roots and only the corresponding SubCAs to the Roots (Intermediate & Issuing CAs) that have been assessed against the SMIME BRs (=> ETSI TS 119 411-6)

  • TLS-BR Audit Attestation Letter

This must include those (and only those!) PTC Roots and only the corresponding SubCAs to the Roots  (Intermediate & Issuing CAs) that have been assessed against the TLS BRs (ETSI policies DVCP, IVCP, OVCP, QNCP-w)

  • TSL-EV Audit Attestation Letter

This must include those (and only those!) PTC Roots and only the corresponding SubCAs to the Roots  (Intermediate & Issuing CAs) that have been assessed against the TLS EV Guidelines (=> ETSI policies EVCP, QEVCP-w)

  • Code Signing-BR Audit Attestation Letter

This must include those (and only those!) PTC Roots and only the corresponding SubCAs to the Roots (Intermediate & Issuing CAs) that have been assessed against the Code Signing BRs (=> ETSI policies NCP, NCP).

 

Root Store Operators suggested to switch to this new reporting as soon as possible. All attestations issued after September 1st, 2023 shall follow the new concept.

 

Full set of Audit Attestation Letter (AAL) templates V3.2 mandatory to be used to summarize audit results following the CA/Browser Forum and Browser Root Store Policy requirements.
Template to be used by non ACAB'c member in MS Word format.
CAB-Forum_AAL_Template_E_V3.2.zip
Fichier compressé au format ZIP [479.8 KB]

Contact

ACAB'c
72, Boulevard Edgar Quinet

Paris 75014 - France

E-Mail:

secretary (at) acab-c.org

members (at) acab-c.org

chair (at) acab-c.org

Want to join ACAB'c ?

Just send us an email to receive terms and conditions to join in!