PKI Consortium blog
Posts by tag CICA
CAs Support Standards and Regulations
May 10, 2013 by Bruce Morton (Entrust) CA/Browser Forum CASC CICA ETSI EV SSL/TLS WebTrust
There is an industry myth that certification authorities (CAs) are not regulated. In fact publicly-trusted SSL CAs support the development of industry regulations and have been audited annually to ensure compliance to the many requirements. To provide some history, SSL CAs have always self-policed themselves by having external audits performed. In the ‘90s, the CAs wrote certificate policies and certification practice statements requiring annual compliance audits. Since there were no CA audit criteria, the CAs contracted for SAS 70 audits.