Performance Audit Standards For
Approval Of Certification Authorities

July 28, 2009

The Secretary of State (in the capacity of Policy Authority) has added an audit type to the Certification Authority audit requirements. The ETSI audit type listed below may now now be subsituted for the WebTrust Audit requirement for CA's.

Acceptable Certificate Authority Audit Types:

• WebTrust for Certificate Authorities v1.0 or later, completed by a licensed WebTrust for CAs auditor,
• ETSI TS 102 042 V1.1.1 or later

Please direct any comments or issues to the policy authority.