Changes

Jump to: navigation, search

CA/Responding To An Incident

230 bytes added, 03:36, 20 April 2022
Incident Report: Edited section on multiple incident reports
Each incident should result in an incident report, written as soon as the problem is fully diagnosed and (temporary or permanent) measures have been put in place to make sure it will not re-occur. If the permanent fix is going to take significant time to implement, you should not wait until this is done before issuing the report. We expect to see incident reports as soon as possible, and certainly within two weeks of the initial issue report. While remediation work may still be ongoing, a satisfactory incident report will serve to resolve the issue from a Mozilla perspective.
CAs There should be a single incident report for each distinct matter, and CA operators should submit an additional, separate incident report when:* Mozilla policy requires that the CA revoke one or more certificates by a certain deadline, such as those in BR section 4.9, but that deadline is will not be or has not been met by the CA.
* In the process of researching one incident, another incident with a distinct root cause and/or remediation is discovered.
* An audit report or conformity assessment contains more than one qualification, major non-conformity, or other adverse finding.
* After an incident bug is marked resolved, the incident reoccurs.
Confirm
402
edits

Navigation menu