It is expected that CAs do the following on a regular basis:
* Maintain network security controls that at minimum meet the [https://www.cabforum.org/documents.html Network and Certificate System Security Requirements.]
* Check for mis-issuance of certificates, especially for high-profile domains.
* Review network infrastructure, monitoring, passwords, etc. for signs of intrusion or weakness.