CA/Browser Forum
Home » All CA/Browser Forum Posts » WebTrust Releases New Audit Criteria for Extended Validation and Baseline Requirements

WebTrust Releases New Audit Criteria for Extended Validation and Baseline Requirements

On April 3, 2014, the WebTrust® Task Force of the American Institute of CPAs (AICPA) and Chartered Professional Accountants Canada (CPA Canada) released three new audit criteria documents to the CA/Browser Forum and others for review and/or implementation. These documents are part of the WebTrust Program for Certification Authorities and are based on the CA/Browser Forum Guidelines.

The Trust Services Principles and Criteria for Certification Authorities – Extended Validation SSL – Version 1.4.5 is based on the Forum’s Guidelines for the Issuance and Management of Extended Validation SSL Certificates – Version 1.4.5 and is effective immediately (3 April 2014).

Trust Services Principles and Criteria for Certification Authorities – SSL Baseline with Network Security – Version 2.0 is based on the Forum’s Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates – Version 1.1.6 and its Network and Certificate Systems Security Requirements – Version 1.0. The exposure draft released today has a proposed effective date of 1 July 2014 (applicable to audit periods starting on or after 1 July 2014).

The Trust Services Principles and Criteria for Certification Authorities – Extended Validation Code Signing is based on the Forum’s Guidelines for the Issuance and Management of Extended Validation Code Signing Certificates – Version 1.1. The exposure draft released today has a proposed effective date of 1 July 2014 (applicable to audit periods starting on or after 1 July 2014).

All three of these documents are available in PDF, DOC and DOCX format at .

Latest releases
Server Certificate Requirements
SC-081v3: Introduce Schedule of Reducing Validity and Data Reuse Periods - May 21, 2025

BR v2.1.5

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.10 - Ballot SMC012 - Jul 2, 2025

Introduces a new method for validation of mailbox control, using ACME for S/MIME as defined in RFC 8823: Extensions to Automatic Certificate Management Environment for End-User S/MIME Certificates.

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Related posts
Tags
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).