WebTrust Releases New Audit Criteria for Extended Validation and Baseline Requirements

On April 3, 2014, the WebTrust® Task Force of the American Institute of CPAs (AICPA) and Chartered Professional Accountants Canada (CPA Canada) released three new audit criteria documents to the CA/Browser Forum and others for review and/or implementation. These documents are part of the WebTrust Program for Certification Authorities and are based on the CA/Browser Forum Guidelines.

The Trust Services Principles and Criteria for Certification Authorities – Extended Validation SSL – Version 1.4.5 is based on the Forum’s Guidelines for the Issuance and Management of Extended Validation SSL Certificates – Version 1.4.5 and is effective immediately (3 April 2014).

Trust Services Principles and Criteria for Certification Authorities – SSL Baseline with Network Security – Version 2.0 is based on the Forum’s Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates – Version 1.1.6 and its Network and Certificate Systems Security Requirements – Version 1.0. The exposure draft released today has a proposed effective date of 1 July 2014 (applicable to audit periods starting on or after 1 July 2014).

The Trust Services Principles and Criteria for Certification Authorities – Extended Validation Code Signing is based on the Forum’s Guidelines for the Issuance and Management of Extended Validation Code Signing Certificates – Version 1.1. The exposure draft released today has a proposed effective date of 1 July 2014 (applicable to audit periods starting on or after 1 July 2014).

All three of these documents are available in PDF, DOC and DOCX format at .