CA/Browser Forum
Home » Working Groups » NetSec WG

Network Security Working Group


In January 2013 the CA/Browser Forum’s “Network and Certificate System Security Requirements” (NCSSRs) became effective. In June 2017, the Forum chartered a Network Security Working Group to re-work the NCSSRs. That charter expired on June 19, 2018, and in October 2018, the Server Certificate Working Group (SCWG) established a Network Security Subcommittee (NetSec Subcommittee) to continue work on the NCSSRs. Since then, the Network Security Working Group (NetSec WG) has replaced the NetSec Subcommittee. The NetSec WG was created in December 2021 by Ballot Forum-17. Existing members of the CA/Browser Forum are eligible to participate in the NetSec WG.

Scope of Work

The NetSec WG was chartered to continue work on the NCSSRs, and to conduct any and all business related to improving the security of Certification Authorities. The NetSec WG makes security-related recommendations to other Forum WGs for requirements or guidelines that are within their purview, i.e. the Baseline Requirements/Extended Validation Guidelines of the Server Certificate WG, the Baseline Requirements for Code Signing Certificates of the Code Signing Certificate Working Group or guidelines adopted by the S/MIME Certificate Working Group.

The primary deliverable of the NetSec WG is the NCSSRs. Other work includes performing risk analyses, security analyses, and other types of reviews of threats and vulnerabilities applicable to CA operations involved in the issuance and maintenance of publicly trusted certificates (e.g. server certificates, code signing certificates, or SMIME certificates).


Charter of the Network Security Working Group


Chair: Clint Wilson (Apple)

Vice Chair: David Kluge (Google Trust Services)


Network Security Working Group Ballots


The CA/Browser Forum welcomes existing members with an interest in system security to join the NetSec WG. There is no cost to join. Existing CABF Members should provide their declaration of intent to participate in the NetSec WG and the following information by email to

  • statement of the Voting Class by which they qualify;
  • names/email addresses of their designated representatives who will participate; and
  • names/email addresses of their designated representatives who will vote.

Mailing List

The NetSec WG provides a public mailing list. See

To subscribe, see:


Root Certificate Issuer

  • Asseco Data Systems SA (Certum)
  • Buypass AS
  • Chunghwa Telecom
  • Comsign
  • eMudhra
  • Entrust
  • TrustAsia
  • GDCA
  • GlobalSign
  • GoDaddy
  • Kamu SM
  • Let's Encrypt
  • OISTE Foundation
  • OATI
  • Sectigo
  • SwissSign
  • Telia Company
  • TrustCor Systems
  • TWCA
  • IdenTrust
  • Disig
  • Fastly
  • DigiCert
  • Visa
  • Amazon
  • VikingCloud

Certificate Consumer

  • Apple
  • Google
  • Microsoft
  • Mozilla
  • Opera Software AS

Associate Member

  • Keyfactor
  • CPA Canada/WebTrust
  • ETSI
  • US Federal PKI Management Authority

Interested Party

    Latest releases
    Code Signing Requirements
    v3.7 - Mar 4, 2024

    S/MIME Requirements
    v1.0.5 - Ballot SMC07 - Jul 15, 2024

    Ballot SMC07: Align Logging Requirement and Key Escrow clarification

    Network and Certificate System Security Requirements
    v2.0 - Ballot NS-003 - Jun 26, 2024

    Ballot NS-003: Restructure the NCSSRs in

    Edit this page
    The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).