Home » Working Groups » Server Certificate Working Group » Network Security Subcommittee

Network Security Subcommittee

Charter of the Network Security Subcommittee of the Server Certificate Working Group

The Server Certificate Working Group hereby establishes the Network Security Subcommittee as an official Subcommittee.

1. Mission: To improve security policies and practices for Certificate Management Systems encoded in the guidelines maintained by the SCWG.

  1. End Date: This Subcommittee shall continue until it is dissolved by a vote of the SCWG
  2. Deliverables: The Network Security Subcommittee shall propose ballots to the SCWG to improve the minimal security standards within the mission defined above This includes modifying the existing Network and Certificate System Security Requirements (NCSSR) or to create new requirements, guidelines, or best practices. Among other activities, the Network Security Subcommittee shall perform security analysis on typical CA Management Systems offering options to the Server Certificate Working Group for establishing minimal security standards. Risk analysis will also be used to provide a better understanding of threats and vulnerabilities in Certificate Management Systems. This process can be used to provide better reasoning and justification of existing or future security guidelines.
  3. Participation: Any member of the SCWG is eligible and may declare their participation in the Network Security Subcommittee by requesting to be added to the mailing list.
  4. Chair: Ben Wilson shall be the initial Chair of the Network Security Subcommittee.  The Subcommittee may change its Chair from time to time by consensus of the Members participating in the Subcommittee or by voting method chosen by the Members by consensus.
  5. Communication: Subcommittee communications and documents shall be posted on mailing-lists where the mail-archives are publicly accessible, and the Subcommittee shall publish minutes of its meetings.
  6. Effect of SCWG Charter or Forum Bylaws Amendment for Subcommittees: In the event the SCWG Charter or the Forum Bylaws is amended to add general rules governing Chartered Working Group Subcommittees and how they operate (“General Rules”), the provisions of the General Rules shall take precedence over this charter.

Network and Certificate System Security Requirements

On 3 August 2012 the CA/Browser Forum adopted the original Network and Certificate System Security Requirements with an effective date of 1 January 2013.  Since then, the Network Security Requirements have outlined best practices for the general protection of CA networks and supporting systems, including those touching on trusted roles, delegated third parties, system accounts, logging, monitoring, alerting, vulnerability detection and patch management within a CA’s infrastructure.

Current Version

CABForum_Network_Security_Controls_v.1.2 (adopted with Ballot SC3)

CABForum_Network_Security_Controls_v.1.2-redlined

Past Versions

CABForum_Network_Security_Controls_v.1.1 corrected (adopted with Ballot 210)

CABForum_Network_Security_Controls_v.1.1 corrected-redlined

Network_Security_Controls_V1 (adopted with Ballot 83)