Ballot SC21: proposal for log integrity control has been approved

By majority vote, the CA/B Forum (the SSL regulator) accepted Ballot SC21, a proposal to improve log integrity control. The main goal of the proposal is to finalise the Network and Certificate System Security Requirements document, which was approved on 3 August 2012, with implementation beginning on 1 January 2013.

In particular, experts suggested improving automation and continuous monitoring of systems networks and certificates. In most cases, manual actions are less efficient and more resource intensive than automatic monitoring.

The Ballot SC21 proposal also introduces special requirements for the timely resolving of notifications received from automatic monitoring systems. This ensures that automation does not lead to a potential problem that remains undisclosed.

The new provisions, which were introduced in section 3 of Network and Certificate System Security Requirements:

• 3.e. Monitoring the integrity of maintained system logs and application logs is carried out through continuous monitoring and notifications, or using manual analysis to ensure the effectiveness of logging and the correct operation of the functions for monitoring the integrity of logs. If manual verification is used and the system is connected to the web, the process should be performed at least once every 31 days.
• 3.f. Monitoring of archiving and storage of logs to ensure that all logs are stored for a sufficient period of time in accordance with existing business practices and legal regulations.
• 3.g. If continuous automatic monitoring and alerts are used for the purposes of sections 1.h or 3.e of these Requirements (https://cabforum.org/wp-content/uploads/CABForum-Network-Security-Controls-1.2.pdf), you must respond to alert and develop an action plan for a maximum of 24 hours.

Subscribe to our newsletter to keep up to date with the latest news from the world of SSL and online security.