Example: Audit submission (filled)
Title: [Audit] Contoso CA - Audit submission - 2025-12-22
Summary
- Annual WebTrust audit update for Contoso Root CA (SHA256: ABCDEF...)
Affected sections / files
Requirements.md: Section 4.1 (Audit Requirements)
Audit type
Attestation wording (required)
- "This change updates the Audit Requirements in Section 4.1 to require explicit WebTrust attestations for server authentication EKUs. Rationale: aligns with EN 319 411-2 updates. Reference: https://aka.ms/auditreqs."
Attachments / Public URLs
CCADB actions required
- Upload attestation to CCADB under Contoso CA entry; add SHA256 thumbprint and date. Owner: Contoso PKI team ([email protected]).
Auditor contact
Changelog entry (proposed)
| 1.1 | 2025-12-22 | Updated Audit Requirements in Section 4.1 to require WebTrust attestation for server authentication EKU |
Timelines
- Auditor confirmation: 2025-12-24
- CCADB upload: 2025-12-26
- Program sign-off requested: 2026-01-02
Related PR / Issue
- PR: #123 (link once PR is created)
Checklist
This is a sample to illustrate required fields; do not upload private documents to the repo.
Example: Audit submission (filled)
Title: [Audit] Contoso CA - Audit submission - 2025-12-22
Summary
Affected sections / files
Requirements.md: Section 4.1 (Audit Requirements)Audit type
Attestation wording (required)
Attachments / Public URLs
CCADB actions required
Auditor contact
Changelog entry (proposed)
| 1.1 | 2025-12-22 | Updated Audit Requirements in Section 4.1 to require WebTrust attestation for server authentication EKU |
Timelines
Related PR / Issue
Checklist
[email protected]) is requested for sign-offThis is a sample to illustrate required fields; do not upload private documents to the repo.