Certification authority users require assurance that their provider consistently meets high standards for security. WISeKey maintains an array of independent audits and accreditations pertinent to the jurisdictions and industries of our multinational clients, including certification as a Qualified CSP under ETSI standards.
WebTrust for CAs is the dominant commercial standard to assess the adequacy and effectiveness of controls deployed by a Certification Authority. Developed and managed jointly by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA), WebTrust for CAs requires an annual audit.
WebTrust for Extended Validation is used to assess a CA’s controls against the CA/B Forum “Guidelines for the Issuance and Management of EV Certificates.” Only suitably accredited CAs may issue EV SSL. WebTrust for EV requires an annual audit.
WebTrust for Baseline Requirements is used to assess a CA’s controls against the CA/B Forum “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates”. WebTrust for BR requires an annual audit.