Logging alignment with TBRs

XolphinMartijn · Apr 24, 2024 · 248fb28 · 248fb28
1 parent ed36440
commit 248fb28
Showing 1 changed file with 12 additions and 5 deletions.
diff --git a/SBR.md b/SBR.md
@@ -1149,8 +1149,6 @@ For the status of Subordinate CA Certificates, the CA SHALL update information p
 
 If the OCSP responder receives a request for the status of a Certificate serial number that is "unused", then the responder SHOULD NOT respond with a "good" status. If the OCSP responder is for a CA that is not Technically Constrained in line with [Section 7.1.5](#715-name-constraints), the responder SHALL NOT respond with a "good" status for such requests.
 
-The CA SHOULD monitor the OCSP responder for requests for "unused" serial numbers as part of its security response procedures.
-
 A Certificate serial number within an OCSP request is "assigned" if a Certificate with that serial number has been issued by the Issuing CA, using any current or previous key associated with that CA subject, or "unused" if otherwise.
 
 ### 4.9.11 Other forms of revocation advertisements available
@@ -1360,15 +1358,24 @@ The CA SHALL record at least the following events:
    iii. Security profile changes;
    iv. Installation, update and removal of software on a Certificate System;
    v. System crashes, hardware failures, and other anomalies;
-   vi. Firewall and router activities; and
+   vi. Relevant router and firewall activities (as described in [Section 5.4.1.1](#5411-router-and-firewall-activities-logs)); and
    vii. Entries to and exits from the CA facility.
 
-Log records SHALL include the following elements:
+Log records SHALL include at least the following elements:
 
 1. Date and time of event;
-2. Identity of the person making the journal record; and
+2. Identity of the person making the journal record (when applicable); and
 3. Description of the event.
 
+#### 5.4.1.1 Router and firewall activities logs
+
+Logging of router and firewall activities necessary to meet the requirements of Section 5.4.1, Subsection 3.6 MUST at a minimum include:
+
+  1. Successful and unsuccessful login attempts to routers and firewalls; and
+  2. Logging of all administrative actions performed on routers and firewalls, including configuration changes, firmware updates, and access control modifications; and
+  3. Logging of all changes made to firewall rules, including additions, modifications, and deletions; and
+  4. Logging of all system events and errors, including hardware failures, software crashes, and system restarts.
+
 ### 5.4.2 Frequency of processing audit log
 
 No stipulation.