When to use this
Use this review for internal or external certificate authorities, public-key certificates, TLS certificates, signing certificates, and certificate lifecycle checks.
Related controls
- A.8.24 Use of Cryptography
- A.8.20 Networks Security
- A.5.20 Addressing Information Security Within Supplier Agreements
Review checklist
- Certificate authority is approved and trusted.
- Certificate owner is identified.
- Certificate purpose is documented.
- Expiry date is monitored.
- Private key protection is verified.
- Revocation process is defined.
- Unauthorized replacement risk is controlled.
- Third-party CA obligations are documented.
Certificate review table
| Certificate/CA | Purpose | Owner | Expiry | Private key protection | Revocation method | Issue/gap | Action |
|---|---|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | TBD | TBD | TBD |
- Template
- Iso27001
- Technological controls
- Certificates
- Cryptography
Note Metadata
Aliases: CA and Certificate Review
Source: 90 Templates/Certificate Authority and Certificate Review.md
Related Notes
- ISO 27001 A.5.20 - Addressing Information Security Within Supplier Agreements
- A.8.24 Audit Evidence Pack
- ISO 27001 A.8.20 - Networks Security
- ISO 27001 A.8.24 - Use of Cryptography
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.24 Audit Checklist
- Templates MOC