CICA and CMA Canada joined together January 1, 2013 to create CPA Canada as the national organization to support unification of the Canadian accounting profession under the CPA banner.

Trust Services

TRUST SERVICES PRINCIPLES AND CRITERIA, and ILLUSTRATIONS

NOTICE: Revised Trust Services Principles and Criteria Issued

The 2014 revision to the Trust Services Principles and Criteria have been issued. They are effective for periods ending on or after December 15, 2014, early implementation permitted. They are available as part of the subscription service of the AICPA Technical Practice Aids or as a standalone e-book, Trust Services Principles, Criteria and Illustrations.

 

New and Revised WebTrustSM/TM for Certification Authorities Principles and Criteria 

The WebTrustSM/TM for Certification Authorities Task Force has released the final versions of the following Principles and Criteria documents after reviewing comments received on the exposure drafts of these three documents. To reduce confusion these documents are now referred to as “WebTrust” documents rather than “Trust Services” documents. There have not been any other significant changes made as a result of comments received on the exposure draft. The documents are:

  • WebTrustSM/TM Principles and Criteria for Certification Authorities – SSL Baseline with Network Security – Version 2.0
    Effective for audit periods starting on or after July 1, 2014, Version 2.0 incorporates the CA/Browser Forum requirements for the Issuance and Management of Publicly-Trusted Certificates and Network and Certificate System Security Requirements. (See Appendix A, B and C in the Principles and Criteria document for more information). The essential change from Version 1.1 is the incorporation of criteria related to network security into the document.
  • WebTrustSM/TM Principles and Criteria for Certification Authorities – Extended Validation SSL – Version 1.4.5
    Effective upon release on April 3, 2014, Version 1.4.5 of the WebTrustSM/TM Principles and Criteria for Extended Validation SSL incorporates changes to criteria to reflect updates made by CA/B Forum. In 2011, the Forum released its Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates (“Baseline Requirements”). Subsequently, the CA/B Forum approved several updates, with the latest edition being Version 1.1.6. The Forum’s EV SSL Guidelines and these EV SSL Criteria, at times makes reference to the Baseline Requirements and many guidelines which used to be previously detailed in the Forum’s EV SSL Guidelines are now incorporated by reference to the Baseline Requirements. To facilitate the EV SSL Audit, however, these requirements continued to be detailed in the WebTrust EV SSL Criteria.
  • WebTrustSM/TM Principles and Criteria for Certification Authorities – Extended Validation Code Signing
    Effective for audits starting on or after July 1, 2014, the WebTrustSM/TM Principles and Criteria for Certification Authorities – Extended Validation Code Signing (“EV Code Signing Criteria”) document establishes criteria to be used by auditors as a basis for an EV Code Signing audit. These Principles and Criteria are based on the CA/B Forum’s “Guidelines for the Issuance and Management of Extended Validation Code Signing Certificates”.

WebTrustSM/TM Principles and Criteria for Certification Authorities

Framework for third party assurance providers to assess the adequacy and effectiveness of the Controls employed by Certification Authorities (CAs)

  1. Principles and Criteria for Certification Authorities 2.0

Framework for third party assurance providers for Extended Validation Certificates

  1. Principles and Criteria for Certification Authorities – Extended Validation Audit Criteria 1.4 (amended) (Superseded)
  2. WebTrust Principles and Criteria for Certification Authorities – Extended Validation SSL – Version 1.4.5

 Framework for third party assurance providers relating to SSL Certificates

  1. Principles and Criteria - SSL Baseline Requirements Version 1.1. (Amended) (Superseded)
  2. WebTrust Principles and Criteria for Certification Authorities – SSL Baseline with Network Security – Version 2

Framework for third party assurance providers relating to code signing

  1. Principles and Criteria for Certification Authorities – Extended Validation Code Signing