Combatting Attacks: What to Look for When Selecting a CA

As cyberattacks increase, so too does the defense of these attacks, which makes selecting the right Certificate Authority (CA) critical to your operations. When considering a CA, be sure they’ve implemented baseline security requirements and also that they:

• Follow CA/Browser Forum Baseline Requirements.
• Conduct annual audits – both WebTrust and SOC 3. Annual audits are crucial to CA security, yet not every CA uses the SOC audit.
• Ensure customer involvement. A key ingredient to the prevention of attacks, and the mitigation of those attacks, is to involve the customer in a prompt and responsible manner, ensuring the customer is aware of the threat, and any mitigating factors they can implement to prevent or limit damage.

The CA/Browser Forum developed rules that every Certification Authority must meet. These include:

• ​All information contained within the certificate must be validated to be true through a strict validation process.
• The minimum levels of cryptographic strength that must be used to protect the integrity of the certificate and private key from evolving threats.
• CA security, certificate revocation mechanisms, audit requirements, liability, privacy and confidentiality, and delegation of authority.

Comodo CA puts the same security measure in place for an enterprise’s certificate authority that we do for publicly trusted SSL, ensuring trust in all digital identities. By working with a trusted CA that is proactive, undergoes routine annual audits, and works closely with customers is a first step in protecting your enterprise. The CA role is to ensure you can rely on the integrity of your digital identity, whether they are accessing a web site, authenticating to corporate resources, digitally signing or encrypting a document.

For more information, check out our white paper on best practices in securing your digital identity.