Audit Letter for Compliance with EV Code Signing Guidelines

EV Code Signing Certificate CISSP

You may be looking for a Certified Information Systems Security Professional (CISSP) to sign off on your Extended Validation (EV) Code Signing Certificate. Your certificate vendor wants to make sure that the private key is only stored in a Hardware Security Module (HSM). They want to ensure that you are not doing anything to compromise the security of the digital certificate.

Fractional CISO can help. We have systematized the process of getting you a letter of compliance with your digital certificate vendor’s EV Code Signing Guidelines.

Whether you are storing the certificate in an on-premise HSM or in Azure Key Vault or AWS CloudHSM, we can help.

We can provide the letter for any of the digital Certificate Authority (CA) vendors. They include Certum, Comodo, Digicert, Entrust, GlobalSign, and Symantec.

What you can expect with an Extended Validation (EV) Code Signing compliance letter project:

  • One-time, low, fixed fee
  • Initial sharing of documentation by you on the technology used in your signing solution
  • One hour onboarding call where you explain your architecture and signing solution
  • A short turn around where the Fractional CISO team researches aspects of your solution
  • A few additional questions of follow up.
  • A signed audit letter by a qualified CISSP –OR- findings of what if anything needs to be changed in your process
  • Up to three retries if anything in your process is non-compliant
  • Confirmation call with the Certificate Authority (CA) to verify the content of the letter.

If you would like learn more about our EV Code Signing letter by a CISSP, please give us a call for a complimentary consultation. We can be reached at (617) 658-3276 and our email is [email protected]. Let us help you to achieve your goals for cybersecurity!