Code Signing Readiness Checklist (CSBR)
A practitioner's audit-prep checklist for the CA/B Forum Code Signing Baseline Requirements. Designed as the action-oriented companion to the Venafi CodeSign Protect guide — it converts the CSBR control mapping table into a check-as-you-go runbook covering HSM FIPS verification, Environment/Project segregation, approver policy review, key ceremony evidence, audit log retention, TSA configuration, and prod/non-prod partition isolation.
When to Use
- • Preparing for a CA/B Forum CSBR audit attestation cycle
- • Annual or quarterly self-audit of an enterprise code signing program
- • After standing up Venafi CodeSign Protect / CyberArk Code Sign Manager — before requesting your first publicly-trusted EV signing cert
- • After a code signing key incident or near-miss — to verify nothing else is loose
- • Before onboarding a new product line, project, or build pipeline onto the existing platform
Do NOT Use For
- • TLS server certificate compliance (use the PKI Compliance Checklist)
- • General PKI audit governance (use the PKI Audit Preparation Checklist)
- • Single-machine developer signing setup (CSBR scope is enterprise / publicly-trusted)
- • Sigstore / keyless / Fulcio-only signing programs (different control set — CSBR assumes long-lived hardware-backed keys)
Quick Reference (TL;DR)
- CSBR draws a hard line: keys live in FIPS 140-2 Level 2+ hardware (Level 3 if you want a quiet auditor), are never extractable, and every signing event is authenticated and logged
- Most failures are not the HSM — they are partition layout, approver hygiene, missing TSA, and audit logs that nobody can produce on request
- Prod and non-prod must live in separate HSM partitions. No exceptions, no "we will fix it later"
- Your CP/CPS has to describe what the platform actually does. The platform alone does not pass an audit
1Scope & Inventory
Objective: Know exactly which code signing keys, certificates, projects, and build pipelines fall under CSBR scope before you assess controls
💡 CSBR scope is publicly-trusted code signing certificates only. Internal-only signing (driver signing for managed fleets, internal app signing) is out of scope for the CA/B Forum but almost always in scope for SOX, PCI, FedRAMP, or your own internal audit.
💡 The most common scope gap: a developer issued a "just for testing" cert from a public CA two years ago, paid with a personal card, and the key is in a Downloads folder. Find these before the auditor does.
2HSM FIPS Level Verification
Objective: Confirm every code signing key sits on hardware that meets — and ideally exceeds — the CSBR floor of FIPS 140-2 Level 2 or Common Criteria EAL 4+
💡 CSBR effective June 2023 raised the floor: keys for publicly-trusted code signing must be generated and stored on FIPS 140-2 Level 2 (or CC EAL 4+) hardware. Soft tokens, .pfx files, and developer SmartCards no longer qualify.
💡 A "FIPS-capable" device is not the same as a device "operating in FIPS mode." The audit asks for the second. Take the screenshot.
💡 If the HSM firmware was updated after the device was originally validated, the FIPS certificate may not cover the running firmware. Track this in your inventory.
3Environment & Project Segregation
Objective: Verify that the platform-level objects (Environments, Projects, Templates) actually enforce the segregation your CP/CPS claims
💡 Auditors ask: "Show me how a developer assigned to Project A cannot trigger a signing operation on Project B." If you can't demonstrate it in a screen share, the control is not there.
💡 Naming conventions matter for audit speed. prod-luna-codesign-ev tells the auditor everything they need to know in one line; codesign-env-1 tells them nothing and invites follow-up questions.
4Approver Policy & Workflow Review
Objective: Verify that the people approving signing requests are the people your CP/CPS says should approve them — and that the workflow is enforced server-side
💡 CSBR does not mandate per-request human approval — it mandates that signing key access is properly authenticated and logged. Internal SOX, PCI, and FedRAMP overlays are usually what add the human-in-the-loop requirement. Document which control framework drives each approval rule.
💡 The most common audit finding here is a stale approver list — someone who left a year ago is still in the group. Pulling membership from AD via group sync (not manual entry) closes this gap.
5Key Ceremony Evidence
Objective: For every code signing key currently in production, produce documentary evidence of how it was generated, witnessed, and bound to a Project
💡 The auditor will pick a key at random and ask: "Show me how this key came to exist." If your answer is "I think Bob generated it back in 2022," that is a finding.
💡 Reconstructed ceremony records are acceptable for grandfathered keys, but only if the reconstruction is honest, dated, and signed off. Do not back-date a ceremony record. Ever.
💡 See the Key Ceremony Best Practices post for a full ceremony template and the Compliance-in-a-Box bundle for the RFC 3647-aligned script.
6Audit Log Configuration & Retention
Objective: Verify that every signing event, policy change, and access event is captured, forwarded off-platform, and retained long enough to satisfy the audit
💡 Auditors will ask for "every signing event for this product line in Q3 of last year." If the answer takes more than a day to produce, that is a finding even if the data exists.
💡 A common gap: the platform logs the service account that authenticated, not the human who triggered the build. Make sure your audit chain links the build job to the human who pushed the commit / approved the release.
💡 Log retention requirements vary by audit framework. CSBR is the floor; SOX, PCI 4.0, and FedRAMP are usually longer. Document the longest applicable retention and configure to that.
7Time Stamp Authority (TSA) Configuration
Objective: Confirm every signature gets an RFC 3161 timestamp from a CSBR-acceptable TSA — so signed software keeps verifying after the signing certificate expires
💡 Without a TSA, signed software effectively rots: once the signing cert expires, the signature stops verifying and end users see "publisher could not be verified" warnings on perfectly good binaries.
💡 CSBR explicitly requires a publicly-trusted TSA for publicly-distributed software. A self-hosted TSA is fine for internal driver signing but not for anything you ship to customers.
💡 Treat TSA failures the same as signing failures in your pipeline. A green build with a missing timestamp is worse than a red build, because nobody catches it until customers install the software.
8Prod / Non-Prod Partition Isolation
Objective: Confirm — at the HSM layer, not just at the CLM layer — that production and non-production code signing keys are physically segregated
💡 This is the single most common audit finding for code signing programs. Teams design the CLM segregation correctly and then put both prod and non-prod keys on the same HSM partition because "it was easier."
💡 The test the auditor runs: "Show me, in the HSM management console, that the prod EV signing key and the dev test signing key are not in the same partition." Be able to demonstrate this in under five minutes.
💡 Partition PIN / credential handling deserves its own ceremony. Document it, then test the recovery path on a non-prod partition before you need it on a prod partition.
9CP/CPS Alignment & Subscriber Agreements
Objective: Verify that your Certificate Policy and Certification Practice Statement actually describe what the platform does — and that subscriber agreements are in place where required
💡 The platform alone does not pass an audit. Auditors compare the CP/CPS narrative to the platform configuration — gaps in either direction (control implemented but not documented, or documented but not implemented) are findings.
💡 See Compliance-in-a-Box for an RFC 3647-structured CP/CPS template that maps cleanly to CodeSign Protect operations.
10Incident Response & Emergency Revocation
Objective: Confirm you can detect, contain, and revoke a compromised code signing key inside the CSBR-required window
💡 CSBR requires CAs to revoke compromised code signing certificates within 24 hours of confirmed compromise. Your incident response timeline must be shorter than that — you need time to investigate, contact the CA, and confirm.
💡 See the Key Compromise Response Runbook for the detailed step-by-step.
11Readiness Scoring & Next Steps
Objective: Summarize your audit-prep posture into a defensible readiness score and assign owners to gaps
💡 Your readiness percentage is auto-calculated from the progress bar at the top of this page. Use it as a self-scoring snapshot, not a substitute for the formal audit.
💡 **Scoring guide:** 90–100% = ✅ Audit-ready (controls in place, evidence available, gaps tracked) | 75–89% = 🟡 Mostly ready (small gaps, deliverable in weeks) | 50–74% = 🟠 At risk (foundational gaps, weeks-to-months of work) | Below 50% = 🔴 Not ready (do not request a CSBR audit attestation in this state)
💡 The two sections that most commonly drag the score down are Key Ceremony Evidence (for older keys) and Partition Isolation (for fast-growing programs). Address those first.
📦 Need the CP/CPS narrative to match this checklist?
Compliance-in-a-Box ships an RFC 3647-structured CP/CPS template, key ceremony script, and naming convention guide — written so you can drop CodeSign Protect operational details into the right sections without rebuilding the framework.
Explore Compliance-in-a-BoxTroubleshooting
Problem: We can't locate a key ceremony record for a production EV signing key generated three years ago
Solution: Document an honest "best-evidence" reconstruction: pull the HSM provisioning records, AD logs from the provisioning window, calendar entries, and any contemporaneous email. Have it signed by the current Key Custodian and Compliance Officer with a clear note that this is a reconstruction, not an original ceremony record. Schedule a fresh ceremony at the next key rotation. See [Key Ceremony Best Practices](/blog/key-ceremony-best-practices) for the script.
Problem: Our prod and non-prod signing keys are on the same HSM partition and we cannot rebuild the partition before the audit
Solution: Generate a new partition (or a second HSM, if your appliance is single-partition), re-key the non-prod environment onto it, decommission the non-prod keys from the prod partition, and document the migration. CA acceptance of new non-prod keys is usually instant. The audit finding will be smaller if you can show "we discovered, we remediated, here is the evidence" than if the auditor finds it.
Problem: Audit logs exist in TPP but are not forwarded to our SIEM
Solution: Configure the TPP audit log forwarder (syslog, splunk-forwarder, or Sentinel connector) and verify ingestion before the audit window. CSBR does not strictly require SIEM forwarding, but a TPP-only retention story is fragile — most auditors will ask about the second-system control, and "we replicate to SIEM with a 30-day retention difference" is the answer they want to hear.
Problem: Our CA contact says Azure Key Vault Premium is fine for EV signing, but our auditor disagrees
Solution: Get the CA confirmation in writing on company letterhead, with reference to the specific Key Vault SKU and protection profile. CA acceptance for EV historically required dedicated, single-tenant HSM hardware. The Key Vault landscape has evolved — verify with your specific CA, in writing, and retain the letter as audit evidence. If in doubt, fall back to Azure Dedicated HSM (Thales Luna 7) which has unambiguous CA acceptance.
Problem: Approvers are receiving signing requests in email and approving by reply — not via the platform
Solution: This is a serious finding waiting to happen — email-based approval bypasses the audit log and the IdP authentication. Disable the email-only path immediately, route all approvals through the platform UI (with IdP MFA), and document the change. Any signing event approved via the legacy email path needs to be retroactively reviewed.
Problem: Build pipeline produces signed artifacts but the signatures are not timestamped
Solution: Update the Signing Template to require a TSA URL and configure the signing tool invocation with the timestamp flag (signtool /tr, jarsigner -tsa, codesign --timestamp). Add a post-signing verification step that fails the build if no timestamp is present. Then re-sign any in-flight release artifacts before they ship.
Escalation
Internal: Escalate to PKI team lead and CISO if the audit-prep walkthrough surfaces evidence of un-logged signing operations, missing ceremony records for production EV keys, or partition isolation failures.
CA Support: Contact your CA account team to confirm CSBR scope coverage of cloud HSM choices, request CA-side configuration evidence for the audit (issued cert lists, OCSP/CRL responder availability), and confirm emergency revocation contact procedures.
After Hours: For suspected key compromise discovered during audit prep: invoke the Key Compromise Response Runbook immediately and notify the CA emergency contact; CSBR allows the CA only 24 hours from confirmed compromise to revoke.