Skip to content
CERT Foundation
Registry platform

Append-only. Four-eyes issuance. Tamper-evident.

The CERT registry is built as public infrastructure. Every issuance and retirement is a cryptographically chained event in an append-only ledger, reconciled daily.

Ledger architecture

  • Append-only, cryptographically chained audit log.
  • Every issuance and retirement is signed by two authorised officers (four-eyes).
  • Daily reconciliations between the operational database and the chained audit log.
  • External auditors receive read-only access to the audit log.

Serial numbers

Every CRU is serialised at issuance. Serial numbers are non-reusable, monotonically increasing per methodology and vintage, and encode the host country and vintage year.

ISO/IEC 27001:2022
The registry platform is designed to ISO/IEC 27001:2022 controls. Independent audit reports are published annually.