# Security Support and Cybersecurity Updates Policy

**Security Support Commitment**

eMudhra Limited is committed to maintaining the security and integrity of emCA Certificate Manager throughout its operational lifecycle. This document outlines our security support policy and the availability of cybersecurity updates for emCA v5.0.0 and subsequent releases.

### Security Support Period

#### emCA v5.0.0 Security Support Duration: 5 Years

* General Availability Date: December 15, 2025
* Security Support End Date: December 15, 2030
* Extended Support: Available upon request for mission-critical deployments

#### What Security Support Includes:

Critical Security Patches

* Vulnerabilities rated CVSS 9.0-10.0 (Critical): Patch released within 72 hours of verification
* Vulnerabilities rated CVSS 7.0-8.9 (High): Patch released within 7 days of verification
* Vulnerabilities rated CVSS 4.0-6.9 (Medium): Patch released within 30 days of verification
* Vulnerabilities rated CVSS 0.1-3.9 (Low): Addressed in quarterly maintenance releases

#### Security Update Delivery Mechanisms

1. Security Advisory Notifications

Registered customers receive immediate notifications via:

* Email alerts to designated security contacts
* Postings on the emCA Support Center

2. Patch Distribution Channels

Security updates are distributed through:

* Direct Support Delivery: Critical patches delivered directly by eMudhra support engineers for high-assurance environments

3. Update Package Integrity

All security updates are:

* Digitally signed using eMudhra's code signing certificate
* Accompanied by SHA-256 hash verification values

### Version Support Policy

Current Version (v5.0.0 and later)

* Full Security Support: 5 years from General Availability
* All security updates provided as outlined above
* Technical support for security-related issues available 24/7/365 for Enterprise customers

#### Previous Versions (Last 5 versions)

<table data-header-hidden><thead><tr><th valign="top"></th><th valign="top"></th><th valign="top"></th><th valign="top"></th></tr></thead><tbody><tr><td valign="top"><strong>Version</strong></td><td valign="top"><strong>Release Date</strong></td><td valign="top"><strong>Security Support End Date</strong></td><td valign="top"><strong>Status</strong></td></tr><tr><td valign="top">V5.0.0</td><td valign="top">Dec 15, 2025</td><td valign="top">Dec 15, 2030</td><td valign="top">Supported</td></tr><tr><td valign="top">v4.3.1</td><td valign="top">Jul 10, 2025</td><td valign="top">Jul 10, 2030</td><td valign="top">Supported</td></tr><tr><td valign="top">v4.2.7</td><td valign="top">May 30, 2025</td><td valign="top">May 30, 2030</td><td valign="top">Supported</td></tr><tr><td valign="top">v4.2.6</td><td valign="top">Jan 01, 2025</td><td valign="top">Jan 01, 2030</td><td valign="top">Supported</td></tr><tr><td valign="top">v4.2.5</td><td valign="top">Sep 19, 2024</td><td valign="top">Sep 19, 2029</td><td valign="top">Supported</td></tr></tbody></table>

{% hint style="info" %}
**Note:** Customers using versions approaching end-of-support are strongly encouraged to upgrade to the latest version to continue receiving security updates.
{% endhint %}

### Vulnerability Response Process

Vulnerability Identification

eMudhra actively monitors security vulnerabilities through:

* Internal security testing and code audits
* Third-party penetration testing
* Responsible disclosure program (see Security Contact information)
* Mention a point about CVE tracking

### Compliance with Regulatory Requirements

Compliance updates with:

* eIDAS Regulation: Trust service provider obligations
* Common Criteria EAL4+ Certification: Security update procedures maintain certification compliance
* ISO/IEC 27001: Information security management systems
* GDPR Compliance: [eMudhra | Data Security - India](https://emudhra.com/en-in/data-security)

### Customer Responsibilities

To ensure continuous security support, customers must:

1. Register Security Contacts: Maintain current contact information in the emCA Support Portal
2. Monitor Security Advisories: Subscribe to security notifications and regularly check the advisory portal
3. Test Updates Promptly: Evaluate security updates in non-production environments within 7 days of release
4. Deploy Critical Patches: Apply critical security updates within timeframes specified in security advisories
5. Report Vulnerabilities: Immediately report suspected security issues to <security@emudhra.com>
6. Maintain Supported Configurations: Operate emCA on supported platforms and with compatible versions of dependent components

### Security Support Resources

Documentation

* Patch Application Procedures: Step-by-step deployment instructions
* Rollback Procedures: Emergency recovery guidance

Technical Support

1. 24/7/365 Critical Security Support: Enterprise customers
2. Business Hours Support (Mon-Fri): Standard customers
3. Dedicated Security Response Team: For vulnerability reports and security incidents

### Contact Information

Security Support Email: <security@emudhra.com>\
General Support Portal: <https://support.emudhra.com>\
Vulnerability Reporting: <https://emca.emudhra.com/security/security-vulnerability-reporting-guidelines>

Contact Us: <https://emudhra.com/en-in/contact-us>

### Commitment Statement

eMudhra Limited is committed to the security of our customers and the integrity of the PKI ecosystems they operate. We continuously invest in security research, development, and support to ensure emCA Certificate Manager remains a trusted foundation for digital certificate management across cyber environments worldwide.