search

Security Support and Cybersecurity Updates Policy

Security Support Commitment

eMudhra Limited is committed to maintaining the security and integrity of emCA Certificate Manager throughout its operational lifecycle. This document outlines our security support policy and the availability of cybersecurity updates for emCA v5.0.0 and subsequent releases.

hashtag
Security Support Period

hashtag
emCA v5.0.0 Security Support Duration: 5 Years

  • General Availability Date: December 15, 2025

  • Security Support End Date: December 15, 2030

  • Extended Support: Available upon request for mission-critical deployments

hashtag
What Security Support Includes:

Critical Security Patches

  • Vulnerabilities rated CVSS 9.0-10.0 (Critical): Patch released within 72 hours of verification

  • Vulnerabilities rated CVSS 7.0-8.9 (High): Patch released within 7 days of verification

  • Vulnerabilities rated CVSS 4.0-6.9 (Medium): Patch released within 30 days of verification

  • Vulnerabilities rated CVSS 0.1-3.9 (Low): Addressed in quarterly maintenance releases

hashtag
Security Update Delivery Mechanisms

  1. Security Advisory Notifications

Registered customers receive immediate notifications via:

  • Email alerts to designated security contacts

  • Postings on the emCA Support Center

  1. Patch Distribution Channels

Security updates are distributed through:

  • Direct Support Delivery: Critical patches delivered directly by eMudhra support engineers for high-assurance environments

  1. Update Package Integrity

All security updates are:

  • Digitally signed using eMudhra's code signing certificate

  • Accompanied by SHA-256 hash verification values

hashtag
Version Support Policy

Current Version (v5.0.0 and later)

  • Full Security Support: 5 years from General Availability

  • All security updates provided as outlined above

  • Technical support for security-related issues available 24/7/365 for Enterprise customers

hashtag
Previous Versions (Last 5 versions)

Version

Release Date

Security Support End Date

Status

V5.0.0

Dec 15, 2025

Dec 15, 2030

Supported

v4.3.1

Jul 10, 2025

Jul 10, 2030

Supported

v4.2.7

May 30, 2025

May 30, 2030

Supported

v4.2.6

Jan 01, 2025

Jan 01, 2030

Supported

v4.2.5

Sep 19, 2024

Sep 19, 2029

Supported

circle-info

Note: Customers using versions approaching end-of-support are strongly encouraged to upgrade to the latest version to continue receiving security updates.

hashtag
Vulnerability Response Process

Vulnerability Identification

eMudhra actively monitors security vulnerabilities through:

  • Internal security testing and code audits

  • Third-party penetration testing

  • Responsible disclosure program (see Security Contact information)

  • Mention a point about CVE tracking

hashtag
Compliance with Regulatory Requirements

Compliance updates with:

  • eIDAS Regulation: Trust service provider obligations

  • Common Criteria EAL4+ Certification: Security update procedures maintain certification compliance

  • ISO/IEC 27001: Information security management systems

  • GDPR Compliance: eMudhra | Data Security - Indiaarrow-up-right

hashtag
Customer Responsibilities

To ensure continuous security support, customers must:

  1. Register Security Contacts: Maintain current contact information in the emCA Support Portal

  2. Monitor Security Advisories: Subscribe to security notifications and regularly check the advisory portal

  3. Test Updates Promptly: Evaluate security updates in non-production environments within 7 days of release

  4. Deploy Critical Patches: Apply critical security updates within timeframes specified in security advisories

  5. Report Vulnerabilities: Immediately report suspected security issues to [email protected]envelope

  6. Maintain Supported Configurations: Operate emCA on supported platforms and with compatible versions of dependent components

hashtag
Security Support Resources

Documentation

  • Patch Application Procedures: Step-by-step deployment instructions

  • Rollback Procedures: Emergency recovery guidance

Technical Support

  1. 24/7/365 Critical Security Support: Enterprise customers

  2. Business Hours Support (Mon-Fri): Standard customers

  3. Dedicated Security Response Team: For vulnerability reports and security incidents

hashtag
Contact Information

Security Support Email: [email protected]envelope General Support Portal: https://support.emudhra.comarrow-up-right Vulnerability Reporting: https://emca.emudhra.com/security/security-vulnerability-reporting-guidelinesarrow-up-right

Contact Us: https://emudhra.com/en-in/contact-usarrow-up-right

hashtag
Commitment Statement

eMudhra Limited is committed to the security of our customers and the integrity of the PKI ecosystems they operate. We continuously invest in security research, development, and support to ensure emCA Certificate Manager remains a trusted foundation for digital certificate management across cyber environments worldwide.

PreviousSecurityNextSecurity Vulnerability Reporting Guidelines

Last updated