cabforum · aarongable · Mar 10, 2026 · Mar 10, 2026 · Mar 11, 2026 · Apr 3, 2026
@@ -797,8 +797,6 @@ DNSSEC validation back to the IANA DNSSEC root trust anchor is considered outsid
 
 DNSSEC validation back to the IANA DNSSEC root trust anchor is considered outside the scope of the logging requirements of [Section 5.4.1](#541-types-of-events-recorded).
 
-CAs SHALL maintain a record of which domain validation method, including relevant BR version number, they used to validate every domain.
-
 **Note**: FQDNs may be listed in Subscriber Certificates using `dNSName`s in the `subjectAltName` extension or in Subordinate CA Certificates via `dNSName`s in `permittedSubtrees` within the Name Constraints extension.
 
 ##### 3.2.2.4.1 Validating the Applicant as a Domain Contact
@@ -1093,8 +1091,6 @@ The CA SHALL confirm that prior to issuance, the CA has validated each IP Addres
 
 Completed validations of Applicant authority may be valid for the issuance of multiple Certificates over time. In all cases, the validation must have been initiated within the time period specified in the relevant requirement (such as [Section 4.2.1](#421-performing-identification-and-authentication-functions) of this document) prior to Certificate issuance. For purposes of IP Address validation, the term Applicant includes the Applicant's Parent Company, Subsidiary Company, or Affiliate.
 
-After July 31, 2019, CAs SHALL maintain a record of which IP validation method, including the relevant BR version number, was used to validate every IP Address.
-
 ##### 3.2.2.5.1 Agreed-Upon Change to Website
 
 Confirming the Applicant's control over the requested IP Address by confirming the presence of a Request Token or Random Value contained in the content of a file or webpage in the form of a meta tag under the "/.well-known/pki-validation" directory, or another path registered with IANA for the purpose of validating control of IP Addresses, on the IP Address that is accessible by the CA via HTTP/HTTPS over an Authorized Port. The Request Token or Random Value MUST NOT appear in the request.
@@ -1864,7 +1860,10 @@ The CA SHALL record at least the following events:
 
 2. Subscriber Certificate lifecycle management events, including:
    1. Certificate requests, renewal, and re-key requests, and revocation;
-   2. All verification activities stipulated in these Requirements and the CA's Certification Practice Statement;
+   2. All verification activities stipulated in these Requirements and the CA's Certification Practice Statement, minimally recording the following information:
+      1. the information being validated (e.g., the applied-for FQDN or the organization name);
+      2. the ADN used (if applicable and different from the applied-for FQDN); and
+      3. the validation method used (e.g., the BRs section number or the registered label of an ACME validation method);
    3. Approval and rejection of certificate requests;
    4. Issuance of Certificates; 
    5. Generation of Certificate Revocation Lists; and