APP030: Digital Certificates & Certificate Authority (CA)
If digital certificates are used, are they issued by an EATDS approved CA?
Guidance: Digital certificates used by the application should be issued by EATDS approved certificates providers. Self-signed certificates are strongly discouraged, but may be acceptable for testing purposes, PGP, and point-to-point secure file transfer where endpoint authentication is not a critical requirement or can be satisfied with some compensating controls (See the EATDS Position paper at CA Usage).
To use digital certificates issued by CAs that are not EATDS-approved.
'N/A' is acceptable only when digital certificates are not used.