WebTrust audits are apparently SOC-3 audits.
The scope of a WebTrust audit would absolutely encompass the ACME service provided by Let’s Encrypt, much as it would the web frontend and bespoke APIs of your typical commercial CA.
1 Like