Currently, MRSP section 2.4 says "an incident ... MUST be reported to Mozilla as soon as the CA operator is made aware". The CCADB's position on incident reporting (https://www.ccadb.org/cas/incident-report) is being modified, something to the effect that an incident report should be filed as soon as possible but no later than 72 hours after discovery. See https://github.com/mozilla/www.ccadb.org/compare/2be8d48..41e1892 Thus, this phrase in section 2.4 of the MDSP will likely need to be modified to be consistent with the CCADB Policy.
Currently, MRSP section 2.4 says "an incident ... MUST be reported to Mozilla as soon as the CA operator is made aware". The CCADB's position on incident reporting (https://www.ccadb.org/cas/incident-report) is being modified, something to the effect that an incident report should be filed as soon as possible but no later than 72 hours after discovery. See https://github.com/mozilla/www.ccadb.org/compare/2be8d48..41e1892 Thus, this phrase in section 2.4 of the MDSP will likely need to be modified to be consistent with the CCADB Policy.