DigiCert Enhances Document Trust Manager to Counter AI‑Driven Document Fraud
What Happened – DigiCert released a set of upgrades to its Document Trust Manager (DTM) platform, adding unified workflow visibility, a hardened certificate/key vault, MFA‑protected signing, and native integrations with DocuSign, Adobe Sign, and Adobe Acrobat. The enhancements are aimed at mitigating the surge in AI‑generated document fraud and simplifying compliance with standards such as AATL and eIDAS.
Why It Matters for TPRM –
- Centralised signing controls reduce the attack surface of fragmented e‑signature processes used by many third‑party vendors.
- MFA‑guarded key storage limits the risk of credential theft or token loss that could be leveraged in supply‑chain attacks.
- Auditable signing logs help organisations satisfy regulatory requirements and demonstrate due‑diligence in vendor risk assessments.
Who Is Affected – Enterprises that rely on digital signatures across finance, legal, procurement, and regulated industries (e.g., banking, healthcare, government) and any third‑party service providers that embed DigiCert’s signing APIs.
Recommended Actions –
- Review contracts with vendors that use DigiCert or other PKI services to confirm they have adopted the new DTM controls.
- Validate that MFA is enforced for all signing operations and that key repositories are centrally managed.
- Update internal policies to require audit‑ready logs for all e‑signature activities and map them to existing compliance frameworks.
Technical Notes – The upgrade introduces a secure, centrally‑hosted certificate and private‑key repository, eliminates reliance on physical USB tokens, and adds an online counter‑signing capability. No new CVEs are disclosed; the change is a hardening of existing cryptographic workflows. Source: Help Net Security