Dear SSR2 Review Team members,

 

As discussed on the call yesterday, below are links to the ICANN SSR former subgroup’s work. This information is available on the wiki. Per the action item on the call yesterday for those involved in ICANN SSR former subteam to flag any areas where more follow-up or interviews are required, we are sharing this information in email to help facilitate this work.

 

Subteam members as of October 2017: Boban (rapporteur), Denise, Kerry-Ann, Eric, Noorul, Norm, Žarko

 

Mandate as of October 2017: The group will be responsible for reviewing the completeness and effectiveness of ICANNs internal security processes and the effectiveness of the ICANN security framework.

 

Wiki page: https://community.icann.org/x/hSrwAw

 

Documents (all on the wiki page above):

• Preamble for report (Google doc, drafted by Boban December 2018): https://docs.google.com/document/d/1Gh1LwDPrKi28phPHDYKziXMRCaNLIGg9KXENpKLFFrE/edit?usp=sharing
• Draft report, ICANN SSR subgroup meeting in LA (drafted by RT members October 2017): https://docs.google.com/document/d/1QsvBp4GNW_TILEos29YQxTb4ZH7qcQFAh_4e0XgxDSg/edit?usp=sharing
• Follow-up questions & answers from subgroup meeting in LA (Excel file available for download): https://community.icann.org/download/attachments/66071173/ICANN%20SSR%20Questions%20%26%20Answers%20%20-%20WIKI%20TABLE%20-%2019%20Jan%202019.xlsx?version=1&modificationDate=1547833490658&api=v2
• Trello board: https://trello.com/b/5Eu1ppuv/ssr2-subtopic-2-icann-ssr
• Subtopic activities (Google doc, drafted by RT members October 2017): https://docs.google.com/document/d/145i1Q-ZXgsvuwpDIUi_jJt_WJlaCRoxBoh2vKtNvSrM/edit?usp=sharing  

 

Meeting summary

The ICANN SSR Subgroup had a very productive two-day, fact-finding meeting at ICANN headquarters in Los Angeles. The subgroup met with a number of ICANN staff subject matter experts and discussed a range of issues relating to the completeness and effectiveness of ICANN’s security processes and the effectiveness of the ICANN security framework (including activities connected to the SSR2 Terms of Reference and implementation of SSR1 recommendations). Topics were covered to varying degrees of detail as warranted; some topics were covered sufficiently and some will require follow-on discussions.

The subgroup reviewed, submitted questions & information requests about, and discussed early observations about:

• ICANN’s Security Framework and emerging threats
• ICANN’s Risk Management Framework
• ICANN’s Business Continuity strategies, objectives, plans and procedures
• ICANN’s operational planning and controls, and prioritized activity recovery strategy
• ICANN’s Incident Response Structure
• ICANN’s root server operations
• ICANN’s Global Domains Division activities that relate to SSR objectives, including:
  • New gTLD program SSR-related safeguards
  • Emergency Back-End Registry Operator (EBERO), and related processes, and testing
  • Registry Data Escrow (RyDE) program and Data Escrow Agents (DEA)
  • Centralized Zone Data Service (CZDS) compliance, failures, plans
  • Vetting of registrar and registry operators as relates to SSR, and measurement & impact of malicious conduct by contracted parties, databreaches, etc.
  • SLA Monitoring System (SLAM)
  • Abuse reports, including SADAG and DAAR (Statistical Analysis of DNS Abuse & Domain Abuse Activity Reporting)
  • SSR objectives in ICANN’S standard operating procedures (SOP).

 

Best,

Jennifer

 

-- 

www.icann.org