A question came up regarding where a specific recommendation landed in the draft report. I’ve kept a table mapping what went where; a copy is below, and a copy is also now online here (in case the formatting doesn’t work for your mail client):

Old recommendation number	Description	Workstream	New recommendation number
	Implement all SSR1 Recommendations	SSR1	1
Recommendation 2	ISMS, Certification	SSR1	3
Recommendation 3	Metrics, Vulnerability Disclosure	SSR1 - still a work in progress	5
Recommendation 4	Budget Transparency	SSR1	6
Recommendation 5	SSAC, RSSAC roles	SSR1	2
Recommendation 6	SSR Strategy and Framework	SSR1	4
Recommendation 7	Budgeting and gTLDs	SSR1	7
Recommendation 8	Risk Management	SSR1	8
Recommendation 10	Security Position, C-Suite	WS2	9
Recommendation 11	Security Risk Management	WS2	10
Recommendation 13	DNS Test Bed	WS3	16
Recommendation 14	IANA Portal	WS3	17
Recommendation 15	Root Server Ops	WS3	19
Recommendation 19	Research and Briefings	WS4	24
Recommendation 20	Abusive Naming	WS3	15
Recommendation 24	Root Zone	WS3	20
Recommendation 26	Key Rollover	WS3	18
Recommendation 27	DR Plan	WS2	11
Recommendation 28	Name Collision	WS4	22
Recommendation 35	Crypto	WS4	21
Recommendation 36	Privacy	WS4	23
	Abuse and Compliance: Compliance	WS3	12
	Abuse and Compliance: Abuse Definitions & Reporting	WS3	13
	Abuse and Compliance: Policies and Agreements with Contracted Parties	WS3	14