Hi Boban, The transcripts from the ICANN SSR meeting in LA were posted to the meeting page in the weeks following the meeting, here: https://community.icann.org/x/KRghB. A record of all the questions and answers related to the ICANN SSR work are posted to the workstream page of the wiki here: https://community.icann.org/x/KRghB. For any questions outstanding, the latest delivery date is included in the table. Please let us know if there are other items you consider to be outstanding, as noted in your email below. Best, Jennifer -----Original Message----- From: Ssr2-review <ssr2-review-bounces@icann.org> on behalf of Boban Krsic <krsic@denic.de> Date: Wednesday, November 14, 2018 at 5:28 AM To: "ssr2-review@icann.org" <ssr2-review@icann.org> Subject: Re: [Ssr2-review] SSR2 8 Nov agenda Hi all, On 08.11.18 14:31, Boban Krsic wrote: > As already mentioned, I will send the current status of ICANN SSR to the > mailing list by next Monday. okay, it's Wednesday, but here we go: As already mentioned, here is a short update on the current status of the WS2 ICANN SSR. All information about the last official task (F2F in Los Angeles, CA) can be found in the wiki at https://community.icann.org/pages/viewpage.action?pageId=69277737. For completeness here once again the summary of the meeting in LA: The ICANN SSR Subgroup had a very productive two-day, fact-finding meeting at ICANN headquarters in Los Angeles. The subgroup met with a number of ICANN staff subject matter experts and discussed a range of issues relating to the completeness and effectiveness of ICANN’s security processes and the effectiveness of the ICANN security framework (including activities connected to the SSR2 Terms of Reference and implementation of SSR1 recommendations). Topics were covered to varying degrees of detail as warranted; some topics were covered sufficiently and some will require follow-on discussions. The subgroup reviewed, submitted questions & information requests about, and discussed early observations about: * ICANN’s Security Framework and emerging threats * ICANN’s Risk Management Framework * ICANN’s Business Continuity strategies, objectives, plans and procedures * ICANN’s operational planning and controls, and prioritized activity recovery strategy * ICANN’s Incident Response Structure * ICANN’s root server operations * ICANN’s Global Domains Division activities that relate to SSR objectives, including: * New gTLD program SSR-related safeguards * Emergency Back-End Registry Operator (EBERO), and related processes, and testing * Registry Data Escrow (RyDE) program and Data Escrow Agents (DEA) * Centralized Zone Data Service (CZDS) compliance, failures, plans * Vetting of registrar and registry operators as relates to SSR, and measurement & impact of malicious conduct by contracted parties, databreaches, etc. * SLA Monitoring System (SLAM) * Abuse reports, including SADAG and DAAR (Statistical Analysis of DNS Abuse & Domain Abuse Activity Reporting) * SSR objectives in ICANN’S standard operating procedures (SOP). We started immediately in the meeting to bring the essential aspects to paper https://docs.google.com/document/d/145i1Q-ZXgsvuwpDIUi_jJt_WJlaCRoxBoh2vKtNv.... Unfortunately we couldn't finish the document because of the "pause-process". Now, after more than a year, remembering the results of the meeting is a very challenging task. But maybe we can use the document as a starting point to restart the task. As you can see, we have structured the above mentioned topics into seven groups. We assigned the team members among the individual groups, with the aim of parallel processing and taking into account the individual expertise of each SSR2 team member. The goal was to assign at least two persons to a topic-group. We used Trello https://trello.com/b/5Eu1ppuv/ssr2-subtopic-2-icann-ssr for the organization of the work. We can now stick to it, or just use the document referenced in the previous paragraph to organize the groups and work. In conclusion, the meeting was really effective and productive. Unfortunately, we haven't received a summary (transcript) of the meeting's content yet, as this task was taken over by the MSSI secretariat. Nor do we have any records or evidences. IMHO both are still outstanding. To those who have also been in LA: Please just add if I forgot something ;-) Thanks and best regards, Boban.