Hello all, A question came up regarding where a specific recommendation landed in the draft report. I’ve kept a table mapping what went where; a copy is below, and a copy is also now online here (in case the formatting doesn’t work for your mail client): https://docs.google.com/spreadsheets/d/1V-S3dZFWtRTGeXOpreLj2ovkCEwmTEUGthiB... <https://docs.google.com/spreadsheets/d/1V-S3dZFWtRTGeXOpreLj2ovkCEwmTEUGthiB...> Old recommendation number Description Workstream New recommendation number Implement all SSR1 Recommendations SSR1 1 Recommendation 2 ISMS, Certification SSR1 3 Recommendation 3 Metrics, Vulnerability Disclosure SSR1 - still a work in progress 5 Recommendation 4 Budget Transparency SSR1 6 Recommendation 5 SSAC, RSSAC roles SSR1 2 Recommendation 6 SSR Strategy and Framework SSR1 4 Recommendation 7 Budgeting and gTLDs SSR1 7 Recommendation 8 Risk Management SSR1 8 Recommendation 10 Security Position, C-Suite WS2 9 Recommendation 11 Security Risk Management WS2 10 Recommendation 13 DNS Test Bed WS3 16 Recommendation 14 IANA Portal WS3 17 Recommendation 15 Root Server Ops WS3 19 Recommendation 19 Research and Briefings WS4 24 Recommendation 20 Abusive Naming WS3 15 Recommendation 24 Root Zone WS3 20 Recommendation 26 Key Rollover WS3 18 Recommendation 27 DR Plan WS2 11 Recommendation 28 Name Collision WS4 22 Recommendation 35 Crypto WS4 21 Recommendation 36 Privacy WS4 23 Abuse and Compliance: Compliance WS3 12 Abuse and Compliance: Abuse Definitions & Reporting WS3 13 Abuse and Compliance: Policies and Agreements with Contracted Parties WS3 14