Jump to content

First Security, Stability, and Resiliency Review: Difference between revisions

From ICANNWiki
JP (talk | contribs)
No edit summary
JP (talk | contribs)
No edit summary
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
The '''First Security, Stability, and Resiliency Review''' (SSR1) was initiated in 2010 and completed in 2012, with implementation of review recommendations continuing through 2015.<ref name="dashboard">[https://www.icann.org/resources/pages/ssr1-progress-milestones-2019-08-07-en ICANN.org - SSR1 Dashboard]</ref>
The '''First Security, Stability, and Resiliency Review''' (SSR1) was initiated in 2010 and completed in 2012, with implementation of review recommendations continuing through 2015.<ref name="dashboard">[https://www.icann.org/resources/pages/ssr1-progress-milestones-2019-08-07-en ICANN.org - SSR1 Dashboard]</ref>
<timeline>
# All measures are in pixels
ImageSize  = width:800 height:400
PlotArea  = left:20 right:20 bottom:20 top:20
AlignBars  = early
DateFormat = mm/dd/yyyy
Period    = from:01/01/2010 till:12/31/2015
TimeAxis  = orientation:horizontal
Colors =
  id:grid value:rgb(0.9,0.9,0.9)
ScaleMajor = unit:year increment:1 start:01/01/2010
ScaleMinor = unit:month increment:3 start:01/01/2010 gridcolor:grid
Define $dx = 25
BarData=
    Barset:Phases
PlotData=
  align:left textcolor:black fontsize:M mark:(line,black) width:15
  barset:Phases color:yellowgreen
      from:06/01/2010 till:09/30/2010 shift:($dx,-5) text:[https://www.icann.org/resources/pages/ssr-whois-call-for-applicants-2012-02-25-en|Call for Volunteers & Application Period]
      at:07/01/2010 shift:(2,-5) text:[https://www.icann.org/resources/pages/call-for-experts-dns-2012-02-25-en|Call for Experts to Apply to SSR1]
      at:09/30/2010 shift:(2,-5) text:[https://www.icann.org/resources/pages/composition-13-2012-02-25-en|Appointment of Review Team Members]
      from:12/05/2010 till:12/10/2010 shift:(5,-5) text:[https://community.icann.org/display/SSR/Cartagena+Meeting|ICANN 39 Sessions]
      from:02/21/2011 till:04/06/2011 shift:(15,-5) text:[https://www.icann.org/en/public-comment/proceeding/the-security-stability-and-resiliency-of-the-dns-review-team-set-of-issues-21-02-2011|Public Comment Period on Identified Issues]
      from:03/13/2011 till:03/18/2011 shift:(5,-5) text:[https://community.icann.org/display/SSR/Silicon+Valley+Meeting|ICANN 40 Sessions]
      from:06/20/2011 till:06/23/2011 shift:(5,-5) text:[https://community.icann.org/display/SSR/Singapore+Meeting|ICANN 41 Sessions]
      at:06/23/2011 shift:(2,-5) text:[https://community.icann.org/display/ssrreview/Terms+of+Reference+-+23+June+2011|Finalized Terms of Reference]
      from:06/23/2011 till:03/12/2012 shift:(50,-5) text:[https://www.icann.org/en/system/files/files/draft-report-15mar12-en.pdf|Preparation & Publication of Draft Report]
      from:10/23/2011 till:10/27/2011 shift:(5,-5) text:[https://community.icann.org/display/SSR/Dakar+Meeting|ICANN 42 Sessions]
      from:03/11/2012 till:03/16/2012 shift:(5,-5) text:[https://community.icann.org/display/SSR/San+Jose+Meeting|ICANN 43 Sessions]
      from:03/13/2012 till:04/15/2012 shift:(10,-5) text:[https://www.icann.org/en/public-comment/proceeding/security-stability--resiliency-of-the-dns-review-team-ssr-rt---draft-report-15-03-2012|Public Comment Period on Draft Report]
      from:05/17/2012 till:06/16/2012 shift:(10,-5) text:[https://www.icann.org/en/public-comment/proceeding/draft-statement-of-icanns-role-and-remit-in-security-stability-and-resiliency-of-the-internets-unique-identifier-systems-17-05-2012|Public Comment Period on Specific Draft Recommendations]
      at:06/20/2012 shift:(2,-5) text:[https://www.icann.org/en/system/files/files/final-report-20jun12-en.pdf|Final Report Submitted to the Board]
      from:06/21/2012 till:07/30/2012 shift:(15,-5) text:[https://www.icann.org/en/public-comment/proceeding/security-stability--resiliency-of-the-dns-review-team-ssr-rt-final-report-21-06-2012|Public Comment Period on Final Report]
      at:09/13/2012 shift:(2,-5) text:"[https://www.icann.org/resources/board-material/minutes-2012-09-13-en#1.b|Board Accepts Report & Requests Implementation Plan]"
      at:10/18/2012 shift:(2,-5) text:"[https://www.icann.org/resources/board-material/resolutions-2012-10-18-en#1.e|Board Approves Implementation Plan]"
      from:10/19/2012 till:12/31/2015 shift:(0,-5) align:center text:"[https://www.icann.org/en/system/files/files/ssr-review-implementation-30jun15-en.pdf|Implementation Phase]"
</timeline>


==Background==
==Background==
Line 17: Line 63:
Applications for volunteers began in June 2010.<ref name="dashboard" /> in addition, the review planning team solicited applications from independent experts to serve on the review team.<ref>[https://www.icann.org/resources/pages/call-for-experts-dns-2012-02-25-en ICANN.org - Call for Experts, SSR1], July 26, 2010</ref> The review team was appointed in September of 2010.<ref name="dashboard" />
Applications for volunteers began in June 2010.<ref name="dashboard" /> in addition, the review planning team solicited applications from independent experts to serve on the review team.<ref>[https://www.icann.org/resources/pages/call-for-experts-dns-2012-02-25-en ICANN.org - Call for Experts, SSR1], July 26, 2010</ref> The review team was appointed in September of 2010.<ref name="dashboard" />
   
   
The team held its first in-person meetings at [[ICANN 39]] in Colombia and used those meetings to draft its Terms of Reference (ToR).<ref>[https://www.icann.org/en/announcements/details/call-for-public-comments-the-security-stability-and-resiliency-of-the-dns-review-team-21-2-2011-en ICANN.org - Call for Public Comment - SSR1 ToR]</ref> The team held a day-long public session at [[ICANN 40]] to refine the Terms of Reference and receive comments and suggestions from the community.<ref>[https://archive.icann.org/en/meetings/siliconvalley2011/node/22237.html ICANN 40 Meeting Archive - Schedule]</ref>  The final version of the Terms of Reference was submitted to the board in June 2011.<ref name="dashboard" /> The ToR highlighted three central themes for investigation and review:
The team held its first in-person meetings at [[ICANN 39]] in Colombia and used those meetings to draft its Terms of Reference (ToR).<ref>[https://www.icann.org/en/announcements/details/call-for-public-comments-the-security-stability-and-resiliency-of-the-dns-review-team-21-2-2011-en ICANN.org - Call for Public Comment - SSR1 ToR]</ref> The team held a day-long public session at [[ICANN 40]] to refine the Terms of Reference and receive comments and suggestions from the community.<ref>[https://archive.icann.org/en/meetings/siliconvalley2011/node/22237.html ICANN 40 Meeting Archive - Schedule]</ref>  The final version of the Terms of Reference was submitted to the board in June 2011.<ref name="dashboard" /> The ToR highlighted three central issue areas for investigation and review:
#
#The scope of ICANN's SSR responsibilities;
#Effectiveness and implementation of ICANN's SSR plan; and
#Risk landscape and contingency plan.<ref name="tor">[https://community.icann.org/display/SSR/Terms+of+Reference+-+23+June+2011 SSR1 Terms of Reference], June 23, 2011</ref>
Within each of the issue areas, multiple topics were identified for the review team to examine as part of its fact finding.<ref>[https://community.icann.org/display/SSR/SSR+Review+Fieldwork+Planning SSR1 Workspace - Fieldwork Planning]</ref> The ToR formed the basis for dividing into three subteams, based around the topic areas.<ref>[https://community.icann.org/display/SSR/SSR+Review+Fieldwork+Planning SSR1 Workspace - Fieldwork Planning</ref>
 
==Findings and Draft Report==
The review team published its draft report for public comment in March 2012.<ref name="dashboard" /> The draft report listed twenty-eight recommendations based on the team's findings.<ref>[https://www.icann.org/en/system/files/files/draft-report-15mar12-en.pdf SSR1 Draft Report], March 15, 2012</ref>. A common theme was improving clarity of mission and messaging around each of the main topic areas.
 
ICANN staff also prepared and published a mission statement document for public comment in response to recommendations #1 and #3.<ref>[https://www.icann.org/en/announcements/details/draft-statement-of-icanns-role-and-remit-in-security-stability-and-resiliency-of-the-internets-unique-identifier-systems-17-5-2012-en ICANN.org - Draft statement of ICANN's role and remit], May 17, 2012</ref> The statement was intended to refine and spell out ICANN's obligations and commitments to the stability, security, and resilience of the Internet's unique identifier systems. Public comment was substantial and largely positive toward the effort to clarify and synthesize ICANN's mission.<ref>[https://www.icann.org/en/system/files/files/report-comments-draft-ssr-role-remit-04oct12-en.pdf ICANN.org - Staff Report on Public Comment Proceeding], October 4, 2012</ref>
 
==Final Report and Implementation==
The final report was submitted to the ICANN board and published for public comment in June 2012. Public comments on the final report were minimal: only [[ALAC]], [[RySG]], and [[Andrew Sullivan]] on behalf of [[Dynamic Network Services]] posted comments. These were largely congratulatory, with some issues raised regarding the clarity and purpose of some specific recommendations, and the need for close and nuanced reading of the report itself.<ref>[https://www.icann.org/resources/pages/ssr-rt-final-report-2012-06-21-en ICANN.org Listserv Archive - SSR1 Final Report]</ref>
 
The board acknowledged receipt of the report in September 2012, and instructed staff to present feasibility assessments and propose an implementation plan on the recommendations.<ref>[https://www.icann.org/resources/board-material/minutes-2012-09-13-en#1.b Resolution of the Board], September 13, 2012</ref> In October 2012, the board took action on the recommendations, noting that ICANN staff had proposed implementation of all of the recommendations, finding them all feasible. The board approved the report and the implementation of all of its recommendations.<ref>[https://www.icann.org/resources/board-material/resolutions-2012-10-18-en#1.e Resolution of the Board], October 18, 2012</ref>
 
The final implementation update report was published in June 2015.<ref>[https://www.icann.org/en/system/files/files/ssr-review-implementation-30jun15-en.pdf ICANN.org - SSR1 Implementation Update], June 30, 2015</ref> As of December 2015, the SSR1 implementation has been deemed complete.<ref name="dashboard" />


==References==
==References==
{{reflist}}
{{reflist}}
__NOTOC__
__NOTOC__
[[Category:Specific Reviews]]

Latest revision as of 21:11, 15 October 2021

The First Security, Stability, and Resiliency Review (SSR1) was initiated in 2010 and completed in 2012, with implementation of review recommendations continuing through 2015.[1]

<timeline>

  1. All measures are in pixels

ImageSize = width:800 height:400 PlotArea = left:20 right:20 bottom:20 top:20 AlignBars = early

DateFormat = mm/dd/yyyy Period = from:01/01/2010 till:12/31/2015 TimeAxis = orientation:horizontal Colors =

  id:grid value:rgb(0.9,0.9,0.9)

ScaleMajor = unit:year increment:1 start:01/01/2010 ScaleMinor = unit:month increment:3 start:01/01/2010 gridcolor:grid

Define $dx = 25

BarData=

   Barset:Phases

PlotData=

  align:left textcolor:black fontsize:M mark:(line,black) width:15
  barset:Phases color:yellowgreen
     from:06/01/2010 till:09/30/2010 shift:($dx,-5) text:for Volunteers & Application Period
     at:07/01/2010 shift:(2,-5) text:for Experts to Apply to SSR1
     at:09/30/2010 shift:(2,-5) text:of Review Team Members
     from:12/05/2010 till:12/10/2010 shift:(5,-5) text:39 Sessions
     from:02/21/2011 till:04/06/2011 shift:(15,-5) text:Comment Period on Identified Issues
     from:03/13/2011 till:03/18/2011 shift:(5,-5) text:40 Sessions
     from:06/20/2011 till:06/23/2011 shift:(5,-5) text:41 Sessions
     at:06/23/2011 shift:(2,-5) text:Terms of Reference
     from:06/23/2011 till:03/12/2012 shift:(50,-5) text:& Publication of Draft Report
     from:10/23/2011 till:10/27/2011 shift:(5,-5) text:42 Sessions
     from:03/11/2012 till:03/16/2012 shift:(5,-5) text:43 Sessions
     from:03/13/2012 till:04/15/2012 shift:(10,-5) text:Comment Period on Draft Report
     from:05/17/2012 till:06/16/2012 shift:(10,-5) text:Comment Period on Specific Draft Recommendations
     at:06/20/2012 shift:(2,-5) text:Report Submitted to the Board
     from:06/21/2012 till:07/30/2012 shift:(15,-5) text:Comment Period on Final Report
     at:09/13/2012 shift:(2,-5) text:"Accepts Report & Requests Implementation Plan"
     at:10/18/2012 shift:(2,-5) text:"Approves Implementation Plan"
     from:10/19/2012 till:12/31/2015 shift:(0,-5) align:center text:"Phase"

</timeline>


Background

The Affirmation of Commitments, an agreement between ICANN and the United States Department of Commerce, establishes ICANN's obligations to perform its duties with specific commitments in mind. All of the commitments bear on public and consumer trust of the organization. ICANN is to perform its functions in a manner that:

  • ensures accountability and transparency of decision-making;
  • preserves the security, stability, and resiliency of the DNS;
  • promotes competition, consumer trust, and consumer choice; and
  • enables access to registration data.

ICANN is also charged to periodically review and assess its performance through the lens of each of the above commitments.[2]

ICANN's board enshrined these commitments (and the associated reviews) in its Bylaws in Article 1 (Mission, Commitments, and Core Values)[3] and in Article 4 (Accountability and Review).[4] Article 4.6 deals with "Specific Reviews," each of which are tied to one of the commitments in the Affirmation of Commitments.[5]

The Organizational Effectiveness Committee of the board oversees the conduct of specific reviews.[6] The SSR is one such review. The Bylaws contain specific requirements for the composition of the SSR review team, including a requirement that "independent experts" be appointed to the team.[5]

Review Scope and Planning

Applications for volunteers began in June 2010.[1] in addition, the review planning team solicited applications from independent experts to serve on the review team.[7] The review team was appointed in September of 2010.[1]

The team held its first in-person meetings at ICANN 39 in Colombia and used those meetings to draft its Terms of Reference (ToR).[8] The team held a day-long public session at ICANN 40 to refine the Terms of Reference and receive comments and suggestions from the community.[9] The final version of the Terms of Reference was submitted to the board in June 2011.[1] The ToR highlighted three central issue areas for investigation and review:

  1. The scope of ICANN's SSR responsibilities;
  2. Effectiveness and implementation of ICANN's SSR plan; and
  3. Risk landscape and contingency plan.[10]

Within each of the issue areas, multiple topics were identified for the review team to examine as part of its fact finding.[11] The ToR formed the basis for dividing into three subteams, based around the topic areas.[12]

Findings and Draft Report

The review team published its draft report for public comment in March 2012.[1] The draft report listed twenty-eight recommendations based on the team's findings.[13]. A common theme was improving clarity of mission and messaging around each of the main topic areas.

ICANN staff also prepared and published a mission statement document for public comment in response to recommendations #1 and #3.[14] The statement was intended to refine and spell out ICANN's obligations and commitments to the stability, security, and resilience of the Internet's unique identifier systems. Public comment was substantial and largely positive toward the effort to clarify and synthesize ICANN's mission.[15]

Final Report and Implementation

The final report was submitted to the ICANN board and published for public comment in June 2012. Public comments on the final report were minimal: only ALAC, RySG, and Andrew Sullivan on behalf of Dynamic Network Services posted comments. These were largely congratulatory, with some issues raised regarding the clarity and purpose of some specific recommendations, and the need for close and nuanced reading of the report itself.[16]

The board acknowledged receipt of the report in September 2012, and instructed staff to present feasibility assessments and propose an implementation plan on the recommendations.[17] In October 2012, the board took action on the recommendations, noting that ICANN staff had proposed implementation of all of the recommendations, finding them all feasible. The board approved the report and the implementation of all of its recommendations.[18]

The final implementation update report was published in June 2015.[19] As of December 2015, the SSR1 implementation has been deemed complete.[1]

References