Second Security, Stability, and Resiliency Review: Difference between revisions

Jessica (talk | contribs)
Jessica (talk | contribs)
 
Line 295: Line 295:
Recommendation 24.1 was complete with the inclusion of provisions in ICANN org's agreements with [[EBERO]] service providers allowing for annual EBERO readiness exercises. Recommendation 24.2 was completed when ICANN Org linked to the Common Transition Process Manual on ICANN org’s EBERO webpage.<ref>[https://www.icann.org/en/system/files/files/specific-reviews-q1-2023-report-31mar23-en.pdf Q1 2023 Specific Reviews Report, ICANN Files]</ref>
Recommendation 24.1 was complete with the inclusion of provisions in ICANN org's agreements with [[EBERO]] service providers allowing for annual EBERO readiness exercises. Recommendation 24.2 was completed when ICANN Org linked to the Common Transition Process Manual on ICANN org’s EBERO webpage.<ref>[https://www.icann.org/en/system/files/files/specific-reviews-q1-2023-report-31mar23-en.pdf Q1 2023 Specific Reviews Report, ICANN Files]</ref>


[[ICANN Organization]] has made progress on recommendations about reviewing implementation, compliance with security standards for external service providers, publishing contingency and continuity plans, updating information on DNS security threats, and developing a Time-Based One-Time Password and new RZMS security measures for authentication and authorization of requested changes, such as Multi-Factor Authentication (MFA) and encrypted email (Rec 21.1). Specifically, ICANN Org is creating a new webpage for information transparency (ITI) featuring statistics and metrics that reflect the operational status of services (root zone, gTLD, IANA registries; Rec 22.1). ICANN org is engaging subject matter experts to review SSR1 implementation and execute a new plan of action (Rec 1.1) and will include a compliance clause with security standards in its one-year-based contracts with external service-provider parties (Rec 5.3). There is now a project team to publish a summary of the Contingency and Continuity Plan and the DR plan (Rec 7.5). The [[DNS Security Threat Mitigation Program]] page and the ICANN Acronyms and Terms page now link to key terms, and the webpage will include comprehensive information on abuse-related obligations within the RAA and RA by Q4 2023 (Rec 10.1).<ref>[https://www.icann.org/en/system/files/files/specific-reviews-q1-2023-report-31mar23-en.pdf Q1 2023 Specific Reviews Report, ICANN Files]</ref>
[[ICANN Organization]] has made progress on recommendations about reviewing implementation, compliance with security standards for external service providers, publishing contingency and continuity plans, updating information on DNS security threats, and developing a Time-Based One-Time Password and new RZMS security measures for authentication and authorization of requested changes, such as Multi-Factor Authentication (MFA) and encrypted email (Rec 21.1). Specifically, ICANN Org is creating a new webpage for information transparency (ITI) featuring statistics and metrics that reflect the operational status of services (root zone, gTLD, IANA registries; Rec 22.1). ICANN org is engaging subject matter experts to review SSR1 implementation and execute a new plan of action (Rec 1.1) and will include a compliance clause with security standards in its one-year-based contracts with external service-provider parties (Rec 5.3). There is now a project team to publish a summary of the Contingency and Continuity Plan and the DR plan (Rec 7.5). The [[DNS Security Threat Mitigation Program]] page and the ICANN Acronyms and Terms page now link to key terms, and the webpage will include comprehensive information on abuse-related obligations within the RAA and RA by Q4 2023 (Rec 10.1). The work on five recommendations has not started yet, two of which depend on other recommendations' completion. Recs 5.1 and 5.2 will be complete when ICANN org migrates to the [[NIST#Cybersecurity Framework|NIST Cybersecurity Framework]].<ref>[https://www.icann.org/en/system/files/files/specific-reviews-q1-2023-report-31mar23-en.pdf Q1 2023 Specific Reviews Report, ICANN Files]</ref>


==References==
==References==