14,932
edits
Changes
Second Security, Stability, and Resiliency Review (view source)
Revision as of 17:20, 17 May 2023
, 1 year ago→Implementation
By April 2023, the [[ICANN Board]] had deemed 11 of the 23 recommendations complete based on whether the recommendation was fully or partially implemented, the level of community input and involvement, and whether more work was needed. Recommendations 3.2 and 3.3 on budgeting and transparency were complete based on the existing transparency and public comment framework for the organization's planning and budgeting cycle. Recommendation 4.1 on risk management was implemented with ICANN Org’s risk management policies, plans, and programs. Recommendations 7.1, 7.2, and 7.3 on business continuity and disaster recovery plans were considered implemented with ICANN org's existing approach and policies. Recommendation 9.1 was complete as its success measures align with [[Contractual Compliance]]’s existing work. To implement Recommendation 16.1, which required cross-referencing ICANN org to streamline information and improve access to privacy and data stewardship, ICANN org reviewed www.icann.org for updates and internal alignments needed.
By April 2023, the [[ICANN Board]] had deemed 11 of the 23 recommendations complete based on whether the recommendation was fully or partially implemented, the level of community input and involvement, and whether more work was needed. Recommendations 3.2 and 3.3 on budgeting and transparency were complete based on the existing transparency and public comment framework for the organization's planning and budgeting cycle. Recommendation 4.1 on risk management was implemented with ICANN Org’s risk management policies, plans, and programs. Recommendations 7.1, 7.2, and 7.3 on business continuity and disaster recovery plans were considered implemented with ICANN org's existing approach and policies. Recommendation 9.1 was complete as its success measures align with [[Contractual Compliance]]’s existing work. To implement Recommendation 16.1, which required cross-referencing ICANN org to streamline information and improve access to privacy and data stewardship, ICANN org reviewed www.icann.org for updates and internal alignments needed.
Recommendation 24.1 was complete with the inclusion of provisions in ICANN org's agreements with [[EBERO]] service providers allowing for annual EBERO readiness exercises. Recommendation 24.2 was completed when ICANN Org linked to the Common Transition Process Manual on ICANN org’s EBERO webpage.<ref>[https://www.icann.org/en/system/files/files/specific-reviews-q1-2023-report-31mar23-en.pdf Q1 2023 Specific Reviews Report, ICANN Files]</ref>
Recommendation 24.1 was complete with the inclusion of provisions in ICANN org's agreements with [[EBERO]] service providers allowing for annual EBERO readiness exercises. Recommendation 24.2 was completed when ICANN Org linked to the Common Transition Process Manual on ICANN org’s EBERO webpage.<ref>[https://www.icann.org/en/system/files/files/specific-reviews-q1-2023-report-31mar23-en.pdf Q1 2023 Specific Reviews Report, ICANN Files]</ref>
[[ICANN Organization]] has made progress on recommendations about reviewing implementation, compliance with security standards for external service providers, publishing contingency and continuity plans, updating information on DNS security threats, and developing a Time-Based One-Time Password and new RZMS security measures for authentication and authorization of requested changes, such as Multi-Factor Authentication (MFA) and encrypted email (Rec 21.1). Specifically, ICANN Org is creating a new webpage for information transparency (ITI) featuring statistics and metrics that reflect the operational status of services (root zone, gTLD, IANA registries; Rec 22.1). ICANN org is engaging subject matter experts to review SSR1 implementation and execute a new plan of action (Rec 1.1) and will include a compliance clause with security standards in its one-year-based contracts with external service-provider parties (Rec 5.3). There is now a project team to publish a summary of the Contingency and Continuity Plan and the DR plan (Rec 7.5). The [[DNS Security Threat Mitigation Program]] page and the ICANN Acronyms and Terms page now link to key terms, and the webpage will include comprehensive information on abuse-related obligations within the RAA and RA by Q4 2023 (Rec 10.1). The work on five recommendations has not started yet, two of which depend on other recommendations' completion. Recs 5.1 and 5.2 will be complete when ICANN org migrates to the [[NIST#Cybersecurity Framework|NIST Cybersecurity Framework]].<ref>[https://www.icann.org/en/system/files/files/specific-reviews-q1-2023-report-31mar23-en.pdf Q1 2023 Specific Reviews Report, ICANN Files]</ref>
==References==
==References==