[Ssr2-review] FYI SSR1 Implementation Briefings and Questions

Denise Michel denisemichel at fb.com
Thu Aug 23 20:08:57 UTC 2018


https://community.icann.org/display/SSR/Briefing+Materials (includes  following table)

SSR1 Subgroup Briefings

Briefing Request

Status


Links


Grouping: ICANN Office of the Chief Technology Officer (OCTO)

SSR1 - Recs 1, 4, 5, 14, 15, 16, 18, 19, 24, 28

[(tick)] Delivered to review team on 14 May 2017


S<https://community.icann.org/download/attachments/60489951/SSR1%20OCTO%20Briefing%20May%202017%20v8.0.pdf?version=1&modificationDate=1497544489000&api=v2>lides<https://community.icann.org/download/attachments/60489951/SSR1%20OCTO%20Briefing%20May%202017%20v8.0.pdf?version=1&modificationDate=1497544489000&api=v2>

Meeting Archive<https://community.icann.org/x/TrHRAw>

Questions<https://docs.google.com/document/d/1mTQ2iBFdVjpoAeXTB5iXGNp0wwLHkb2SZ0DIgXIi5mo/edit?usp=sharing>


Grouping: ICANN Operations & Finance

SSR1 - Recs 2, 7, 8, 9, 17, 20, 21, 22

[(tick)] Delivered to review team on 25 June 2017


Slides<https://community.icann.org/pages/viewpage.action?pageId=64949767&preview=/64949767/66085067/SSR1%20Ops%20%252B%20Finance%20Briefing%20June%202017%20v4.0.pdf>

Meeting Archive<https://community.icann.org/x/Bw7fAw>

Questions<https://docs.google.com/document/d/1dB7UgK8VvrgQHBiXtjE8NAQssJjNebjf_tWIDBpT4gw/edit?usp=sharing>


Grouping: ICANN Compliance

SSR1 - Rec 10

[(tick)] Delivered to review team on 11 July 2017


Slides<https://community.icann.org/display/SSR/SSR2+Meeting+%252318+-+11+July+2017+@+21%253A00+UTC?preview=/66085372/66090813/SSR1%20Compliance%20Briefing%20June%202017%20v3.pdf>

Meeting Archive<https://community.icann.org/x/-GHwAw>

Questions<https://docs.google.com/document/d/13P787TR1s2KMA9s4tuqcjUrXUoBBdJLpWpD3Ms6x0zI/edit?usp=sharing>


Grouping: Risk Management

SSR1 - Recs 25 - 27

[(tick)] Delivered to review team on 25 July 2017


Slides<https://community.icann.org/display/SSR/SSR2+Meeting+%252320+-+++25+July+2017+@+14%253A00+UTC?preview=/66087444/69272989/SSR1%20Risk%20Management%20Briefing%20July%202017%20v5.0.pdf>

Meeting Archive<https://community.icann.org/x/FGrwAw>

Questions<https://docs.google.com/document/d/1h45Ta5DqeyZck69GpvFPcnn-ndAZqcSGb_-4cJGxfp8/edit?usp=sharing>


Grouping: ICANN GDD

SSR1 - Recs 11, 12

[(tick)] Delivered to review team on 1 August 2017


Slides<https://community.icann.org/display/SSR/SSR2+Meeting+%252321+-+01+August+2017+@+21%253A00+UTC?preview=/66089357/69274906/SSR1%20GDD_%20%20Briefing%20June%202017%20v3.0.pdf>

Meeting Archive<https://community.icann.org/x/jXHwAw>

Questions<https://docs.google.com/document/d/1V2Rdo29hhbug0hpTqpR1Z5dPXaKZuY2jszwJcfEOiko/edit?usp=sharing>


Grouping: ICANN Policy

SSR1 - Recs 6, 13, 23

[(info)] Briefing not currently required per Co-Chairs

Questions<https://docs.google.com/document/d/1XSFK6edPSYh7VpGGVqzLE8CnmqUdyy2xKYEkRcAB4Cs/edit?usp=sharing>


Grouping: ICANN Communications

SSR1 - Rec 3

[(info)] Briefing not currently required per Co-Chairs

Questions<https://docs.google.com/document/d/1OAUoAL9YP5TY76jehKzM2RwLM8N_Vg1ivdc_CSDqNLM/edit?usp=sharing>



https://community.icann.org/display/SSR/Subgroup+%25231+-+SSR1+Review (includes following requests for information)


Open Actions/Requests

*To be provided once reasonable date is determined by appropriate subject-matter expert
Item #

Source of Request

Date of Request

Action Item Request

Action Owner


Anticipated Completion Date*

Progress Notes

Completed Response

Completion Date

167.1

Email<http://mm.icann.org/pipermail/ssr2-review/2017-October/000683.html>


09 Oct 2017

SSR1 Rec 21: Is there a link to the template described in the staff implementation report?

ICANN Org

167.2

Email<http://mm.icann.org/pipermail/ssr2-review/2017-October/000683.html>


09 Oct 2017


SSR1 Rec 21: Is there a plan for getting public comment on the template prior to using it for publishing information on budget and resource impacts related to SSR events?

ICANN Org

167.3

Email<http://mm.icann.org/pipermail/ssr2-review/2017-October/000683.html>


09 Oct 2017


SSR1 Rec 21: Where is the budgetary information as it pertains to the SSR? And where is the cost benefit analysis for making these decisions?

ICANN Org

167.4

Email<http://mm.icann.org/pipermail/ssr2-review/2017-October/000683.html>


09 Oct 2017


SSR1 Rec 21: Where is the evidence that a more structured internal process has been developed for SSR budgetary considerations? How do these decisions map onto ICANN’s planning framework and process?

ICANN Org

167.5

Email<http://mm.icann.org/pipermail/ssr2-review/2017-October/000683.html>


09 Oct 2017


SSR1 Rec 21: Can ICANN provide an update as to the status of phase two (identifying mechanisms that that provide detailed public information on SSR-related budgets), and the steps still to be taken to ensure this recommendation is properly implemented?

ICANN Org

167.6

Email<http://mm.icann.org/pipermail/ssr2-review/2017-October/000683.html>


09 Oct 2017

SSR1 Rec 22: Recommendation 22 is specifically about the new gTLD program.  What documentation, specific to the new gTLD Program, on the organization, budget and resources needed to manage SSR issues in this area is available?

ICANN Org

167.7

Email<http://mm.icann.org/pipermail/ssr2-review/2017-October/000683.html>


09 Oct 2017


SSR1 Rec 22: Since the publication of the SSR1 report, what materials have been published by the SSR team that are specific to the implementation of the new gTLD Program? How has that work been budgeted and resourced?

ICANN Org

167.8

Email<http://mm.icann.org/pipermail/ssr2-review/2017-October/000683.html>


09 Oct 2017

SSR1 Rec 23: Recommendation 23 calls for a mechanism for Working Groups and Advisory Councils to support their decisions in an objective manner that is free from external or internal pressure. Where is such a mechanism documented – specifically regarding the work of SSAC and RSSAC?

ICANN Org

167.9

Email<http://mm.icann.org/pipermail/ssr2-review/2017-October/000683.html>


09 Oct 2017


SSR1 Rec 25: Since the publication of the SSR1 Final Report, what mechanisms have been put into place to incorporate near and long-term risks into a formal, strategic Risk Management Framework for ICANN?

ICANN Org

167.10

Email<http://mm.icann.org/pipermail/ssr2-review/2017-October/000683.html>


09 Oct 2017


SSR1 Rec 25: Since the Board approval of the 2014 Risk Management Framework provided by an external consultant, what further review, consultation or further work has been done on the approved Framework?

ICANN Org

167.11

Email<http://mm.icann.org/pipermail/ssr2-review/2017-October/000683.html>


09 Oct 2017


SSR1 Rec 25: Please provide evidence of briefings to the Board Risk Committee on the risk assessment and proposed mitigation measures, as per Board Resolution dated 21 November 2013 https://features.icann.org/dns-risk-management-framework-report-and-implementation?language=fr<https://urldefense.proofpoint.com/v2/url?u=https-3A__features.icann.org_dns-2Drisk-2Dmanagement-2Dframework-2Dreport-2Dand-2Dimplementation-3Flanguage-3Dfr&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=MWVuq3jZIw5gwhGdDf-HWNL4CEWIsdUnt9gOgplCArM&m=oQkY2RgHMwkpWuzxyOa-ywogqQ7RYl29EsH6fxYbHP4&s=-bAKvC-l7sMNykXfmvWKztpWcs_5dPQ2g3NYRYYqNpQ&e=>, and any follow up arising from such briefings.

ICANN Org

167.12

Email<http://mm.icann.org/pipermail/ssr2-review/2017-October/000683.html>


09 Oct 2017


SSR1 Rec 25: What efforts have been made since 2014 to demonstrate that ICANNs risk management framework follows the standards of transparency and community participation, required by the SSR1?

ICANN Org

167.13

Email<http://mm.icann.org/pipermail/ssr2-review/2017-October/000683.html>


09 Oct 2017


SSR1 Rec 25: Please clarify whether the portfolio of the new VP of Enterprise Risk Management extends into risks relating to ICANN's role with regard to the internet's set of unique identifiers, and future threats relating to unique identifiers?

ICANN Org

167.14

Email<http://mm.icann.org/pipermail/ssr2-review/2017-October/000683.html>


09 Oct 2017


SSR1 Rec 25: Is there a final DNS risk assessment document (the linked to document is labelled 'draft') https://www.icann.org/en/system/files/files/dns-risk-consultation-28may14-en.pdf<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_dns-2Drisk-2Dconsultation-2D28may14-2Den.pdf&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=MWVuq3jZIw5gwhGdDf-HWNL4CEWIsdUnt9gOgplCArM&m=oQkY2RgHMwkpWuzxyOa-ywogqQ7RYl29EsH6fxYbHP4&s=Cz5MrdNDWlyKtZ11eleR0UhTEoMJh9We0IWzIQxaZ98&e=>, and have there been any updates since 2014?

ICANN Org

167.15

Email<http://mm.icann.org/pipermail/ssr2-review/2017-October/000683.html>


09 Oct 2017

SSR1 Rec 27: The staff report for implementation of SSR1’s Recommendations indicates that this Recommendation is complete. How did staff assess the “comprehensiveness” of the Risk Management Framework to come to this conclusion?

ICANN Org

167.16

Email<http://mm.icann.org/pipermail/ssr2-review/2017-October/000683.html>


09 Oct 2017

SSR1 Rec 27: Please provide details of how the risk management has been staffed since SSR1 recommendations have been adopted by the Board.

ICANN Org

146.1

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017


SSR1 Rec 1-20 General Question: What individual within the ICANN organization holds ultimate responsibility for implementation of SSR1 recommendations?

ICANN Org

146.2

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017


SSR1 Rec 1-20 General Question: How has the responsibility for implementation of SSR1 recommendations flowed down through the organization, in terms of ownership, deliverables, performance objectives, etc.?

ICANN Org

146.3

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017


SSR1 Rec 1-20 General Question: What mechanisms exist within the ICANN organization to provide regular (at least annual) reviews of SSR1 implementation, and to make appropriate adjustments to working practices and responsibilities?

ICANN Org

146.4

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017


SSR1 Rec 1-20 General Question: What measures of success have been adopted within the ICANN organization for implementation of SSR1 recommendations, and how has the community been involved in defining or reviewing such measures?

ICANN Org

146.5

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017


SSR1 Rec 1-20 General Question: How has the ICANN organization ensured that the implementation of SSR1 recommendations are embedded in standard operating procedures?

ICANN Org

146.6

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017


SSR1 Rec 1-20 General Question: The SSR1 Report includes check marks for due dates under “Status of Deliverables” and the accompanying text often does not contain completion dates. Please provide a “due date” and completion date for each deliverable.

ICANN Org

146.7

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017


SSR1 Rec 1: Since the version developed in 2012, what changes have been made to the SSR remit and technical mission statement? Who has made those changes? How has the community been allowed to review and comment on those changes? When were the last changes made to this statement?

ICANN Org

146.8

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017


SSR1 Rec 1: How are the definitions of security, stability and resiliency consistently carried through into key documents, such as strategic plans and agreements with contracted parties?

ICANN Org

146.9

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017


SSR1 Rec 2: Recommendation 2 directs that the definition of ICANN’s SSR remit and limited technical mission should be reviewed in order to maintain consensus and elicit feedback from the Community. Please provide details of reviews and community feedback that have occurred since 2013.

ICANN Org

146.10

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 2: As ICANN’s SSR remit and limited technical mission statement has evolved, how has comment from the community been incorporated? For instance, is there a summary of the comments on the FY 2014 Framework? Where is this published?

ICANN Org

146.11

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 3: In what way has ICANN publicized consistent terminology and descriptions related to ICANN’s SSR role and remit? Where are these published?

ICANN Org

146.12

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 3: What terms related to SSR have been added to the ICANN public glossary? When were they added?

ICANN Org

146.13

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 4: What accounts for the inconsistencies between the different documents on the ICANN website that describe the nature of the SSR relationships it has within the ICANN community?

ICANN Org

146.14

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 4: In what way are these documents fulfilling the requirement to provide a single focal point for understanding the interdependencies between organizations?

ICANN Org

146.15

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017


SSR1 Rec 4: What opportunities have there been for community input into the nature/definition of ICANN’s SSR relationships?

ICANN Org

146.16

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 4:How is the document describing SSR relationships with partner organizations being updated?

ICANN Org

146.17

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 6: What is the status of the document currently available at: https://www.icann.org/en/system/files/files/draft-rssac-ssac-roles-responsibilities-05mar15-en.pdf?

ICANN Org

146.18

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 6: The recommendation requires that ICANN should seek consensus for this document across both groups. Please provide documentation that this occurred.

ICANN Org

146.19

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017


SSR1 Rec 6: What specific resourcing for RSSAC and SSAC appears in either the ICANN Operating Plan or the most recent budget?

ICANN Org

146.20

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017


SSR1 Rec 7: How are the objectives specific to the SSR Framework documented in either the Operating Plan or the Strategic Plan?

ICANN Org

146.21

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017


SSR1 Rec 7: Where are priorities for SSR activities and initiatives published?

ICANN Org

146.22

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017


SSR1 Rec 7: In what ways have pragmatic cost-benefit and risk analysis informed the choice of priorities (if any)?

ICANN Org

146.23

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 7: In addition to the ability to comment on draft ICANN budgets and plans, how is the community able to provide input into the objectives, initiatives and activities related to SSR at ICANN?

ICANN Org

146.24

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 7: The SSR1 Report indicates that ICANN will “improve and publish a process for establishing updated SSR priorities and objectives.” Where has this been published? Was there a mechanism for community review of the process (if so, please provide links)?

ICANN Org

146.25

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 9: SysTrust certification is referenced in the SSR1 Report as already in place. Please explain how it is claimed to be implementation of SSR1.

ICANN Org

146.26

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 9: Beside the certifications/audits done for processes in IANA, what certification activities have been assessed or implemented related to SSR?

ICANN Org

146.27

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 9: For staff working on SSR-related objectives, is there a certification plan in place as part of career/staff development?

ICANN Org

146.28

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 9: When was the EFQM model implemented within ICANN, and please provide details of how the SSR Framework and standard operating procedures have been evaluated and updated in the light of EFQM adoption to demonstrate process improvements over time.

ICANN Org

146.29

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 9: Has ICANN ever published a document that would include “a clear roadmap towards certification?” If so, where? Was there a mechanism by which community comment or engagement took place for such a document?

ICANN Org

146.30

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 10: Please provide a summary of the number of complaints and enforcement actions against registries and registrars taken by contractual compliance on the basis of SSR obligations in the past 5 years.

ICANN Org

146.31

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 10: To what extent does ICANN measure the incidence and impact of registration abuse and/or malicious conduct by contracted parties?

ICANN Org

146.32

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 11: What measurements exist, and are used, for the effectiveness of mechanisms to mitigate domain name abuse, as required in recommendation 11?

ICANN Org

146.33

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 11: Please provide details of the measures of success relating to new gTLDs and IDNs that expressly address SSR related program objectives. The link in the SSR1 Report did not resolve.

ICANN Org

146.34

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 11: Please provide details of how SSR objectives are explicitly referenced in ICANN’s standard operating procedures, Service Level Agreements and monitoring, emergency back- end registry operators and data escrow, Trademark Clearinghouse, root zone scaling management, DNSSEC-related activities, and Compliance Dept. activities.

ICANN Org

146.35

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 11: Noting IAG-CCT produced 70 metrics of which a single one (1.13) related to security issues; please provide details of the information gathered according to that metric. The web page of metrics and measures does not include information relating to 1.13.

ICANN Org

146.36

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 11: The SSR1 Report refers to Specification 11 as applying to all new gTLD registries. Please provide reports on the number and type of security threats reported by registries under their Specification 11 obligations. Please give details of enforcement action(s) taken by ICANN’s contractual compliance department in relation to Specification 11.

ICANN Org

146.37

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 11:How many new gTLD applications were failed (or placed in contention or required to take additional steps) on the basis of the (i) the security and stability review or (ii) the string similarity review.

ICANN Org

146.38

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 11: In relation to the IDN ccTLD Fast Track, please give details of any strings that have failed those security and stability checks for security and stability related reasons rather than for consumer confusion – a CCT Review issue.

ICANN Org

146.39

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 11: Considering staff and community feedback, how effective is the EPSRP mechanism (the second security and stability review in the IDN ccTLD Fast Track) in detecting and preventing stability and security issues other than consumer confusion?

ICANN Org

146.40

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 11: Are there any updates on the status of Coordinated Vulnerability Disclosure Reporting since 2013?

ICANN Org

146.41

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 11: Please provide a copy of the report referred to in bullet point 9 of recommendation 11 implementation in the Final Implementation Report. Given that the SSR objectives referred to in the report remain ‘to be defined’ please provide an explanation as to why this recommendation is said to be complete.

ICANN Org

146.42

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 11: To what extent was the commissioning of the CDAR report, the Root Stability Study Workshop and the new gTLD program security and stability impact triggered by the SSR1 recommendation, and why is the SSR1 Report not referenced in the published materials relating to those initiatives?

ICANN Org

146.43

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 12: In what way have the recommendations contained in the paper, “Identifier System Attack Mitigation Methodology,” been integrated into contracts, agreements and MoUs as envisioned by SSR1 recommendation 12?

ICANN Org

146.44

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 12: Is there a central, up-to-date resource to see how the ISSSR team, and other professionals in the SSR field, have worked with SOs and ACs to identify additional, targeted best-practices for their constituents? Are there pointers to or records of those engagements?

ICANN Org

146.45

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 12: What are some examples of significant MoUs with international entities that have SSR-practices embedded within them?

ICANN Org

146.46

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 12: Is the only place where ICANN has documented work on recommendations for web application protection and development of resources for security awareness in the report from the 4th Global DNS Stability, Security and Resiliency Symposium?

ICANN Org

146.47

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 12: Has there been a Global DNS Stability, Security and Resiliency Symposium since 2014?

ICANN Org

146.48

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 13: In what way are the resources on the ICANN Security Awareness Resource Locator supposed to help Supporting Organizations secure collaborative community assets?

ICANN Org

146.49

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 13: Have any recent steps been taken to encourage SOs and ACs to produce and publish best practices repositories for SSR-related information? Is the 2012 information on the ccTLD website the most recent example of SSR-related information published by a Supporting Organization?

ICANN Org

146.50

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 14: When is the Annual Report for FY 2016-2017 going to be published as a community resource?

ICANN Org

146.51

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 14: In the ICANN Engagement Interface, are all the SSR-Related outreach activities recorded or listed?

ICANN Org

146.52

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 15: Is there any record of the methodology in the Coordinated Vulnerability Disclosure Document ever being invoked since 2013?

ICANN Org

146..53

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 15: Are there any statistics available for the processes identified in the Coordinated Vulnerability Disclosure Document?

ICANN Org

146.54

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 15: Are there any metrics or statistics available for ICANN’s engagement with operators and trusted community entities on DNS security threats and mitigation techniques?

ICANN Org

146.55

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 16: What public engagement was done for the creation of the Frameworks and Annual Reports?

ICANN Org

146.56

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 16: Is there a record showing how Community participation and input into the SSR Framework was incorporated?

ICANN Org

146.57

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 16: Are the documents that used to be called Frameworks, now to be SSR Annual Reports? If so, what is the community engagement mechanism being used for the Annual Reports?

ICANN Org

146.58

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 16: The implementation report specifically mentions capability building initiatives that would affect greater engagement in the development of the SSR Frameworks or Annual Reports. What initiatives have taken place? Who has participated? How have they expanded participation and input into the SSR Framework development process?

ICANN Org


146.59

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 17: What is an example of a more structured internal process for showing how activities and initiatives relate to specific strategic goals, objectives and priorities in the SSR Framework? Has this been incorporated into the internal “At Task” system or other internal management systems?

ICANN Org

146.60

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 17: Are there any statistics available for the processes identified in the Coordinated Vulnerability Disclosure Document?

ICANN Org

146.61

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 17: Are there any metrics or statistics available for ICANN’s engagement with operators and trusted community entities on DNS security threats and mitigation techniques?

ICANN Org

146.62

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 19: In ICANN’s Portfolio Management system, the only SSR-related activity that appears is KSK Rollover. Is there another place where SSR-activities are tracked so that the community can see progress on current year activities (for instance the KPI Dashboard seems to be entirely related to the OCTO’s work with the technical and public safety communities)?

ICANN Org

146.63

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 20: Provide documentation of, and links to, mechanisms that have been used since 2012 to provide more detailed public information on SSR-related budgets and expenditures across multiple ICANN departments

ICANN Org

146.64

Email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000564.html>


25 Aug 2017

SSR1 Rec 20: Have any after-event reports (for relevant threats) been published that include budget and resource impacts related to managing the event? What would be an example of this kind of after-event-report?

ICANN Org

101.1

Plenary Meeting 21<https://community.icann.org/display/SSR/SSR2+Meeting+%252321+-+01+August+2017+@+21%253A00+UTC>


01 Aug 2017

Rec 11: What was happening in the 5 years between when the recommendation was approved by the Board and when a draft consultant report was posted in April 2017?

ICANN Org

101.2

Plenary Meeting 21<https://community.icann.org/display/SSR/SSR2+Meeting+%252321+-+01+August+2017+@+21%253A00+UTC>


01 Aug 2017

Rec 11: On the status and deliverables of Rec 11 it says that ICANN has implemented measures of success for the gTLDs, but we haven’t seen how you’ve implemented measures of success for new gTLDs and IDNs. That’s the first check mark, but what we’ve been provided with is a draft report of some ideas that you could do. How is that considered full implementation of this recommendation?

ICANN Org

101.5

Plenary Meeting 21<https://community.icann.org/display/SSR/SSR2+Meeting+%252321+-+01+August+2017+@+21%253A00+UTC>


01 Aug 2017

Rec. 11: The SSR1 review team called out a number of activities that were operational and within staff’s purview and contained in the SSR framework and called for implementation of measurements and metrics.  Was that work done and is it captured anywhere? To clarify, as part of the SSR1 report related to rec 11, the SSR1 review team noted ICANN administration of the new gTLD Program, IDN program, significant SSR related issues that are in the framework. They called for more specific goals, measurements and impact assessment. Was that work done and is it captured somewhere else?

ICANN Org

Clarity requested via email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000506.html>. Awaiting input from Review Team.

101.6

Plenary Meeting 21<https://community.icann.org/display/SSR/SSR2+Meeting+%252321+-+01+August+2017+@+21%253A00+UTC>


01 Aug 2017

Rec. 11: Is there more information on the steps that ICANN has taken in the past five years to facilitate data access and activities that involved other entities that had ownership or responsibilities on related activities?

ICANN Org

Clarity requested via email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000506.html>. Awaiting input from Review Team.

101.7

Plenary Meeting 21<https://community.icann.org/display/SSR/SSR2+Meeting+%252321+-+01+August+2017+@+21%253A00+UTC>


01 Aug 2017

Rec 11: Broadly, in looking at the dashboard for rec 11 and all the checkmarks including operational items, it’s really unclear how staff defined and measured success related to SSR. It’s hard to see how the basic sprit of this recommendation was implementation, especially with an idea paper from a consultant. But in terms of the last 5 years and what staff did to implement, it’s unclear. Can you gather more information and provide more clarity and facts?

ICANN Org

101.8

Plenary Meeting 21<https://community.icann.org/display/SSR/SSR2+Meeting+%252321+-+01+August+2017+@+21%253A00+UTC>


01 Aug 2017

Rec 12: With regards to establishing best practices and integrating these into agreements to which ICANN enters: It’s linked to a paper that raises a whole host of issues and addresses proposed activities but it’s unclear how that then relates to integrating those into agreements into which ICANN has entered over the past 5 years. Can you provide more specific information on how best practices are reflected in agreements that ICANN has entered into?

ICANN Org

101.9

Plenary Meeting 21<https://community.icann.org/display/SSR/SSR2+Meeting+%252321+-+01+August+2017+@+21%253A00+UTC>


01 Aug 2017

Rec 12: ‘Addressing SSR practices in MOUs’ links to a page that holds all of the MOUs. Can you provide some quantification of SSR-related practices in MOUs and more information on which ones contain SSR-related practices, which practices they contain, and how all that’s tracked or the implementation is assessed?

ICANN Org

Clarity requested via email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000506.html>. Awaiting input from Review Team.

101.11

Plenary Meeting 21<https://community.icann.org/display/SSR/SSR2+Meeting+%252321+-+01+August+2017+@+21%253A00+UTC>


01 Aug 2017

Rec 12: Which sections of the revised new gTLD registry agreement does OCTO staff feel advance SSR best practices and objectives?

ICANN Org


Completed Actions/Requests
Item #

Source of Request

Date of Request

Action Item Request

Action Owner


Anticipated Completion Date*

Progress Notes

Completed Response

Completion Date

101.10

Plenary Meeting 21<https://community.icann.org/display/SSR/SSR2+Meeting+%252321+-+01+August+2017+@+21%253A00+UTC>


01 Aug 2017

Rec 12: Is there any quantification or more detailed information on what the working relationship with the APWG has yielded?

ICANN Org

Question answered via email<http://mm.icann.org/pipermail/ssr2-review/2017-August/000513.html>.


09 Aug 2017

101.3

Plenary Meeting 21<https://community.icann.org/display/SSR/SSR2+Meeting+%252321+-+01+August+2017+@+21%253A00+UTC>


01 Aug 2017

Rec 11: Do you think it is ICANN staff’s responsibility to gather, analyze and publish this data or do you feel that it’s ICANN’s responsibility to facilitate others to do that?

ICANN Org

Question answered during the call. See meeting record<https://community.icann.org/display/SSR/SSR2+Meeting+%2321+-+01+August+2017+@+21%3A00+UTC>.


01 Aug 2017

101.4

Plenary Meeting 21<https://community.icann.org/display/SSR/SSR2+Meeting+%252321+-+01+August+2017+@+21%253A00+UTC>


01 Aug 2017

Rec 11: In a commercialized world of DNS service provision where data is considered to be a corporate asset, do you feel that either ICANN or the community at large have access to meaningful metrics? I cite the barriers that exist on information on root servers. Is this a barrier to the entire objective, that access to data appears to be challenging?

ICANN Org

Geoff Huston (asker) clarified that he feels this is a question for the review team to answer, not ICANN Org.


01 Aug 2017

101.12

Plenary Meeting 21<https://community.icann.org/display/SSR/SSR2+Meeting+%252321+-+01+August+2017+@+21%253A00+UTC>


01 Aug 2017

Rec 12: What has changed after the implementation of Rec#12 as compared with the past?

ICANN Org

Question answered during the call. See meeting record<https://community.icann.org/display/SSR/SSR2+Meeting+%2321+-+01+August+2017+@+21%3A00+UTC>.


01 Aug 2017




https://community.icann.org/display/SSR/Tracking+Tool (I don’t know if this page is duplicative or requests/questions are included above?)








-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ssr2-review/attachments/20180823/dd411d30/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 455 bytes
Desc: image001.png
URL: <http://mm.icann.org/pipermail/ssr2-review/attachments/20180823/dd411d30/image001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 295 bytes
Desc: image002.png
URL: <http://mm.icann.org/pipermail/ssr2-review/attachments/20180823/dd411d30/image002.png>


More information about the Ssr2-review mailing list