[Ssr2-review] Action Req'd: SSR1 Recommendations

[Jennifer Bryce]

Dear SSR2 RT members,

Per the discussion on the 27 September plenary call, please use the Doodle poll to indicate which SSR1 recommendation you wish to take the lead on developing a strawman proposal for, to share with the RT. Note that recommendations 2, 3 and 5 are not included because the RT has already discussed these.

The text of each recommendation is below.

Doodle poll: https://doodle.com/poll/8ew3ugdg9aghr8yf

SSR1 Recommendations:

1: ICANN should publish a single, clear and consistent statement of its SSR remit and limited technical mission.

4: ICANN should document and clearly define the nature of the SSR relationships it has within the ICANN Community in order to provide a single focal point for understanding the interdependencies between organizations.

6: ICANN should publish a document clearly outlining the roles and responsibilities for both the SSAC and RSSAC in order to clearly delineate the activities of the two groups. ICANN should seek consensus for this across both groups, recognizing the history and circumstances of the formation of each. ICANN should consider appropriate resourcing for both groups, consistent with the demands placed upon them.

7: ICANN should build on its current SSR Framework by establishing a clear set of objectives and prioritizing its initiatives and activities in accordance with these objectives.

8: ICANN should continue to refine its Strategic Plan objectives, particularly the goal of maintaining and driving DNS availability. Clear alignment of Framework & Strategic Plan.

9: ICANN should assess certification options with commonly accepted international standards (e.g. ITIL, ISO and SAS-70) for its operational responsibilities. ICANN should publish a clear roadmap towards certification.

10: ICANN should continue its efforts to step up contract compliance enforcement and provide adequate resources for this function. ICANN also should develop and implement a more structured process for monitoring compliance issues and investigations.

11: ICANN should finalize and implement measures of success for new gTLDs and IDN fast track that expressly relate to its SSR-related program objectives, including measurements for the effectiveness of mechanisms to mitigate domain name abuse.

12: ICANN should work with the Community to identify SSR-related best practices and support the implementation of such practices through contracts, agreements and MOUs and other mechanisms.

13: ICANN should encourage all Supporting Organizations to develop and publish SSR-related best practices for their members.

14: ICANN should ensure that its SSR-related outreach activities continuously evolve to remain relevant, timely and appropriate.

15: ICANN should act as a facilitator in the responsible disclosure and dissemination of DNS security threats and mitigation techniques.

16: ICANN should continue its outreach efforts to expand Community participation and input into the SSR Framework development process. ICANN also should establish a process for obtaining more systematic input from other ecosystem participants.

17: ICANN should establish a more structured internal process for showing how activities and initiatives relate to specific strategic goals, objectives and priorities in the SSR Framework

18: ICANN should conduct an annual operational review of its progress in implementing the SSR Framework and include this assessment as a component of the following year’s SSR Framework

19: ICANN should establish a process that allows the Community to track the implementation of the SSR Framework. Information should be provided with enough clarity that the Community can track ICANN’s execution of its SSR responsibilities.

20: ICANN should increase the transparency of information about organization and budget related to implementing the SSR Framework and performing SSR-related functions.

21: ICANN should establish a more structured internal process for showing how organization and budget decisions relate to the SSR Framework, including the underlying cost-benefit analysis

22: ICANN should publish, monitor and update documentation on the organization and budget resources needed to manage SSR issues in conjunction with introduction of new gTLDs.

23: ICANN must provide appropriate resources for SSR-related Working Groups and Advisory Committees, consistent with the demands placed upon them. ICANN also must ensure decisions reached by Working Groups and Advisory Committees are reached in an objective manner that is free from external or internal pressure.

24: ICANN must clearly define the charter, roles and responsibilities of the Chief Security Office Team.

25: ICANN should put into place mechanisms for identifying both near and longer-term risks and strategic factors in its Risk Management Framework.

26: ICANN should prioritize the timely completion of a Risk Management Framework.

27: ICANN’s Risk Management Framework should be comprehensive within the scope of its SSR remit and limited missions

28: ICANN should continue to actively engage in threat detection and mitigation, and participate in efforts to distribute threat and incident information


--
Jennifer Bryce
Senior Reviews Coordinator
Internet Corporation for Assigned Names and Numbers (ICANN)

Email: jennifer.bryce at icann.org
Skype: jennifer.bryce.icann
www.icann.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ssr2-review/attachments/20181001/aaaba13e/attachment.html>