Versions Compared

Version Old Version 4 New Version Current
Changes made by

Sherwood Moore (Deactivated)

Angie Graves

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SSAC Review Request for Proposal (RFP)Click here to view

...

SSAC Review Request for Proposal (RFP) extension:

...

Click here to view

...

Board Resolution to Initiate SSAC ReviewClick here to view

Scope of the Review

As part of ICANN's ongoing commitment to its evolution and improvement, Article IV, Section 4.4 of ICANN's Bylaws contains provisions for “periodic review of the performance and operation of each Supporting Organization, each Supporting Organization Council, each Advisory Committee (other than the Governmental Advisory Committee), and the Nominating Committee […]by an entity or entities independent of the organization under review.”

...

According to Article 12.1 of the ICANN Bylaws: “The Board may create one or more "Advisory Committees" in addition to those set forth in this Article 12. Advisory Committee membership may consist of Directors only, Directors and non-directors, or non-directors only, and may also include non-voting or alternate members. Advisory Committees shall have no legal authority to act for ICANN, but shall report their findings and recommendations to the Board.”

Article 12.2(cb) of ICANN Bylaws provides for the Root Server System Security and Stability Advisory Committee, whose role “is to advise the ICANN community and Board on matters relating to the operation, administration, security , and integrity of the Internet's Root Server Systemnaming and address allocation systems.”

The RSSAC SSAC is a committee whose members are appointed by the ICANN Board, and led by two co-chairs. RSSAC . SSAC appointments are for three-year terms, and there are no limits on the number of terms an RSSAC member the chair or members may serve.(see also Article 12 Section 12.2(cb) of the ICANN Bylaws and the SSAC Operational Procedures). The RSSAC is responsible to:(A) Communicate  

(i) The role of the Security and Stability Advisory Committee ("Security and Stability Advisory Committee" or "SSAC") is to advise the ICANN community and Board on matters relating to the operation security and integrity of the Root Servers and their multiple instances Internet's naming and address allocation systems. It shall have the following responsibilities:

(A) To communicate on security matters with the Internet technical community and the ICANN community. The RSSAC operators and managers of critical DNS infrastructure services, to include the root name server operator community, the top-level domain registries and registrars, the operators of the reverse delegation trees such as in-addr.arpa and ip6.arpa, and others as events and developments dictate. The SSAC shall gather and articulate requirements to offer to those engaged in technical revision of the protocols and best common practices related to the operation of DNS serversDNS and address allocation and those engaged in operations planning.

(B) Communicate on matters relating to the administration of the Root Zone with those who have direct responsibility for that administration. These matters include the processes and procedures for the production of the Root Zone File.(C) Engage To engage in ongoing threat assessment and risk analysis of the Root Server System and Internet naming and address allocation services to assess where the principal threats to stability and security lie, and to advise the ICANN community accordingly. The SSAC shall recommend any necessary audit activity to assess the current status of root servers and the root zone.

(D) Respond to requests for information or opinions from the Board.

(E) Report DNS and address allocation security in relation to identified risks and threats.

(C) To communicate with those who have direct responsibility for Internet naming and address allocation security matters (IETF, RSSAC (as defined in Section 12.2(c)(i)), RIRs, name registries, etc.), to ensure that its advice on security risks, issues, and priorities is properly synchronized with existing standardization, deployment, operational, and coordination activities. The SSAC shall monitor these activities and inform the ICANN community and Board on their progress, as appropriate.

(D) To report periodically to the Board on its activities. 

(FE) Make To make policy recommendations to the ICANN community and Board.

...

The results of such reviews shall be posted on the Website for public review and comment, and shall be considered by the Board no later than the second scheduled meeting of the Board after such results have been posted for 30 days. The consideration 6 by the Board includes the ability to revise the structure or operation of the parts of ICANN being reviewed by a two-thirds vote of all Directors, subject to any rights of the EC under the Articles of Incorporation and these Bylaws.

The outcome of the current review will be factored into ICANN’s strategic planning work and holistic considerations of the ICANN structure. 

Review Overview

According to the ICANN Bylaws, the scope of work will include the following key elements:

1. An assessment of whether RSSAC has a continuing purpose within the ICANN structure;

2. An assessment of how effectively RSSAC fulfills its purpose and whether any change in structure or operations is needed to improve effectiveness, in accordance with the ICANN-provided objective and quantifiable criteria; 5

3. An assessment of the extent to which RSSAC as a whole is accountable to the wider ICANN community, its organizations, committees, constituencies, and stakeholder groups to make effective selections.

The scope of the review should include years from 2011 to the present.

ICANN will supply the criteria to be used in conducting the RSSAC Review, which were developed in collaboration with the RSSAC Review Working Party. These criteria include but are not limited to the categories listed below. To further elaborate on the criteria, several questions are included within relevant categories, possibly for inclusion by the independent examiner into interviews or surveys, as applicable: In addition, the RSSAC will perform a self-review prior to the start of the review that is to inform the examiner’s work.

Scope of Work

...

1. An assessment of the implementation state of RSSAC’s SSAC’s prior review. ; This includes a status report of the implementations approved by the ICANN Board from the first RSSAC SSAC Review, and an assessment of the effectiveness of these implementations.

2. An assessment of whether RSSAC SSAC has a continuing purpose within the ICANN structure. ; Examination of RSSAC’s SSAC’s chartered purpose, to advise the ICANN community and Board on matters relating to the operation, administration, security , and integrity of the Internet's Root Server Systemnaming and address allocation systems, and how well it is fulfilled, will help assess the RSSAC’s SSAC’s continuing purpose within the ICANN structure.

3. An assessment of how effectively RSSAC SSAC fulfills its purpose and whether any change in structure or operations is needed to improve effectiveness, in accordance with the ICANN-provided objective and quantifiable criteria . The assessment of RSSAC structure and operations may include an assessment of RSSAC’s makeup, its current level of participation in, but not limited to, ICANN’s specific review team, and crosscommunity efforts, the RSSAC’s representation and effectiveness within ICANN, the effectiveness of its communications (both internal and external towards ICANN and other SO/ACs), and the alignment of its charter with ICANN’s mission. Other points to examine include RSSAC’s decision-making methodology, transparency, processes, procedures, and competencies.Subject to the scope of the SSAC’s chartered remit (ICANN Bylaws, 12.2(b)), examination of purpose, structure, and operations with respect to the SSAC’s effectiveness, in accordance with ICANN-provided objective and quantifiable criteria

4. An assessment of the extent to which RSSAC SSAC as a whole is accountable to the wider ICANN community, its organizations, committees, constituencies, and stakeholder groups to make effective selections. Determine if the RSSAC SSAC is sufficiently accountable regarding the operation, administration, security, and integrity of the Internet's Root Server System, security matters according to its chartered mandate .

Suggested Questions to be addressed – Non-exhaustive

A. Fulfilment of mission, adherence to policies and procedures, and organizational support

  • Has RSSAC considered its current level of participation and effectiveness within ICANN, and potential for improvements?
  • What developments can RSSAC bring about to enhance communication and understanding of its purpose within ICANN?
  • How do RSSAC’s operations enhance ICANN’s mission?  Are the decision-making procedures of RSSAC consistent over the years – if not, why is flexibility important and which procedures (if any) should remain constant?
  • Other elements to assess
    • Appropriate procedures, competencies and support in place
    • Participation and representation of RSSAC within ICANN
    • Continuous development
    • Alignment with ICANN’s mission (as per Bylaws) 

B. Accountability and transparency

  • How can RSSAC’s processes be improved, including but not limited to transparency and accountability?
  • Determine if RSSAC has clearly defined its stakeholders with respect to ICANN, and if it is accountable to them. 

C. RSSAC composition, membership processes, and participation

  • Is any change in structure or operations desirable to improve RSSAC’s effectiveness?
  • RSSAC Caucus o Liaison representation
  • Is RSSAC operating optimally within ICANN based on the needs of the ICANN community?
  • Does the RSSAC Caucus enhance the work of RSSAC? If so, how? If not, how could it be improved?
  • Are RSSAC operations performed at a standard that is consistent throughout the Committee? 
  • Considering the nature of RSSAC’s mission and the scope of its work, does representation in the current RSSAC structure appropriately match ICANN’s core value of diversity, as stated in Article 3.1 of the Bylaws?
  • Should there be a limit to the number of terms an RSSAC member may serve? 

D. Communication

  • Do RSSAC communications regarding the operation, administration, security, and integrity of the Internet’s root server system satisfy the needs of the ICANN Board, and the larger ICANN community
  • Are RSSAC’s communications and its community channels – both among its members about its internal processes, and among the ICANN community about its role and function – adequate to assure understanding and legitimacy of its action? If not, how can it be improved? 
  • Does RSSAC invite/permit/allow stakeholder communications on topics of mutual import to the root server system and ICANN?
  • Is RSSAC operating in such a way that interested parties may easily locate and retrieve details of its standards, procedures, and safeguards? 
  • Does RSSAC have the necessary resources, knowledge, and processes in place to effectively engage with the ICANN Board and ICANN community? 

E. Governance and management, effectiveness of execution

  • Does the ICANN Board provide timely responses regarding new RSSAC appointees? 
  • Should the process for defining prospective RSSAC Caucus candidates be modified? 

F. Evaluation and measurement of outcomes

  • Are RSSAC processes and membership adequate to properly advise ICANN regarding the root server system? 

G. Effectiveness of implementation of prior review recommendations

  • Have implementation steps been completed, or initiated, from the prior review? If not, why not?
  • Has implementation been completed to a degree that allows/permits effectiveness assessment? If so, have the implemented recommendations from previous review efforts led to the desired improvements?

Timeline

September - Start Review*

September - Work plan + timeline

September - Initial Meeting (via conference call) with RSSAC Review Working party

September - Interview plan

In-person: RSSAC October Workshop (subject to RSSAC approval), ICANN60, remote: as needed - Interviews conducted

October - Survey(s) plan

Prior to ICANN60: remain open for ≥30 days - Survey goes online*

28 Oct- 3 Nov 2017 - ICANN60*

January 2018 - Deliver Assessment Report

January / February 2018 - Public Consultation, e.g. webinar*

10-15 March 2018 - ICANN61*

March 2018 - Deliver Draft Final Report

April 2018 - Public Comment (run by ICANN)

June 2018 - Deliver Final Report

* fixed dates

PDFnameSSAC_RoadMap_June2017.pdfto provide advice to the ICANN community and Board, and to engage and communicate with the community on various security matters as detailed in its charter. 

The scope of work for this review includes years from 2011 to the present. Any additional areas of exploration during the review are dependent on input from the ICANN Board’s Organizational Effectiveness Committee (OEC) and/or the SSAC Review Work Party. In addition, the SSAC may perform a self-assessment in preparation for, or in parallel with, the independent examiner’s work.


Timeline

July - August 2018 - Request for proposals

February 2018 - Start review

February 2018 - Work plan + timeline

March 2018 - Interview plan

March - April 2018 - Survey(s) plan

June 2018 - Deliver Assessment Report; solicit feedback

September 2018 - Deliver Draft Final Report; solicit feedback

November 2018 - Deliver Final Report; solicit feedback 


Background

Current Review

The timing of the current RSSAC SSAC Organizational Review is in accordance with the July 2015 ICANN Board resolution on Proposed Schedule and Process / Operational Improvements for AoC and Organizational Reviews, setting the second organizational review of the Root Server System Security and Stability Advisory Committee for April 2017/2018. In preparation for the 2017 RSSAC /2018 SSAC Review, the current RSSAC has SSAC established a Review Working Work Party to serve as a liaison between the independent examiner, the wider Community, the current RSSAC SSAC and the Organizational Effectiveness Committee of the ICANN Board (OEC) who is responsible for the oversight of Organizational Reviewsorganizational reviews, including this RSSAC SSAC Review. The role of the RSSAC SSAC Review Working Work Party is to provide input on review criteria and the RSSAC SSAC assessment, coordinate participate in interviews and objectively supply clarification and responses to the Assessment Report and the Final Report as well as any intermediary findings. Once the Final Report is issued, the RSSAC Working SSAC Work Party is expected to coordinate with the RSSAC SSAC to prepare a Feasibility Assessment and Initial Implementation Implementaton Plan based on the Final Report. Subsequently , both reports will be sent on to the ICANN Board’s OEC for its consideration.

Previous Review

The RSSAC SSAC Review Working Group formed in June 2008 was charged with addressing recommendations in the independent examiner’s Final Report, to consider named improvements. In October 2008, the ICANN Board of Directors appointed Westlake Consulting Limited to undertake the independent review of the RSSAC10 JAS Consulting was appointed as independent examiner. This was the first RSSAC SSAC Review, and it focused on how well RSSAC has SSAC performed its function, and whether there were general or specific ways to enhance its effectiveness. The Final Report, summarizing findings from the independent review and containing proposals for action, was published on 24 February 15 May 2009. The Public Comment period on Draft Independent Review of Root Server System the Security and Stability Advisory Committee by Westlake Consulting Limited was open from 25 February 20 March 2009 to 17 22 April 2009. The RSSAC SSAC Review Working Group (RWG), which at the time was a subgroup of the ICANN Board, and following a process that is no longer in practice, presented its report for public comment to help ensure that the Review Working Group report contained sufficient and accurate information and to advise the Board on the changes recommended for RSSAC. The SSAC. Following the 22 April 2009 closing of the public comment period closed 5 June 2010, and the Final Report was presented to the ICANN Board on 8 June 29 January 2010. The RSSAC SSAC RWG’s report included eight recommendationsaddressed the 33 recommendations made by the independent examiner, plus nine Working Group conclusions from the SSAC community. Pursuant to its Charter, the report was presented to the Structural Improvements Committee (SIC), currently the Organizational Effectiveness Committee (OEC) of the ICANN Board. After the SIC reviewed the report, and developed implementation steps, the OEC Committee recommended that the ICANN Board approve Approve them.

The report was adopted in January 2011June 2010. The Board resolution can be found here: https://www.icann.org/resources/board-material/resolutions-20112010-0106-25- en?routing_type=path#1.j en#1.4

The latest details of the implementation of all recommendations from the 2008 2009 Review were published on 1 December 2010.18 March 2011. Additional information about the first RSSAC SSAC Review is available at: https://www.icann.org/resources/reviews/org/rssacssac

The Final Report of the RSSAC SSAC Review Working Group is available at: https://www.icann.org/en/system/files/files/rssacssac-review-wg-final-report-08jun1029jan10-en.pdf

The public comment on the RWG-RSSAC SSAC Review Draft Report, is available at: https://www.icann.org/resources/pages/rssacssac-wgreview-report2009-20102009-0410-2705-en