SSAC Advisory on Registrant Protection: Best Practices for Preserving Security and Stability in the Credential Management Lifecycle (R-3)

Date IssuedDocumentReference IDCurrent Phase

  

SSAC Advisory on Registrant Protection: Best Practices for Preserving Security and Stability in the Credential Management Lifecycle (R-3)SAC074

CLOSED



  1. Phase 1 Receive
  2. Phase 2 Understand
  3. Phase 3 Evaluate
  4. Phase 4 Implement
  5. Phase 5 Close
  6. Closed



Description:

Future RAA deliberations should encourage stronger authentication practices, specifically the use of multi-factor authentication.


STATUS UPDATES

DatePhaseTypeStatus Updates

 

ClosedPhase ChangeSAC074 Recommendation 3 is Closed.

 

Phase 5Phase UpdateCompletion letter sent to Board on 12 June 2018 (https://www.icann.org/en/system/files/correspondence/namazi-to-chalaby-12jun18-en.pdf) [SAC074 Recommendation 3]: On 4 Feb 2018, the ICANN Board took a resolution directing the President and CEO, or his designee(s), to implement the advice as described in the scorecard: https://www.icann.org/en/system/files/files/resolutionsimplementation-recs-ssac-advice-scorecard-04feb18-en.pdf. Per the direction from the ICANN Board, the ICANN org will request the Registrars to consider contractual requirements relating to the authentication practices of registrants in a future negotiation of the Registrar Accreditation Agreement.

 

Phase 3Board UpdateResolved (2018.02.04.07), the Board adopts the scorecard titled "Implementation Recommendations for SSAC Advice Document SAC074" [PDF, 49 KB], and directs the President and CEO, or his designee(s), to implement the advice as described in the scorecard. Rec 3 ICANN Organization Implementation Recommendation & proposed implementation plan: Implementation will be attempted. ICANN Org will request the Registrars to consider contractual requirements relating to the authentication practices of registrants in a future round negotiation of the Registrar Accreditation Agreement. See full resolution at ​​https://www.icann.org/resources/board-material/resolutions-2018-02-04-en#1.f.

 

Phase 5Phase UpdateThe ICANN org understands this recommendation to mean that for future versions of the Registrar Accreditation Agreement (RAA), ICANN should advocate that registrars are committed to stronger authentication practices than those which they are committed to in the 2013 RAA, specifically the use of multi-factor authentication. On 4 Feb 2018, the ICANN Board took a resolution directing the President and CEO, or his designee(s), to implement the advice as described in the scorecard: https://www.icann.org/en/system/files/files/resolutions-implementation-recs-ssac-advice-scorecard-04feb18-en.pdf. Per the direction from the ICANN Board, the ICANN org will address the advice items as described in the adopted implementation recommendations and continue to provide updates to the SSAC and community on these advice items.

 

Phase 5Phase ChangeSAC074 Recommendation 3 is Open in Phase 5: Close

 

Phase 3Phase UpdateICANN received SSAC's approval of understanding and is in the process of evaluating the advice. Our understanding of this advice is that for future versions of the Registrar Accreditation Agreement (RAA), ICANN should advocate that registrars are committed to stronger authentication practices than those which they are committed to in the 2013 RAA, specifically the use of multi-factor authentication.

 

Phase 3Phase ChangeSAC074 Recommendation 3 is Open in Phase 3: Evaluate & Consider

 

Phase 2 AP FeedbackSSAC confirmed the understanding.

 

Phase 2Board UnderstandingOur understanding of this advice is that for future versions of the Registrar Accreditation Agreement (RAA), ICANN should advocate that registrars are committed to stronger authentication practices than those which they are committed to in the 2013 RAA, specifically the use of multi-factor authentication.

 

Phase 1Phase UpdateSSAC published SAC074: SSAC Advisory on Registrant Protection: Best Practices for Preserving Security and Stability in the Credential Management Lifecycle: https://www.icann.org/en/system/files/files/sac-074-en.pdf.