SSAC Advisory Regarding Access to Domain Name Registration Data (R-5)
| Date Issued | Document | Reference ID | Current Phase |
|---|---|---|---|
| SSAC Advisory Regarding Access to Domain Name Registration Data (R-5) | SAC101v2 | CLOSED |
Description:
The SSAC reiterates Recommendation 2 from SAC061: "The ICANN Board should ensure that a formal security risk assessment of the registration data policy be conducted as an input into the Policy Development Process. A separate security risk assessment should also be conducted regarding the implementation of the policy." These assessments should be incorporated in PDP plans at the GNSO.
STATUS UPDATES
| Date | Phase | Type | Status Updates |
|---|---|---|---|
| Closed | Phase Change | This Advice Item is now Closed |
| Phase 5 | AP Feedback | ICANN received confirmation from the SSAC that the items included in the letter (https://www.icann.org/en/system/files/correspondence/olive-to-rasmussen-22jun23-en.pdf) from David Olive can be formally closed. |
| Phase 5 | Phase Update | A letter (https://www.icann.org/en/system/files/correspondence/olive-to-rasmussen-22jun23-en.pdf) was sent from David Olive to Rod Rasmussen regarding the status of the Advice Item. |
| Phase 5 | Phase Update | On 23 June 2019 the ICANN Board considered SAC101v2 and noted (https://www.icann.org/resources/board-material/resolutions-2019-06-23-en#1.c) advice items 2A and three through seven in SAC101 version 2 and referred them to the GNSO Council for consideration for inclusion in the EPDP Phase 2 work . In its rationale the Board states "Advice item five reiterates Recommendation 2 from SAC061 and suggests that 'The ICANN Board should ensure that a formal security risk assessment of the registration data policy be conducted as an input into the Policy Development Process. A separate security risk assessment should also be conducted regarding the implementation of the policy.' The advice further suggests that 'These assessments should be incorporated in PDP plans at the GNSO.' As the advice suggests that the assessments be incorporated into PDP plans and the GNSO is the manager of PDPs, the Board notes and refers this advice to the GNSO Council." As a result, implementation of this Advice was not directed and this item is now closed. |
| Phase 5 | AP Feedback | SSAC acknowledged the June 2019 notification and agreed with the ARR Team's classification of moving this item to "Phase 5 | Close Request". |
| Phase 5 | Phase Update | On 23 June 2019 the ICANN Board considered SAC101v2 and noted advice items 2A and three through seven in SAC101 version 2 and referred them to the GNSO Council for consideration for inclusion in the EPDP Phase 2 work (https://www.icann.org/resources/board-material/resolutions-2019-06-23-en#1.c). In its rationale the Board states "Advice item five reiterates Recommendation 2 from SAC061 and suggests that 'The ICANN Board should ensure that a formal security risk assessment of the registration data policy be conducted as an input into the Policy Development Process. A separate security risk assessment should also be conducted regarding the implementation of the policy.' The advice further suggests that 'These assessments should be incorporated in PDP plans at the GNSO.' As the advice suggests that the assessments be incorporated into PDP plans and the GNSO is the manager of PDPs, the Board notes and refers this advice to the GNSO Council." |
| Phase 5 | Phase Change | Now in Phase 5: Close |
| Phase 3 | Board Update | Resolved (2019.06.23.06), the Board notes advice items 2A and three through seven in SAC101 version 2 and refers them to the GNSO Council for consideration for inclusion in the EPDP Phase 2 work. See full resolution at https://www.icann.org/en/board-activities-and-meetings/materials/approved-resolutions-regular-meeting-of-the-icann-board-open-session-23-06-2019-en#1.c. |
| Phase 2 | AP Feedback | SSAC confirmed understanding and added the following comments: SSAC notes that security risk assessments were not conducted as part of the recent ePDP that evaluated the Temp Spec. |
| Phase 2 | Board Understanding | The ICANN organization understands SAC101v2 Recommendation 5 to mean that the SSAC is reiterating its advice from SAC061 Recommendation 2, which states: "The ICANN Board should ensure that a formal security risk assessment of the registration data policy be conducted as an input into the Policy Development Process. A separate security risk assessment should also be conducted regarding the implementation of the policy." The ICANN org also understands that the SSAC is recommending that these security risk assessments of registration data policy be incorporated into PDP plans by the GNSO. |
| Phase 2 | Phase Change | Now in Phase 2: Understand |
| Phase 1 | Phase Update | ICANN acknowledged receipt of SSAC101v2. |
| Phase 1 | Phase Update | SSAC published SAC101v2: SSAC Advisory Regarding Access to Domain Name Registration Data Link: https://www.icann.org/en/system/files/files/sac-101-v2-en.pdf Version 2 of SAC101 was published to reflect evolving circumstances related to ICANN’s Temporary Specification for gTLD Registration Data, and the ongoing Expedited Policy Development Process (EPDP) on the Temporary Specification for gTLD Registration Data. Version 1 of SAC101 has been retired and version 2 is authoritative. |
