ICANN: Request for Proposal: SSAC Organizational Review

ICANN logoICANN is seeking a provider to conduct an independent assessment of the Security and Stability Advisory Committee (SSAC).

The provider should have technical knowledge or experience with security matters with the Internet technical community and the operators and managers of critical DNS infrastructure services; demonstrate an understanding of the SSAC‘s charter and its Operational Procedures [PDF, 420 KB]; demonstrate knowledge of the technical areas covered by the SSAC‘s charter, including security and integrity of the Internet’s naming and address allocation systems.

The objective of this Request for Proposal (RFP) is to identify an independent examiner that can conduct a comprehensive assessment of SSAC. This includes, but is not limited to:

  • An assessment of the implementation state of SSAC‘s prior review;
  • An assessment of whether SSAC has a continuing purpose within the ICANN structure;
  • An assessment of how effectively SSAC fulfills its purpose and whether any change in structure or operations is needed to improve effectiveness; and
  • An assessment of the extent to which SSAC as a whole is accountable to the wider ICANN community.

The review is scheduled to take place from October 2017 through July 2018. For a complete overview and timeline for the RFP, please see here [PDF, 608 KB]

Indications of interest are to be received by emailing SSACReview-RFP@icann.org. Proposals should be electronically submitted by 23:59 PDT on 4 August 2017 using ICANN‘s sourcing tool, access to which may be requested via the same email address as above.

Background

According to the ICANN Bylaws, the role of the Security and Stability Advisory Committee (“Security and Stability Advisory Committee” or “SSAC“) is to advise the ICANN community and Board on matters relating to the security and integrity of the Internet’s naming and address allocation systems. It shall have the following responsibilities:

  1. To communicate on security matters with the Internet technical community and the operators and managers of critical DNS infrastructure services, to include the root name server operator community, the top-level domain registries and registrars, the operators of the reverse delegation trees such as in-addr.arpa and ip6.arpa, and others as events and developments dictate. The SSAC shall gather and articulate requirements to offer to those engaged in technical revision of the protocols related to DNS and address allocation and those engaged in operations planning.
  2. To engage in ongoing threat assessment and risk analysis of the Internet naming and address allocation services to assess where the principal threats to stability and security lie, and to advise the ICANN community accordingly. The SSAC shall recommend any necessary audit activity to assess the current status of DNS and address allocation security in relation to identified risks and threats.
  3. To communicate with those who have direct responsibility for Internet naming and address allocation security matters (IETF, RSSAC (as defined in Section 12.2(c)(i)), RIRs, name registries, etc.), to ensure that its advice on security risks, issues, and priorities is properly synchronized with existing standardization, deployment, operational, and coordination activities. The SSAC shall monitor these activities and inform the ICANN community and Board on their progress, as appropriate.
  4. To report periodically to the Board on its activities.
  5. To make policy recommendations to the ICANN community and Board.

This ICANN announcement was sourced from:
https://www.icann.org/news/announcement-2017-07-07-en