3,197
edits
Changes
Jump to navigation
Jump to search
Line 18:
Line 18: − + Line 24:
Line 24: − +
→Auditing
==Auditing==
==Auditing==
The Audit Program is a continuous, ongoing activity that follows a recurring cycle. Each audit round consists of six phases:<ref>[https://www.icann.org/en/system/files/files/audit-phases-timeline-01aug17-en.pdf Audit Phases, ICANN]</ref><br/>
The Audit Program is a continuous, ongoing activity that follows a recurring cycle.<ref>[https://www.icann.org/resources/pages/audits-2012-02-25-en ICANN.org - Contractual Compliance Audit Program]</ref> Each audit round consists of six phases:<ref>[https://www.icann.org/en/system/files/files/audit-phases-timeline-01aug17-en.pdf Audit Phases, ICANN]</ref><br/>
# Planning Phase: ICANN plans the audit scope and timeline.
# Planning Phase: ICANN plans the audit scope and timeline.
# Request for Information Phase: ICANN issues a notice of audit to the selected contracted parties, who must compile information and respond to the audit request.
# Request for Information Phase: ICANN issues a notice of audit to the selected contracted parties, who must compile information and respond to the audit request.
# Initial Report Phase: ICANN issues a confidential initial audit report to each auditee containing the initial findings and allowing the contracted party to address the findings or provide clarity.
# Initial Report Phase: ICANN issues a confidential initial audit report to each auditee containing the initial findings and allowing the contracted party to address the findings or provide clarity.
# Remediation Phase: ICANN collaborates with the auditees to remediate issues.
# Remediation Phase: ICANN collaborates with the auditees to remediate issues.
# Final Report Phase: ICANN issues a confidential final audit report to each auditee. ICANN also summarizes the audit round in an overall audit [https://www.icann.org/resources/pages/compliance-reports-2021 report]
# Final Report Phase: ICANN issues a confidential final audit report to each auditee. ICANN also summarizes the audit round in an overall audit [https://www.icann.org/resources/pages/compliance-reports report]
===DNS Security Threat Audits===
===DNS Security Threat Audits===
In November 2018, ICANN Contractual Compliance (Compliance) launched a Registry Operator Audit for Addressing DNS Security Threats.<ref>[https://www.icann.org/en/blogs/details/contractual-compliance-addressing-domain-name-system-dns-infrastructure-abuse-8-11-2018-en ICANN.org Blog - Contractual Compliance Addressing DNS Infrastructure Abuse], November 8, 2018</ref> The audit was conducted over seven months, from November 2018 to June 2019.<ref>[https://www.icann.org/en/announcements/details/icann-publishes-registry-operator-audit-for-addressing-dns-security-threats-17-9-2019-en CC Audit of DNS Security Threats, ICANN Announcements]</ref> The report on the audit, released in September 2017, reported that of the 1207 TLDs reviewed during the audit, "approximately five percent (5%) of the audited ROs subject to Specification 11, Section 3(b) were not performing any security threat monitoring, despite having domains registered in their gTLDs."<ref name="19audit">[https://www.icann.org/en/system/files/files/contractual-compliance-registry-operator-audit-report-17sep19-en.pdf ICANN.org - Report on the RO Audit for Addressing DNS Security Threats], September 17, 2019 (PDF)</ref> The report noted that many of the non-complying registries had a limited number of registrations:
In November 2018, ICANN Contractual Compliance (Compliance) launched a Registry Operator Audit for Addressing DNS Security Threats.<ref>[https://www.icann.org/en/blogs/details/contractual-compliance-addressing-domain-name-system-dns-infrastructure-abuse-8-11-2018-en ICANN.org Blog - Contractual Compliance Addressing DNS Infrastructure Abuse], November 8, 2018</ref> The audit was conducted over seven months, from November 2018 to June 2019.<ref>[https://www.icann.org/en/announcements/details/icann-publishes-registry-operator-audit-for-addressing-dns-security-threats-17-9-2019-en CC Audit of DNS Security Threats, ICANN Announcements]</ref> The report on the audit, released in September 2017, reported that of the 1207 TLDs reviewed during the audit, "approximately five percent (5%) of the audited ROs subject to Specification 11, Section 3(b) were not performing any security threat monitoring, despite having domains registered in their gTLDs."<ref name="19audit">[https://www.icann.org/en/system/files/files/contractual-compliance-registry-operator-audit-report-17sep19-en.pdf ICANN.org - Report on the RO Audit for Addressing DNS Security Threats], September 17, 2019 (PDF)</ref> The report noted that many of the non-complying registries had a limited number of registrations: