Extended Deadline: Request for Proposal for the SSAC Organizational Review

The deadline has been extended for the Request for Proposal for the Independent Review of the Security and Stability Advisory Committee (SSAC). The new deadline is 21 Aug 2017 at 11:59 PM PDT.

The Internet Corporation for Assigned Names and Numbers (ICANN) is seeking a provider to conduct an independent assessment of the Security and Stability Advisory Committee (SSAC).

The provider should have technical knowledge or experience with security matters with the Internet technical community and the operators and managers of critical DNS infrastructure services; demonstrate an understanding of the SSAC’s charter and its Operational Procedures [PDF, 420 KB]; demonstrate knowledge of the technical areas covered by the SSAC’s charter, including security and integrity of the Internet’s naming and address allocation systems.

The objective of this Request for Proposal (RFP) is to identify an independent examiner that can conduct a comprehensive assessment of SSAC. This includes, but is not limited to:

  • An assessment of the implementation state of SSAC’s prior review;
  • An assessment of whether SSAC has a continuing purpose within the ICANN structure;
  • An assessment of how effectively SSAC fulfills its purpose and whether any change in structure or operations is needed to improve effectiveness; and
  • An assessment of the extent to which SSAC as a whole is accountable to the wider ICANN community.

The review is scheduled to take place from October 2017 through July 2018. For a complete overview and timeline for the RFP, please see here [PDF, 608 KB]

Indications of interest are to be received by emailing SSACReview-RFP@icann.org. Proposals should be electronically submitted by 21 Aug 2017 at 11:59 PM PDT using ICANN’s sourcing tool, access to which may be requested via the same email address as above.

Background

According to the ICANN Bylaws, the role of the Security and Stability Advisory Committee (“Security and Stability Advisory Committee” or “SSAC”) is to advise the ICANN community and Board on matters relating to the security and integrity of the Internet’s naming and address allocation systems. It shall have the following responsibilities:

  1. To communicate on security matters with the Internet technical community and the operators and managers of critical DNS infrastructure services, to include the root name server operator community, the top-level domain registries and registrars, the operators of the reverse delegation trees such as in-addr.arpa and ip6.arpa, and others as events and developments dictate. The SSAC shall gather and articulate requirements to offer to those engaged in technical revision of the protocols related to DNS and address allocation and those engaged in operations planning.
  2. To engage in ongoing threat assessment and risk analysis of the Internet naming and address allocation services to assess where the principal threats to stability and security lie, and to advise the ICANN community accordingly. The SSAC shall recommend any necessary audit activity to assess the current status of DNS and address allocation security in relation to identified risks and threats.
  3. To communicate with those who have direct responsibility for Internet naming and address allocation security matters (IETF, RSSAC (as defined in Section 12.2(c)(i)), RIRs, name registries, etc.), to ensure that its advice on security risks, issues, and priorities is properly synchronized with existing standardization, deployment, operational, and coordination activities. The SSAC shall monitor these activities and inform the ICANN community and Board on their progress, as appropriate.
  4. To report periodically to the Board on its activities.
  5. To make policy recommendations to the ICANN community and Board.

https://www.icann.org