The Internet Corporation for Assigned Names and Numbers (ICANN) has completed another year of audits of the key systems used to deliver the Internet Assigned Numbers Authority (IANA) functions. The accounting firm RSM US LLP conducted a Service Organization Control (SOC) 2 audit of the Registry Assignment and Maintenance Systems (RAMS) and a Service Organization Control (SOC) 3 audit of root zone Domain Name System Security Extensions (DNSSEC) services for the 12-month periods ending 30 September 2021 and 30 November 2021.
For the ninth consecutive year, a SOC 2 audit found that the ICANN organization has the appropriate controls in place to ensure the security, availability, and processing integrity of IANA systems, policies, and procedures. The systems and processes used to provide the IANA functions are critical to the Internet infrastructure so the security, availability, and processing integrity standards we put in place must be high. The decade-long history of clean audit reports highlights our commitment to such standards.
For the twelfth consecutive year, an exception-free audit has been completed for the management of the DNSSEC root key signing key (KSK), which is the trust anchor of the Domain Name System (DNS). Using the SOC 3 framework, the audit demonstrates that effective security, availability, and processing integrity controls exist to manage the root KSK.
SOC audits evaluate an organization's controls in relation to "trust services principles and criteria" and are managed by the American Institute of Certified Public Accountants (AICPA). The latest audit report is publicly available here.
"I am very proud of my team during this ongoing COVID-19 pandemic for adapting such complex policies and processes without disrupting our control environment and for the work done of our independent auditors," said Kim Davies, Vice President of IANA Services and President, Public Technical Identifiers (PTI). "Together, we took what already worked well and made it better and we are now better placed to react to other crisis situations as they arise," added Davies.