The Internet Corporation for Assigned Names and Numbers (ICANN) has completed another year of audits of the key systems used to deliver the Internet Assigned Numbers Authority (IANA) functions. The accounting firm, RSM US LLP, conducted a Service Organization Control (SOC) 2 audit of the Registry Assignment and Maintenance Systems and a SOC 3 audit of root zone Domain Name System Security Extensions (DNSSEC) services for the 12-month periods ending 30 September 2022 and 30 November 2022.
For the 10th consecutive year, the SOC 2 audit found that ICANN has the appropriate controls in place to ensure the security, availability, and processing integrity of IANA systems, policies, and procedures. The systems and processes used to provide the IANA functions are critical to the Internet infrastructure, and this audit is a key accountability measure to the stakeholders that rely on the IANA functions.
For the 13th consecutive year, an exception-free audit has been completed for the management of the Root DNSSEC Key Signing Key securing the Domain Name System. Using the SOC 3 framework, the audit demonstrates that effective security, availability, and processing integrity controls exist to manage the root KSK. The report is available on the IANA website.
"During this past period, we wound down many of the COVID-19 emergency measures that caused us to modify ceremony operations starting in 2020. This shift back to normal operations allowed us to resume improvement work to enhance ceremony operations," said Kim Davies, Vice President of IANA Services. "In particular, we've been able to introduce updated hardware into our facilities, and welcomed four new Trusted Community Representatives to oversee how we protect and operate the KSK."
"The adaptability of stakeholders over the past two-and-a-half years has been remarkable. Without their willingness to support modified processes to navigate through pandemic restrictions, we would not be able to ensure the trust and transparency that is so crucial to the ongoing security of the DNS," added Davies.
SOC audits evaluate an organization's controls in relation to "trust services principles and criteria" and are managed by the American Institute of Certified Public Accountants.