Skip to main content

Request for Proposal: SSAC Organizational Review

The Internet Corporation for Assigned Names and Numbers (ICANN) is seeking a provider to conduct an independent assessment of the Security and Stability Advisory Committee (SSAC).

The provider should have technical knowledge or experience with security matters with the Internet technical community and the operators and managers of critical DNS infrastructure services; demonstrate an understanding of the SSAC's charter and its Operational Procedures [PDF, 420 KB]; demonstrate knowledge of the technical areas covered by the SSAC's charter, including security and integrity of the Internet's naming and address allocation systems.

The objective of this Request for Proposal (RFP) is to identify an independent examiner that can conduct a comprehensive assessment of SSAC. This includes, but is not limited to:

  • An assessment of the implementation state of SSAC's prior review;
  • An assessment of whether SSAC has a continuing purpose within the ICANN structure;
  • An assessment of how effectively SSAC fulfills its purpose and whether any change in structure or operations is needed to improve effectiveness; and
  • An assessment of the extent to which SSAC as a whole is accountable to the wider ICANN community.

The review is scheduled to take place from October 2017 through July 2018. For a complete overview and timeline for the RFP, please see here [PDF, 608 KB]

Indications of interest are to be received by emailing Proposals should be electronically submitted by 23:59 PDT on 4 August 2017 using ICANN's sourcing tool, access to which may be requested via the same email address as above.


According to the ICANN Bylaws, the role of the Security and Stability Advisory Committee ("Security and Stability Advisory Committee" or "SSAC") is to advise the ICANN community and Board on matters relating to the security and integrity of the Internet's naming and address allocation systems. It shall have the following responsibilities:

  1. To communicate on security matters with the Internet technical community and the operators and managers of critical DNS infrastructure services, to include the root name server operator community, the top-level domain registries and registrars, the operators of the reverse delegation trees such as and, and others as events and developments dictate. The SSAC shall gather and articulate requirements to offer to those engaged in technical revision of the protocols related to DNS and address allocation and those engaged in operations planning.
  2. To engage in ongoing threat assessment and risk analysis of the Internet naming and address allocation services to assess where the principal threats to stability and security lie, and to advise the ICANN community accordingly. The SSAC shall recommend any necessary audit activity to assess the current status of DNS and address allocation security in relation to identified risks and threats.
  3. To communicate with those who have direct responsibility for Internet naming and address allocation security matters (IETF, RSSAC (as defined in Section 12.2(c)(i)), RIRs, name registries, etc.), to ensure that its advice on security risks, issues, and priorities is properly synchronized with existing standardization, deployment, operational, and coordination activities. The SSAC shall monitor these activities and inform the ICANN community and Board on their progress, as appropriate.
  4. To report periodically to the Board on its activities.
  5. To make policy recommendations to the ICANN community and Board.

More Announcements
Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."