JUser: :_load: Unable to load user with ID: 63

Tuesday, 12 June 2012 08:57

auDA proposes to impose security requirements on .au registrars


The .au domain administrator, auDA, is canvassing proposals for imposing a mandatory security standard on all .au registrars - companies that issue and manage name.com.au domains.

The move was precipitated by a serious security incident involving an accredited registrar in mid-2011 that caused major disruption to registrants and the industry in general. Since then auDA has been working with a group of industry participants to develop the first draft of a proposed mandatory security standard for registrars.

Separately, auDA established in February 2012 an industry advisory panel to: "review the structure and regulation of the Australian domain name industry; and provide recommendations to the auDA board about what changes (if any) should be made to the competition model."

The panel is required to undertake two rounds of public consultation on any proposals for change, and has released its first issues paper http://www.auda.org.au/pdf/2012iap-issues-paper.pdf canvassing views on a number of proposed changes. auDA has handed over the first draft of its proposed mandatory security standard to the advisory panel and it has now been incorporated into the issues paper.

Other issues on which the paper seeks stakeholder views are:
- The best method for selecting and appointing a registry operator prior to the expiry of the current contract with AusRegistry on 30 June 2014;
- The accreditation of registrars, particularly with respect to overseas-based registrars; and
- The status of resellers in .au and the possibility of permitting bulk reseller transfers and the listing of resellers in WHOIS.

At present the only security requirement imposed on registrars is that the must immediately give auDA notice of any security breaches affecting any part of their systems.

Under the draft proposals certification assessments would be conducted by auDA's nominated assessor and all registrars would be required to undertake full certification assessment every three years, with interim assessments to be conducted annually or as otherwise recommended by the assessor.

Registrars that failed an assessment would have their accreditation suspended and then terminated if they failed to pass their assessment within three months of being suspended.

The issues paper says: "The Panel is aware that the introduction of a mandatory security standard for registrars would be a 'world-first', and would represent a significant change to the industry – not just for existing accredited registrars but also for prospective applicants for accreditation.

"The Panel notes that, while the auDA ISS will be mandatory for accredited registrars, it is flexible enough to apply to other industry participants such as resellers, who may wish to gain certification to improve their own systems and create a point of market differentiation. Similarly, registrars may also choose to apply it to other aspects of their businesses, such as hosting."

The issues paper also says: "the panel also notes need to ensure that the auDA ISS does not become a simple compliance exercise, and emphasises the importance of robust enforcement mechanisms and regular reviews to ensure the auDA ISS remains relevant and effective." However no specific enforcement measures are suggested in the paper.

You can read more stories on telecommunications in our newsletter ExchangeDaily, click here to sign up for a free trial...


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email andrew.matler@itwire.com



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.




Recent Comments