Policies and Procedures
DNSSEC Practice Statements
The DNSSEC Practice Statements represent the adopted policies against which the cryptographic keys for the DNS root zone are managed.
Root Zone KSK Operator 6th Ed (IANA Functions)
2020-11-04
Root Zone ZSK Operator v2.1 (Root Zone Maintainer)
2018-12-21
Additional Procedures
The requirements of the DNSSEC Practice Statements are implemented by a series of policies and procedural documents. These documents are reviewed annually by the Root Zone KSK Policy Management Authority.
KSK Audit and Accountability Policy v3.2
Effective 2020-11-04
Describes access to Key Management Facilities (KMFs) and operations involving the private component of the RZ KSK to remain traceable in time including the responsible party triggering the event.
KSK Audit Logging Procedure v3.2
Effective 2020-11-04
Describes recording access to Key Management Facilities (KMFs) and operations involving the private component of the RZ KSK including the parties involved and operations performed when access to a KMF or RZ KSK occurred.
KSK Disaster Recovery and Business Continuity
Procedure v3.3
Effective 2020-11-04
Describes requirements and recommendations to be performed by designated personnel, systems, and other means in disaster recovery scenarios in relation to RZ KSK operations.
KSK Document Management Procedure v3.2
Effective 2020-11-04
Describes the life cycle of supporting documents in relation to RZ KSK operations.
KSK Emergency Rollover Plan v3.2
Effective 2020-11-04
Describes emergency RZ KSK rollovers in relation to RZ KSK operations, initiated if the RZ KSK Private Key has been irrecoverably lost or compromised.
KSK Incident Handling Procedure v3.2
Effective 2020-11-04
Describes requirements and recommendations for handling security incidents, or events that could potentially be security incidents in relation to RZ KSK operations.
KSK Information Security Policy v3.2
Effective 2020-11-04
Describes the establishment of preventive controls and measures for the identification, management, and monitoring of threats (whether internal or external, deliberate or accidental) to the information assets in relation to RZ KSK operations.
KSK Key Management Policy v3.3
Effective 2020-11-04
Describes risks associated with the management of cryptographic keys, proper mitigation of risks to an acceptable level, and the management and maintenance of this level of risk over time in relation to RZ KSK operations.
KSK Key Management Procedure v3.3
Effective 2020-11-04
Describes requirements and recommendations for procedures to be performed by designated personnel, systems, and other means in relation to RZ KSK operations.
KSK Password Policy v3.2
Effective 2020-11-04
Describes requirements for managing passwords and personal identification numbers (PINs) in relation to RZ KSK operations.
KSK Personnel Security Policy v3.2
Effective 2020-11-04
Describes responsibilities of staff, contractors, and third-party users to ensure understanding and suitability for the roles in which they are considered in relation to RZ KSK operations and seeks to mitigate risk from internal threats such as sabotage, espionage, denial of service, and in extreme cases, terrorism.
KSK Physical Access Control Procedure v3.2
Effective 2020-11-04
Describes responsibilities and provides recommendations to be performed by designated personnel, systems, and other means in relation to RZ KSK operations.
KSK Physical Security Policy v3.2
Effective 2020-11-04
Describes risks associated with physical security, proper mitigation of risks to an acceptable level, and the management and maintenance of this level of risk over time in relation to KSK operations.
KSK PMA Charter v3.2
Effective 2020-11-04
Describes the structure and responsibility of the PMA and PMA members' roles and responsibilities in relation to RZ KSK operations.
KSK Software Maintenance Procedure v3.2
Effective 2020-11-04
Describes the parameters of the key management software used by the RZ KSK Operator to create and maintain KSKs and to process Key Signing Requests (KSRs) submitted by the Zone Signing Key (ZSK) operator.
KSK Termination Plan v3.2
Effective 2020-11-04
Describes a high-level plan for terminating and transferring the roles and responsibilities of the RZ KSK Operator to a successor.
Domain Names
Number Resources
Protocols
Protocol RegistriesTime Zone Database
About Us
The IANA functions coordinate the Internet’s globally unique identifiers, and are provided by Public Technical Identifiers, an affiliate of ICANN.
Privacy Policy
Terms of Service