DNSO Archives: [ga]

ICANN/DNSO DNSO Mailling lists archives

[ga]

<<< Chronological Index >>> <<< Thread Index >>>

Re: [ga] FYI: VeriSign audit report posted

To: William X Walsh <william@wxsoft.info>
Subject: Re: [ga] FYI: VeriSign audit report posted
From: Thomas Roessler <roessler@does-not-exist.org>
Date: Tue, 25 Jun 2002 17:52:17 +0200
Cc: Alexander Svensson <alexander@svensson.de>, ga@dnso.org
In-Reply-To: <93219597584.20020625055529@wxweb.com>
Mail-Followup-To: William X Walsh <william@wxsoft.info>,Alexander Svensson <alexander@svensson.de>, ga@dnso.org
References: <5.1.0.14.0.20020625115804.0196a820@pop.puretec.de> <93219597584.20020625055529@wxweb.com>
Sender: owner-ga@dnso.org
User-Agent: Mutt/1.5.1i

On 2002-06-25 05:55:29 -0700, William X Walsh wrote:

>However, their response did not seem to address this point: Our 
>examination also disclosed that VeriSign, Inc. had not established 
>adequate controls that would allow us to obtain sufficient 
>evidence to determine compliance with requirements H.V.1, H.V.2, 
>H.V.4 and I.2 for the year ended December 31, 2001 because 
>VeriSign, Inc. did not maintain sufficient historical records of 
>system configuration information on a daily basis. Because of this 
>restriction on the scope of our examination, we do not express an 
>opinion on compliance with Requirements H.V.1, H.V.2, H.V.4 and 
>I.2 for the year ended December 31, 2001.

The requirements from appendix H:

V. ACCESS TO THE REGISTRY FACILITY

VGRS provides access to all VGRS customers through the following 
mechanisms and separates VGRS systems and information from systems 
and information of any affiliated registrar through these processes:

1. All registrars (including any registrar affiliated with VGRS) 
connect to the Shared Registration System Gateway via the Internet 
by utilizing the same maximum number of IP addresses and SSL 
certificate authentication.

2. All registrars have the same level of access to VGRS-generated 
data to reconcile their registration activities from VGRS Web and 
ftp servers. All registrars may perform basic automated registrar 
account management functions using the same registrar tool made 
available to all registrars by VGRS.

[...]

4. No registrar affiliated with VGRS will be given any access to the 
registry not available to any other registrar except with regard to 
information specific to their registrar.

The requirement from appendix I: 

2. All registrars accredited by ICANN who are authorized to register 
domain names in the {.com,.org,.net} registry shall have equivalent 
access to Registry Services provided by VGRS.

-- 
Thomas Roessler                          http://log.does-not-exist.org/
--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html

References:
- [ga] FYI: VeriSign audit report posted
  - From: Alexander Svensson <alexander@svensson.de>
- Re: [ga] FYI: VeriSign audit report posted
  - From: William X Walsh <william@wxsoft.info>
- Re: [ga] FYI: VeriSign audit report posted
  - From: William X Walsh <william@wxsoft.info>

<<< Chronological Index >>> <<< Thread Index >>>