<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [ga] FYI: VeriSign audit report posted
On 2002-06-25 05:55:29 -0700, William X Walsh wrote:
>However, their response did not seem to address this point: Our
>examination also disclosed that VeriSign, Inc. had not established
>adequate controls that would allow us to obtain sufficient
>evidence to determine compliance with requirements H.V.1, H.V.2,
>H.V.4 and I.2 for the year ended December 31, 2001 because
>VeriSign, Inc. did not maintain sufficient historical records of
>system configuration information on a daily basis. Because of this
>restriction on the scope of our examination, we do not express an
>opinion on compliance with Requirements H.V.1, H.V.2, H.V.4 and
>I.2 for the year ended December 31, 2001.
The requirements from appendix H:
V. ACCESS TO THE REGISTRY FACILITY
VGRS provides access to all VGRS customers through the following
mechanisms and separates VGRS systems and information from systems
and information of any affiliated registrar through these processes:
1. All registrars (including any registrar affiliated with VGRS)
connect to the Shared Registration System Gateway via the Internet
by utilizing the same maximum number of IP addresses and SSL
certificate authentication.
2. All registrars have the same level of access to VGRS-generated
data to reconcile their registration activities from VGRS Web and
ftp servers. All registrars may perform basic automated registrar
account management functions using the same registrar tool made
available to all registrars by VGRS.
[...]
4. No registrar affiliated with VGRS will be given any access to the
registry not available to any other registrar except with regard to
information specific to their registrar.
The requirement from appendix I:
2. All registrars accredited by ICANN who are authorized to register
domain names in the {.com,.org,.net} registry shall have equivalent
access to Registry Services provided by VGRS.
--
Thomas Roessler http://log.does-not-exist.org/
--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|