ICANN - Internet Corporation for Assigned Names and Numbers

06/04/2025 | Press release | Distributed by Public on 06/04/2025 09:12

Expanded Annual Audit Findings Delivered for IANA Functions

The Internet Corporation for Assigned Names and Numbers (ICANN) has completed another year of audits of the key systems used to deliver the Internet Assigned Numbers Authority (IANA) functions. The accounting firm, RSM US LLP, conducted three Systems and Organization Control audits: a SOC 2 and a SOC 3 audit of the Registry Assignment and Maintenance Systems (RAMS) for the 14-month period from October 1, 2023 to November 30, 2024, and a SOC 3 audit of Root Zone Domain Name System Security Extensions (DNSSEC) services for the 12-month period from December 1, 2023 to November 30, 2024.

For the fifteenth consecutive year, an exception-free audit has been completed for the management of the Root DNSSEC Key Signing Key (KSK) securing the Domain Name System (DNS). Using the SOC 3 framework, the audit confirms the effectiveness of security, availability, and processing integrity controls for managing the root KSK. The report is publicly available at https://www.iana.org/audits.

This year marks a significant step forward with the introduction of a SOC 3 report for the Registry Assignment and Maintenance Systems, complementing the existing SOC 2 audit. Covering the system used to perform IANA registry functions, this new report enhances visibility for the broader Internet community and reflects ICANN's commitment to transparency. In addition to the new report, the RAMS audit period was adjusted to align with the Root DNSSEC KSK audit, enhancing consistency across our compliance efforts.

During the audit period, a fundamental change to the Hardware Security Modules (HSMs) was made to strengthen IANA's security infrastructure, the first such update since 2010. This reassembly reinforces the integrity of a critical trust mechanism relied upon by the global DNS ecosystem.

"By expanding our audit program, and demonstrating continued excellence in service delivery, we are underscoring IANA's dedication to security and accountability," said Kim Davies, Vice President of IANA Services and President of PTI. "These efforts strengthen trust in the systems we operate that are critical to the Internet's foundation."

SOC audits evaluate an organization's controls in relation to "trust services principles and criteria" and are managed by the American Institute of Certified Public Accountants (AICPA). These independent third-party audits form an important part of ICANN's multifaceted accountability for the IANA functions to the multistakeholder community.

About ICANN

ICANN's mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you need to type an address - a name or a number - into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a nonprofit public benefit corporation with a community of participants from all over the world.

You May Also Like

  • ICANN Heads to IGF 2025 as Internet Governance Faces a Defining Moment
  • ICANN Opens Search for Heads of E&IT, Government Engagement, Human Resources
  • Russ Weinstein Appointed ICANN Senior Vice President, Policy Development Support
ICANN - Internet Corporation for Assigned Names and Numbers published this content on June 04, 2025, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on June 04, 2025 at 15:12 UTC. If you believe the information included in the content is inaccurate or outdated and requires editing or removal, please contact us at support@pubt.io