06/04/2025 | Press release | Distributed by Public on 06/04/2025 09:12
The Internet Corporation for Assigned Names and Numbers (ICANN) has completed another year of audits of the key systems used to deliver the Internet Assigned Numbers Authority (IANA) functions. The accounting firm, RSM US LLP, conducted three Systems and Organization Control audits: a SOC 2 and a SOC 3 audit of the Registry Assignment and Maintenance Systems (RAMS) for the 14-month period from October 1, 2023 to November 30, 2024, and a SOC 3 audit of Root Zone Domain Name System Security Extensions (DNSSEC) services for the 12-month period from December 1, 2023 to November 30, 2024.
For the fifteenth consecutive year, an exception-free audit has been completed for the management of the Root DNSSEC Key Signing Key (KSK) securing the Domain Name System (DNS). Using the SOC 3 framework, the audit confirms the effectiveness of security, availability, and processing integrity controls for managing the root KSK. The report is publicly available at https://www.iana.org/audits.
This year marks a significant step forward with the introduction of a SOC 3 report for the Registry Assignment and Maintenance Systems, complementing the existing SOC 2 audit. Covering the system used to perform IANA registry functions, this new report enhances visibility for the broader Internet community and reflects ICANN's commitment to transparency. In addition to the new report, the RAMS audit period was adjusted to align with the Root DNSSEC KSK audit, enhancing consistency across our compliance efforts.
During the audit period, a fundamental change to the Hardware Security Modules (HSMs) was made to strengthen IANA's security infrastructure, the first such update since 2010. This reassembly reinforces the integrity of a critical trust mechanism relied upon by the global DNS ecosystem.
"By expanding our audit program, and demonstrating continued excellence in service delivery, we are underscoring IANA's dedication to security and accountability," said Kim Davies, Vice President of IANA Services and President of PTI. "These efforts strengthen trust in the systems we operate that are critical to the Internet's foundation."
SOC audits evaluate an organization's controls in relation to "trust services principles and criteria" and are managed by the American Institute of Certified Public Accountants (AICPA). These independent third-party audits form an important part of ICANN's multifaceted accountability for the IANA functions to the multistakeholder community.