Policies and Procedures

DNSSEC Practice Statements

The DNSSEC Practice Statements represent the adopted policies against which the cryptographic keys for the DNS root zone are managed.

Document Effective Date
Root Zone KSK Operator 7th Ed (IANA Functions) 2024-03-15
Root Zone ZSK Operator v2.1 (Root Zone Maintainer) 2018-12-21

Additional Procedures

The requirements of the DNSSEC Practice Statements are implemented by a series of policies and procedural documents. These documents are reviewed annually by the Root Zone KSK Policy Management Authority.

Title of Document Description
KSK Audit and Accountability Policy v3.6
Effective 2024-09-12
Describes access to Key Management Facilities (KMFs) and operations involving the private component of the RZ KSK to remain traceable in time including the responsible party triggering the event.
KSK Audit Logging Procedure v3.6
Effective 2024-09-12
Describes recording access to Key Management Facilities (KMFs) and operations involving the private component of the RZ KSK including the parties involved and operations performed when access to a KMF or RZ KSK occurred.
KSK Disaster Recovery and Business Continuity
Procedure v3.7
Effective 2024-09-12
Describes requirements and recommendations to be performed by designated personnel, systems, and other means in disaster recovery scenarios in relation to RZ KSK operations.
KSK Document Management Procedure v3.6
Effective 2024-09-12
Describes the life cycle of supporting documents in relation to RZ KSK operations.
KSK Emergency Rollover Plan v3.6
Effective 2024-09-12
Describes emergency RZ KSK rollovers in relation to RZ KSK operations, initiated if the RZ KSK Private Key has been irrecoverably lost or compromised.
KSK Incident Handling Procedure v3.6
Effective 2024-03-15
Describes requirements and recommendations for handling security incidents, or events that could potentially be security incidents in relation to RZ KSK operations.
KSK Information Security Policy v3.6
Effective 2024-09-12
Describes the establishment of preventive controls and measures for the identification, management, and monitoring of threats (whether internal or external, deliberate or accidental) to the information assets in relation to RZ KSK operations.
KSK Key Management Policy v3.7
Effective 2024-03-15
Describes risks associated with the management of cryptographic keys, proper mitigation of risks to an acceptable level, and the management and maintenance of this level of risk over time in relation to RZ KSK operations.
KSK Key Management Procedure v3.7
Effective 2024-03-15
Describes requirements and recommendations for procedures to be performed by designated personnel, systems, and other means in relation to RZ KSK operations.
KSK Password Policy v3.6
Effective 2024-09-12
Describes requirements for managing passwords and personal identification numbers (PINs) in relation to RZ KSK operations.
KSK Personnel Security Policy v3.6
Effective 2024-09-12
Describes responsibilities of staff, contractors, and third-party users to ensure understanding and suitability for the roles in which they are considered in relation to RZ KSK operations and seeks to mitigate risk from internal threats such as sabotage, espionage, denial of service, and in extreme cases, terrorism.
KSK Physical Access Control Procedure v3.6
Effective 2024-09-12
Describes responsibilities and provides recommendations to be performed by designated personnel, systems, and other means in relation to RZ KSK operations.
KSK Physical Security Policy v3.6
Effective 2024-09-12
Describes risks associated with physical security, proper mitigation of risks to an acceptable level, and the management and maintenance of this level of risk over time in relation to KSK operations.
KSK PMA Charter v3.6
Effective 2024-03-15
Describes the structure and responsibility of the PMA and PMA members' roles and responsibilities in relation to RZ KSK operations.
KSK Software Maintenance Procedure v3.6
Effective 2024-09-12
Describes the parameters of the key management software used by the RZ KSK Operator to create and maintain KSKs and to process Key Signing Requests (KSRs) submitted by the Zone Signing Key (ZSK) operator.
KSK Termination Plan v3.6
Effective 2024-09-12
Describes a high-level plan for terminating and transferring the roles and responsibilities of the RZ KSK Operator to a successor.