These resources offer valuable input to developing relevant standards in any potential ICANN access model. They are derived from the Technical Study Group Report of March 6, 2019
WHOIS Protocol Specification
https://datatracker.ietf.org/doc/rfc3912/
HTTP Usage in the Registration Data Access Protocol (RDAP) https://datatracker.ietf.org/doc/rfc7480/
Security Services for the Registration Data Access Protocol (RDAP) https://datatracker.ietf.org/doc/rfc7481/
Registration Data Access Protocol (RDAP) Query Format https://datatracker.ietf.org/doc/rfc7482/
JSON Responses for the Registration Data Access Protocol (RDAP) https://datatracker.ietf.org/doc/rfc7483/
Finding the Authoritative Registration Data (RDAP) Service https://datatracker.ietf.org/doc/rfc7484/
Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
https://tools.ietf.org/html/rfc7525
OpenID Connect
https://openid.net/connect/
OAuth 2.0
https://oauth.net/2/
Federated Authentication for the Registration Data Access Protocol (RDAP) using OpenID Connect
https://datatracker.ietf.org/doc/draft-ietf-regext-rdap-openid/
OAuth 2.0 Mutual TLS Client Authentication and Certificate-Bound Access Tokens
https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/
Appendix 1. Frameworks and Guidelines for Secure Deployment of RDAP
Information Security
ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
https://www.iso.org/standard/54534.html?browse=tc
ISO/IEC 27002:2013 Information technology — Security techniques — Code of practice for information security controls
https://www.iso.org/standard/54533.html?browse=tc
SP 800-171 Rev. 1 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
https://csrc.nist.gov/publications/detail/sp/800-171/rev-1/final
SP 800-53 Rev. 4 Security and Privacy Controls for Federal Information Systems and Organizations https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final
Risk Management
ISO 31000:2018 Risk management — Guidelines https://www.iso.org/standard/65694.html
SP 800-30 Rev. 1 Guide for Conducting Risk Assessments https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final
Business continuity
ISO 22301:2012 Societal security — Business continuity management systems — Requirements
https://www.iso.org/standard/50038.html
SP 800-34 Rev. 1 Contingency Planning Guide for Federal Information Systems https://csrc.nist.gov/publications/detail/sp/800-34/rev-1/final
Incident Response
ISO/IEC 27035-1:2016 Information technology — Security techniques — Information security incident management – – Part 1: Principles of incident management https://www.iso.org/standard/60803.html
ISO/IEC 27035-2:2016 Information technology — Security techniques — Information security incident management – – Part 2: Guidelines to plan and prepare for incident response
https://www.iso.org/standard/62071.html
ISO/IEC CD 27035-3 Information technology — Security techniques — Information security incident management — Part 3: Guidelines for incident response operations https://www.iso.org/standard/74033.html
SP 800-61 Rev. 2 Computer Security Incident Handling Guide https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final
Credential Management
21 SP 800-63-3 Digital Identity Guidelines https://csrc.nist.gov/publications/detail/sp/800-63/3/final
SP 800-63A Digital Identity Guidelines: Enrollment and Identity Proofing https://csrc.nist.gov/publications/detail/sp/800-63a/final
SP 800-63B Digital Identity Guidelines: Authentication and Lifecycle Management https://csrc.nist.gov/publications/detail/sp/800-63b/final
SP 800-63C Digital Identity Guidelines: Federation and Assertions https://csrc.nist.gov/publications/detail/sp/800-63c/final
SAC 074 | SSAC Advisory on Registrant Protection: Best Practices for Preserving Security and Stability in the Credential Management Lifecycle https://www.icann.org/resources/files/1194801-2015-11-03-en
ISO 21188:2018 Public key infrastructure for financial services — Practices and policy framework
https://www.iso.org/standard/63134.html