Australia Presents Customized Security Standard for .au TLD

The .au Domain Administration (auDA) proposed new criteria for domain-name registration meant to make Australian domain registries more secure.

Industry Advisory Panel has drafted auDa Information Security Standard (ISS) to help “registrars to manage and improve the security of their own businesses in a way that also protects the integrity and stability of the .au domain space“.

AuDa Information Security Standard stipulates that upon registration, the applicants will be asked to implement or develop a handful of security plans and policies. These include cryptographic controls, a regulatory-compliance register, a new information-security policy, an asset-management plan, human-resources policy and a physical security plan, along with thorough documentation on managing malicious code and vulnerabilities.

To even stand a chance, applicants should have no more than three areas of concern and zero non-compliance results. The areas of concern will need to be handled within three-months to grant them access to the assessment stage. Applicants with non-compliance results are still given a chance, but they should have maximum two non-compliance results. If they mend these problems within three months, they can reapply for registration.

These drastic measures are still to be submitted to public consultation. In such a troublesome context of data leaks and aggressive spam and phishing campaigns, it might have a good chance of getting through this time.