30(a) Security Policy: Summary of the security policy for the proposed registry

Prototypical answer:

gTLDFull Legal NameE-mail suffixDetail
.chromeCharleston Road Registry Inc.google.comView

30.a. Security Policy

Google plans to use the same common secure infrastructure to support the proposed registry that we use for our other production networks and computing environments. Google currently provides best-in-class security technologies and processes to protect Google’s products, services, infrastructure and user data. Google’s common secure infrastructure supports some of the web’s most widely-used services, such as Google Search YouTube, and Google Apps. These services are used by many millions of consumers, businesses and government customers for their daily operations. Google does not have any plan to support High Security Top Level Domain (HSTLD).

30.a.1. Google Security Policies

Google’s security programs are governed through the Google Security Team. The Security Team is led by Google’s Vice President of Security, who reports to Google Senior Leadership including the President of Technology and Chief Executive Officer. Google’s VP of Security has approved the security policies that underpin Google’s information security program.

Our Security Team is committed to:
- Control and maintain the confidentiality, integrity, and availability of information and information systems.
- Limit Google’s exposure to the risks arising from loss, corruption or misuse of our information assets.
- Ensuring consistency, which is attained against legal, regulatory, policy and best practice requirements.

Google regularly reviews and updates the security policies that address purpose, scope, responsibilities, management commitment, coordination among organizational entities, and
compliance.

To ensure the consistent implementation of security controls across the various layers of infrastructure and services, Google has documented the following security policies.

- Basic Security Policy: States the foundation and principles of Google’s Security Policies.
- Physical Security Policy: States how the safety of people and property is protected at Google.
- Accounts Access and Administration Policy: States the kinds of internal accounts Google has and how to access, use, and administer them in a way that reduces risk and provides the ability to audit account activity.
- Data Security Policy: States how data should be handled at Google to help ensure its confidentiality, integrity, and availability.
- Corporate Services Security Policy: Informs Google employees of what to expect regarding access, monitoring, and other security considerations for communications and other data sent, received, or stored using Googleʹs corporate services.
- Network and Computer Security Policy: States how to reduce the likelihood of compromise to Googleʹs data and infrastructure from devices connected to Google networks.
- Applications, Systems, and Services Security Policy: Ensures that adequate attention is paid to security in the design, procurement, development, deployment, and maintenance of Applications, Systems, and Services.
- Change Management Policy: Describes the safeguards that protect Google from accidental or malicious changes to Googleʹs systems.
- Information Security Incident Response Policy: States the minimal requirements for preparing for and responding to information security incidents.
- Datacenter Security Policy: Ensures that adequate attention is given to verifying that each datacenter hosting Google systems maintains security controls that provide protection appropriate to the criticality of those systems.

30.a.2. Independent Assessment Reports

Google regularly engages independent assessors to independently assess its information systems, infrastructure and security program and controls for compliance with the following:

- Federal Information Security Management Act (FISMA). Independent assessments conducted every two years. In 2011, Google received FISMA certification for Google Apps Cloud, another service that uses the same production network as the Google registry will use. Grant Thornton LLP performed independent assessment, and United States General Services and Administration (GSA) issued FISMA certification to Google based on this independent assessment.
- Statement on Standards for Attestation Engagements (SSAE16). Independent assessments conducted annually.
- Sarbanes-Oxley (SOX). Independent assessments conducted annually.
- Payment Card Industry (PCI). Independent assessments conducted annually.

Government agencies and Enterprise customers are currently using Google Apps Cloud Services. Google’s corporate and production networks were both in scope for FISMA and SSAE16 independent assessments. Google is also currently preparing for ISO 27001 certification of Google Apps Cloud.

30.a.3. Commitments made to Registrants

Google will make the following commitments to registrants.

- Google’s existing dedicated Security Organization will remain the focal point for ensuring implementation of adequate system security in order to prevent, detect, and recover from security breaches. Various teams in the security organization ensure that Google’s infrastructure and services are operated, used, maintained, and disposed of in accordance with internal security policies.
- Google will continue to contemplate threats from internal and external sources, and will exercise our existing incident response capability.
- Google will continue to perform quarterly scanning of our internal and external infrastructure to detect network, database, application, and OS vulnerabilities.
- Google will continue to maintain robust Logging, Monitoring and Auditing capabilities for its systems and networks. These policies are discussed further in Section 30b.
- Google’s externally facing network infrastructure will continue to enforce strict access control restrictions to deny all traffic and allow only authorized protocols to enter the Google network.
- Google has established background investigations for all Google employees in accordance with local laws and will continue to do background investigations for any new Google employees.

Similar gTLD applications: (100)

gTLDFull Legal NameE-mail suffixzDetail
.carCharleston Road Registry Inc.google.com-4.05Compare
.movCharleston Road Registry Inc.google.com-4.05Compare
.グーグルCharleston Road Registry Inc.google.com-4.05Compare
.phdCharleston Road Registry Inc.google.com-4.05Compare
.areCharleston Road Registry Inc.google.com-4.05Compare
.webCharleston Road Registry Inc.google.com-4.05Compare
.gooCharleston Road Registry Inc.google.com-4.05Compare
.newCharleston Road Registry Inc.google.com-4.05Compare
.memeCharleston Road Registry Inc.google.com-4.05Compare
.llpCharleston Road Registry Inc.google.com-4.05Compare
.wowCharleston Road Registry Inc.google.com-4.05Compare
.adsCharleston Road Registry Inc.google.com-4.05Compare
.tubeCharleston Road Registry Inc.google.com-4.05Compare
.andCharleston Road Registry Inc.google.com-4.05Compare
.docsCharleston Road Registry Inc.google.com-4.05Compare
.liveCharleston Road Registry Inc.google.com-4.05Compare
.incCharleston Road Registry Inc.google.com-4.05Compare
.playCharleston Road Registry Inc.google.com-4.05Compare
.谷歌Charleston Road Registry Inc.google.com-4.05Compare
.prodCharleston Road Registry Inc.google.com-4.05Compare
.buyCharleston Road Registry Inc.google.com-4.05Compare
.gmailCharleston Road Registry Inc.google.com-4.05Compare
.mailCharleston Road Registry Inc.google.com-4.05Compare
.gmbhCharleston Road Registry Inc.google.com-4.05Compare
.calCharleston Road Registry Inc.google.com-4.05Compare
.flyCharleston Road Registry Inc.google.com-4.05Compare
.freeCharleston Road Registry Inc.google.com-4.05Compare
.funCharleston Road Registry Inc.google.com-4.05Compare
.dclkCharleston Road Registry Inc.google.com-4.05Compare
.searchCharleston Road Registry Inc.google.com-4.05Compare
.pageCharleston Road Registry Inc.google.com-4.05Compare
.blogCharleston Road Registry Inc.google.com-4.05Compare
.kidCharleston Road Registry Inc.google.com-4.05Compare
.familyCharleston Road Registry Inc.google.com-4.05Compare
.gbizCharleston Road Registry Inc.google.com-4.05Compare
.teamCharleston Road Registry Inc.google.com-4.05Compare
.musicCharleston Road Registry Inc.google.com-4.05Compare
.earthCharleston Road Registry Inc.google.com-4.05Compare
.dogCharleston Road Registry Inc.google.com-4.05Compare
.siteCharleston Road Registry Inc.google.com-4.05Compare
.loveCharleston Road Registry Inc.google.com-4.05Compare
.dotCharleston Road Registry Inc.google.com-4.05Compare
.esqCharleston Road Registry Inc.google.com-4.05Compare
.petCharleston Road Registry Inc.google.com-4.05Compare
.vipCharleston Road Registry Inc.google.com-4.05Compare
.hereCharleston Road Registry Inc.google.com-4.05Compare
.srlCharleston Road Registry Inc.google.com-4.05Compare
.mbaCharleston Road Registry Inc.google.com-4.05Compare
.movieCharleston Road Registry Inc.google.com-4.05Compare
.youCharleston Road Registry Inc.google.com-4.05Compare
.plusCharleston Road Registry Inc.google.com-4.05Compare
.techCharleston Road Registry Inc.google.com-4.05Compare
.medCharleston Road Registry Inc.google.com-4.05Compare
.momCharleston Road Registry Inc.google.com-4.05Compare
.fooCharleston Road Registry Inc.google.com-4.05Compare
.diyCharleston Road Registry Inc.google.com-4.05Compare
.spotCharleston Road Registry Inc.google.com-4.05Compare
.homeCharleston Road Registry Inc.google.com-4.05Compare
.zipCharleston Road Registry Inc.google.com-4.05Compare
.dayCharleston Road Registry Inc.google.com-4.05Compare
.channelCharleston Road Registry Inc.google.com-4.05Compare
.storeCharleston Road Registry Inc.google.com-4.05Compare
.hangoutCharleston Road Registry Inc.google.com-4.05Compare
.eatCharleston Road Registry Inc.google.com-4.05Compare
.ingCharleston Road Registry Inc.google.com-4.05Compare
.dadCharleston Road Registry Inc.google.com-4.05Compare
.corpCharleston Road Registry Inc.google.com-4.05Compare
.みんなCharleston Road Registry Inc.google.com-4.05Compare
.soyCharleston Road Registry Inc.google.com-4.05Compare
.devCharleston Road Registry Inc.google.com-4.05Compare
.lolCharleston Road Registry Inc.google.com-4.05Compare
.mapCharleston Road Registry Inc.google.com-4.05Compare
.motoCharleston Road Registry Inc.google.com-4.05Compare
.ddsCharleston Road Registry Inc.google.com-4.05Compare
.profCharleston Road Registry Inc.google.com-4.05Compare
.gameCharleston Road Registry Inc.google.com-4.05Compare
.appCharleston Road Registry Inc.google.com-4.05Compare
.booCharleston Road Registry Inc.google.com-4.05Compare
.tourCharleston Road Registry Inc.google.com-4.05Compare
.shopCharleston Road Registry Inc.google.com-4.05Compare
.howCharleston Road Registry Inc.google.com-4.05Compare
.filmCharleston Road Registry Inc.google.com-4.05Compare
.babyCharleston Road Registry Inc.google.com-4.05Compare
.driveCharleston Road Registry Inc.google.com-4.05Compare
.cpaCharleston Road Registry Inc.google.com-4.05Compare
.estCharleston Road Registry Inc.google.com-4.05Compare
.showCharleston Road Registry Inc.google.com-4.05Compare
.gugeCharleston Road Registry Inc.google.com-4.05Compare
.nexusCharleston Road Registry Inc.google.com-4.05Compare
.talkCharleston Road Registry Inc.google.com-4.05Compare
.cloudCharleston Road Registry Inc.google.com-4.05Compare
.googleCharleston Road Registry Inc.google.com-4.05Compare
.androidCharleston Road Registry Inc.google.com-4.05Compare
.youtubeCharleston Road Registry Inc.google.com-4.05Compare
.googCharleston Road Registry Inc.google.com-4.05Compare
.fyiCharleston Road Registry Inc.google.com-4.05Compare
.gleCharleston Road Registry Inc.google.com-4.05Compare
.llcCharleston Road Registry Inc.google.com-4.05Compare
.rsvpCharleston Road Registry Inc.google.com-4.05Compare
.bookCharleston Road Registry Inc.google.com-4.05Compare