Service Criticality Rating of RIPE NCC Services
The service criticality rating describes the effect an incident could have on the availability, data confidentiality and integrity of a RIPE NCC service across multiple impact areas. We use these criticality ratings to help determine our services' architecture (availability component) and data security controls (data integrity and confidentiality components), whether on-premise or in the cloud.
After consulting with the RIPE community, we agreed on a service criticality framework that considers three major areas: global routing, IP addresses and AS Numbers, and global DNS. At RIPE 84, we also said we would consult with the community to determine the criticality ratings for eight services. Ratings agreed with the community can be increased (but not decreased) based on internal analysis of other factors that could impact the RIPE NCC, such as financial or legal risks.
Below are the criticality ratings of the eight services we evaluated (as of May 2023):
Service | Data Confidentiality | Data Integrity | Data Availability |
ripe.net website | Low | Medium | Medium |
RPKI | Medium | Very High | Very High |
RIPE Database | High | Very High | High |
K-Root | Low | High | High |
Auth DNS | Low | Very High | High |
RIPE NCC Access | Very High | Very High | High |
LIR Portal | Very High | Very High | Medium |
Sending/receiving emails | Very High | Very High | Medium |