NCC Group Publishes .TRUST Technical Policy

[news release] NCC Group, the global information assurance company, today (14 October) published the .trust Technical Policy, which, unlike industry compliance standards that dictate minimum standards for Internet risk governance, provides a high standard of achievable goals for protecting an organization’s online assets and brand integrity, and securing confidential customer information.

The .trust Technical Policy is an industry first – focusing on securing websites and other critical Internet services while protecting customers as they transact, interact and share information online. Specifically, it provides requirements to address network, web application, email, malware, and DNS risks.

“This Policy encompasses not only the best security practices but also serves as a means for companies to reclaim a corner of the Internet that will foster secure and confident engagement with likeminded businesses and customers,” said Gunter Ollmann, CTO of NCC Group. “As Internet technologies advance, best practices in security similarly evolve and need to be updated. The .trust Policy is not a static compliance document. It is designed to be a live framework that reflects the real-time expert guidance on these acknowledged best practices in security.”

The policy has been carefully developed by a coalition of industry luminaries and NCC Group experts as a proactive way to protect online businesses and consumers. Adhering to them will help provide robust protection from vulnerabilities that threaten to compromise integrity, availability and privacy.

“The management of domain registration is too often forgotten from a security strategy perspective,” continued Ollmann. “Yet, it is a critical element to the integrity of an organization’s entire online brand. Security policies that rely on self-certification against the lowest common-denominator have been the bane of the industry for over a decade, and we aim to change that with the .trust Policy.”

As this policy is implemented across the Internet, the .trust Policy will help provide a safer Internet in a world of dwindling consumer confidence – sites complying with the .trust Policy will be differentiated by a high level of security unprecedented on the Internet.

“The Internet has no level of standard for security, and .trust, operated under the .trust Policy, will set that standard for businesses,” said Rob Cotton, CEO of NCC Group. “In today’s evolving Internet, it can be daunting to know how to combat every security vulnerability a company may be at risk for, but we plan to work with each .trust business individually to put this policy in place and help bring consumer confidence to the Internet.”

The .trust Technical Policy will provide the rules and governance to measure security compliance on NCC Group’s soon-to-launch .trust domain. All brands operating on a .trust domain will be required to adhere to the Policy and will subject to a mechanism that promotes a high standard of security to their consumers and business partners.

NCC Group is currently working closely with ICANN to release .trust to the public and plans for the gTLD to be live in early 2015.

For full access to the Policy please visit

To learn more about .trust please visit

Notes to editors – Further Details About .trust

What is .trust? .trust is a unique gTLD that will provide a safer and more trustworthy Internet. The .trust gTLD signals that a site is a safe website to interact and do business with. Organizations using .trust domains will be required to comply with the .trust Policy in order to prevent the use of .trust domains for malicious activity. A continual process of security review and improvement will help ensure those sites stay in compliance with .trust requirements.

How does .trust work? The .trust gTLD creates a more trustworthy Internet through the application of three core principles by which we require applicants to abide:

1)     Verify: All applicants must submit identity documentation and proof of intellectual property and naming rights to help prevent misleading, abusive and malicious registrations. Organizations are verified so consumers know that .trust domains are representative of the brand they know and trust.

2)     Secure: All registrants must abide by the security control policies and procedures, giving consumers confidence that their online transactions conducted via .trust domains will be secure and trustworthy.

3)    Assure: Organizations within the .trust domain will be continually monitored for compliance with the .trust Technical Policy and will actively work with NCC Group experts to remediate identified issues.

How is .trust more secure than other TLDs? Registrants of .trust domains will be required to adopt the .trust Technical Policy that strictly prohibits malicious activity or the hosting of vulnerabilities. The .trust service uses a unique, technology-driven process to automatically monitor domain owners for compliance with NCC Group’s best-in-class security policies. This process incentivizes and helps domain owners to quickly restore security when their sites exhibit web application flaws, network misconfigurations and other security violations.

To improve the end-to-end security experience for users of .trust and other domains, NCC Group is working with major Internet companies to implement new technologies into web browsers, email servers and operating systems. The end goal of the security policies is to create a seamless and safe experience whenever a user browses a website or emails someone on a .trust domain.

How are these rules enforced? Registrants in the .trust space agree to follow the Technical Policies that NCC Group strictly enforces via monitoring .trust domains for network, web application, email and malware threats.

About NCC Group

NCC Group is a global information assurance firm, passionate about making the Internet a safer place and revolutionizing the way in which organizations think about cyber security.

Through an unrivalled and unique range of services, the company provides organizations across the world with freedom from doubt that their most important assets are protected and operational at all times.

Listed on the London Stock Exchange, NCC Group is a trusted advisor to more than 15,000 clients worldwide. Headquartered in Manchester, UK, NCC Group has 20 offices across the world and employs over 1,000 specialists in information security, assurance and technology.

NCC Group delivers security testing, software escrow and verification, website performance, software testing and domain services.