Definition and purpose

BCPs are not standards but are authoritative guidelines and recommendations accepted by the Internet community. The purpose of BCPs is to ensure that the Internet functions effectively and efficiently by providing guidelines that reflect the combined knowledge and experience of the world's top network engineers and experts.

Governing Body

The IETF, a large, open international community of network designers, operators, vendors, and researchers concerned with the evolution and smooth operation of the Internet, is responsible for the development and publication of BCPs.

Last updated

BCPs are updated as needed, with each BCP being a standalone document that is revised or augmented independently. Please refer to the IETF website for the latest BCPs and RFCs. 

Applies to

IETF BCPs apply broadly to all entities involved with the Internet's design, operation, and maintenance. This includes service providers, software developers, hardware manufacturers, and end-users within businesses, academia, government, and beyond.

Controls and requirements

BCPs cover a wide range of topics and hence do not have a single set of controls or requirements. Each BCP addresses specific issues and contains its own list of recommendations. Examples include:

• BCP 38: Network Ingress Filtering
• BCP 72: Guidelines for Writing RFC Text on Security Considerations
• BCP 78: Rights Contributors Provide to the IETF Trust
• BCP 79: Intellectual Property Rights in IETF Technology
• Each BCP document contains specific actions, configurations, or operational procedures considered to be the best current practices for the topic it addresses.

Please refer to the official Internet Engineering Task Force Best Current Practices documentation for details on controls and requirements.

Audit type, frequency, and duration

BCPs themselves are not audited; however, organizations may internally or externally audit their own networks and systems for adherence to the practices recommended by BCPs. Review for adherence to BCPs would typically be done periodically or as part of routine network and system audits. It may also be triggered by significant changes in network configuration or operational practices.

The time required for such a review or audit would depend on the scope of the BCPs being considered and the size and complexity of the systems or networks being examined.