REN/ESI-0019411-2v241

  • Standard
    31 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    31 pages
    English language
    sale 15% off
  • Standard
    31 pages
    English language
    sale 15% off
  • Draft
    31 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document defines a privacy architecture framework that:
— specifies concerns for ICT systems that process PII;
— lists components for the implementation of such systems; and
— provides architectural views contextualizing these components.
This document is applicable to entities involved in specifying, procuring, architecting, designing, testing, maintaining,
administering and operating ICT systems that process PII.
It focuses primarily on ICT systems that are designed to interact with PII principals.

  • Standard
    50 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    47 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document complements and supplements the procedures and general requirements found in ISO/IEC 17025:2017 for laboratories performing testing based on ISO/IEC 19790 and ISO/IEC 24759.

  • Technical specification
    26 pages
    English language
    sale 15% off

This document complements and supplements the procedures and general requirements found in ISO/IECÂ 17025:2017 for laboratories performing evaluations based on the ISO/IECÂ 15408 series and ISO/IECÂ 18045.

  • Technical specification
    20 pages
    English language
    sale 15% off

This document specifies a taxonomy and an ontology for blockchain and distributed ledger technologies (DLT). The taxonomy includes a taxonomy of concepts, a taxonomy of DLT systems and a taxonomy of application domains, purposes and economy activity sections for use cases. The ontology includes classes and attributes as well as relations between concepts. The audience includes but is not limited to academics, architects, customers, users, tool developers, regulators, auditors and standards development organizations.

  • Technical specification
    28 pages
    English language
    sale 15% off
  • Draft
    24 pages
    English language
    sale 15% off

This document defines key management mechanisms based on asymmetric cryptographic techniques. It specifically addresses the use of asymmetric techniques to achieve the following goals. a) Establish a shared secret key for use in a symmetric cryptographic technique between two entities A and B by key agreement. In a secret key agreement mechanism, the secret key is computed as the result of a data exchange between the two entities A and B. Neither of them is able to predetermine the value of the shared secret key. b) Establish a shared secret key for use in a symmetric cryptographic technique between two entities A and B via key transport. In a secret key transport mechanism, the secret key is chosen by one entity A and is transferred to another entity B, suitably protected by asymmetric techniques. c) Make an entity's public key available to other entities via key transport. In a public key transport mechanism, the public key of entity A is transferred to other entities in an authenticated way, but not requiring secrecy. Some of the mechanisms of this document are based on the corresponding authentication mechanisms in ISO/IEC 9798‑3. This document does not cover certain aspects of key management, such as: —   key lifecycle management; —   mechanisms to generate or validate asymmetric key pairs; and —   mechanisms to store, archive, delete, destroy, etc., keys. While this document does not explicitly cover the distribution of an entity's private key (of an asymmetric key pair) from a trusted third party to a requesting entity, the key transport mechanisms described can be used to achieve this. A private key can in all cases be distributed with these mechanisms where an existing, non-compromised key already exists. However, in practice the distribution of private keys is usually a manual process that relies on technological means such as smart cards, etc. This document does not specify the transformations used in the key management mechanisms. NOTE      To provide origin authentication for key management messages, it is possible to make provisions for authenticity within the key establishment protocol or to use a public key signature system to sign the key exchange messages.

  • Standard
    90 pages
    English language
    sale 15% off
  • Draft
    86 pages
    English language
    sale 15% off

This document contains guidelines for developing and establishing policies and procedures for deletion of personally identifiable information (PII) in organizations by specifying: —   a harmonized terminology for PII deletion; —   an approach for defining deletion rules in an efficient way; —   a description of required documentation; —   a broad definition of roles, responsibilities and processes. This document is intended to be used by organizations where PII is stored or processed. This document does not address: —   specific legal provision, as given by national law or specified in contracts; —   specific deletion rules for particular clusters of PII that are defined by PII controllers for processing PII; —   deletion mechanisms; —   reliability, security and suitability of deletion mechanisms; —   specific techniques for de-identification of data.

  • Standard
    25 pages
    English language
    sale 15% off
  • Draft
    25 pages
    English language
    sale 15% off

This document is general in nature and provides definitions that apply in subsequent parts of the ISO/IECÂ 18033 series. It introduces the nature of encryption and describes certain general aspects of its use and properties.

  • Standard
    18 pages
    English language
    sale 15% off
  • Draft
    18 pages
    English language
    sale 15% off

This document specifies mechanisms that generate, renew, and verify independent time-stamps. In order to verify an independent time-stamp token, time-stamp verifiers do not need access to any other time-stamp tokens. That is, such time-stamp tokens are not linked.

  • Standard
    22 pages
    English language
    sale 15% off
  • Draft
    22 pages
    English language
    sale 15% off

This document is an introductory part of ISO/IECÂ 27036. It provides an overview of the guidance intended to assist organizations in securing their information and information systems within the context of supplier relationships. It also introduces concepts that are described in detail in the other parts of ISO/IECÂ 27036. This document addresses perspectives of both acquirers and suppliers.

  • Standard
    12 pages
    English language
    sale 15% off
  • Draft
    12 pages
    English language
    sale 15% off

This document provides a framework and establishes requirements for attribute-based unlinkable entity authentication (ABUEA).

  • Standard
    34 pages
    English language
    sale 15% off
  • Draft
    34 pages
    English language
    sale 15% off

ISO/IEC 30147:2021(E) provides system life cycle processes to implement and maintain trustworthiness in an IoT system or service by applying and supplementing ISO/IEC/IEEE 15288:2015. The system life cycle processes are applicable to IoT systems and services common to a wide range of application areas.

  • Standard
    31 pages
    English language
    sale 15% off

This document provides to the railway operators, system integrators and product suppliers, with guidance and specifications  on how cybersecurity will be managed in the context of the EN 50126-1 RAMS lifecycle process. This document aims at the implementation of a consistent approach to the management of the security of the railway systems. This document can also be applied to the security assurance of systems and components/equipment developed independently of EN 50126.
This document applies to Communications, Signalling and Processing domain, to Rolling Stock and to Fixed Installations domains. It provides references to models and concepts from which requirements and recommendations can be derived and that are suitable to ensure that the residual risk from security threats is identified, supervised and managed to an acceptable level by the railway system duty holder. It presents the underlying security assumptions in a structured manner.
This document does not address functional safety requirements for railway systems but rather additional requirements arising from threats and related security vulnerabilities and for which specific measures and activities need to be taken and managed throughout the lifecycle. The aim of this technical specification is to ensure that the RAMS characteristics of railway systems / subsystems / equipment cannot be reduced, lost or compromised in the case of intentional attacks.
The security models, the concepts and the risk assessment process described in this document are based on or derived from IEC 62443 series standards. In particular, this document is consistent with the application of security management requirements contained within the IEC 62443-2-1 and which are based on EN ISO 27001 and EN ISO 27002

  • Technical specification
    161 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document specifies mechanisms for cross-domain password-based authenticated key exchange, all of which are four-party password-based authenticated key exchange (4PAKE) protocols. Such protocols let two communicating entities establish a shared session key using just the login passwords that they share with their respective domain authentication servers. The authentication servers, assumed to be part of a standard public key infrastructure (PKI), act as ephemeral certification authorities (CAs) that certify key materials that the users can subsequently use to exchange and agree on as a session key. This document does not specify the means to be used to establish a shared password between an entity and its corresponding domain server. This document also does not define the implementation of a PKI and the means for two distinct domain servers to exchange or verify their respective public key certificates.

  • Standard
    26 pages
    English language
    sale 15% off
  • Draft
    26 pages
    English language
    sale 15% off

This document specifies MAC algorithms that use a secret key and a hash-function (or its round-function or sponge function) to calculate an m-bit MAC. These mechanisms can be used as data integrity mechanisms to verify that data has not been altered in an unauthorized manner. NOTE      A general framework for the provision of integrity services is specified in ISO/IEC 10181‑6.

  • Standard
    52 pages
    English language
    sale 15% off
  • Draft
    52 pages
    English language
    sale 15% off
  • Standard
    6 pages
    English language
    sale 15% off
  • Draft
    6 pages
    English language
    sale 15% off

The present document specifies policy and security requirements for the issuance, maintenance and life-cycle
management of EU qualified certificates as defined in Regulation (EU) No 910/2014 [i.1]. These policy and security
requirements support reference certificate policies for the issuance, maintenance and life-cycle management of EU
qualified certificates issued to natural persons (including natural persons associated with a legal person or a website)
and to legal persons (including legal persons associated with a website), respectively.
The present document does not specify how the requirements identified can be assessed by an independent party,
including requirements for information to be made available to such independent assessors, or requirements on such
assessors.
NOTE: See ETSI EN 319 403 [i.6] for guidance on assessment of TSP's processes and services. The present
document references ETSI EN 319 411-1 [2] for general requirements on TSP issuing certificates.

  • Standard
    31 pages
    English language
    sale 15% off
  • Standard
    31 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    31 pages
    English language
    sale 15% off
  • Draft
    31 pages
    English language
    sale 10% off
    e-Library read for
    1 day

The present document specifies generally applicable policy and security requirements for Trust Service Providers
(TSPs) issuing public key certificates, including trusted web site certificates.
The policy and security requirements are defined in terms of requirements for the issuance, maintenance and life-cycle
management of certificates. These policy and security requirements support several reference certificate policies,
defined in clauses 4 and 5.
A framework for the definition of policy requirements for TSPs issuing certificates in a specific context where
particular requirements apply is defined in clause 7.
The present document covers requirements for CA hierarchies, however this is limited to supporting the policies as
specified in the present document. It does not include requirements for root CAs and intermediate CAs for other
purposes.
The present document is applicable to:
• the general requirements of certification in support of cryptographic mechanisms, including digital signatures
for electronic signatures and seals;
• the general requirements of certification authorities issuing TLS/SSL certificates;
• the general requirements of the use of cryptography for authentication and encryption.
The present document does not specify how the requirements identified can be assessed by an independent party,
including requirements for information to be made available to such independent assessors, or requirements on such
assessors.
NOTE: See ETSI EN 319 403 [i.2] for guidance on assessment of TSP's processes and services. The present
document references ETSI EN 319 401 [8] for general policy requirements common to all classes of
TSP's services.
The present document includes provisions consistent with the requirements from the CA/Browser Forum in EVCG [4]
and BRG [5].

  • Standard
    56 pages
    English language
    sale 15% off
  • Standard
    56 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    56 pages
    English language
    sale 15% off
  • Draft
    56 pages
    English language
    sale 10% off
    e-Library read for
    1 day

ISO/IEC 30147:2021(E) provides system life cycle processes to implement and maintain trustworthiness in an IoT system or service by applying and supplementing ISO/IEC/IEEE 15288:2015. The system life cycle processes are applicable to IoT systems and services common to a wide range of application areas.

  • Standard
    31 pages
    English language
    sale 15% off

This document specifies requirements and provides guidance for establishing, implementing,
maintaining and continually improving a Privacy Information Management System (PIMS) in the form
of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the
organization.
This document specifies PIMS-related requirements and provides guidance for PII controllers and PII
processors holding responsibility and accountability for PII processing.
This document is applicable to all types and sizes of organizations, including public and private
companies, government entities and not-for-profit organizations, which are PII controllers and/or PII
processors processing PII within an ISMS.

  • Standard
    76 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    82 pages
    French language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    73 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document addresses the physical security of data centres based upon the criteria and classifications for “availability”, “security” and “energy efficiency enablement” within EN 50600 1.
This document provides designations for the data centres spaces defined in EN 50600 1.
This document specifies requirements and recommendations for those data centre spaces, and the systems employed within those spaces, in relation to protection against:
a)   unauthorized access addressing organizational and technological solutions;
b)   intrusion;
c)   fire events igniting within data centres spaces;
d)   other events within or outside the data centre spaces, which would affect the defined level of protection.
NOTE   Constructional requirements and recommendations are provided by reference to EN 50600 2 1.
Safety and electromagnetic compatibility (EMC) requirements are outside the scope of this document and are covered by other standards and regulations. However, the information given in this document can be of assistance in meeting these standards and regulations.

  • Standard
    40 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document specifies requirements, methods of testing and required test results where
standards are needed to provide a basic level of protection against cyber incidents (i.e.
malicious attempts, which actually or potentially result in adverse consequences to equipment,
their networks or the information that they process, store or transmit) for:
a) shipborne radio equipment forming part of the global maritime distress and safety system
(GMDSS) mentioned in the International Convention for Safety of Life at Sea (SOLAS) as
amended, and by the Torremolinos International Convention for the Safety of Fishing
Vessels as amended, and to other shipborne radio equipment, where appropriate;
b) shipborne navigational equipment mentioned in the International Convention for Safety of
Life at Sea (SOLAS) as amended, and by the Torremolinos International Convention for the
Safety of Fishing Vessels as amended,
c) other shipborne navigational aids, and Aids to Navigation (AtoN), where appropriate.
The document is organised as a series of modules dealing with different aspects. The document
considers both normal operation of equipment and the maintenance of equipment. For each
module, a statement is provided indicating whether the module applies during normal operation
or in maintenance mode.
Communication initiated from navigation or radiocommunication equipment outside of items a),
b) and c) above, for example ship side to other ship or shore side, are outside of the scope of
this document.
This document does not address cyber-hygiene checks, for example anti-malware scanning,
etc., performed outside of the cases defined in this document.

  • Standard
    65 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This Recommendation | International Standard gives guidelines for information security controls applicable to the
provision and use of cloud services by providing:
– additional implementation guidance for relevant controls specified in ISO/IEC 27002;
– additional controls with implementation guidance that specifically relate to cloud services.
This Recommendation | International Standard provides controls and implementation guidance for both cloud service
providers and cloud service customers.

  • Standard
    44 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document provides guidance on the ways an organization can plan and prepare for, and implement, electronic discovery from the perspective of both technology and processes. This document provides guidance on proactive measures that can help enable effective and appropriate electronic discovery and processes. This document is relevant to both non-technical and technical personnel involved in some or all of the electronic discovery activities.

  • Standard
    29 pages
    English language
    sale 15% off
  • Draft
    29 pages
    English language
    sale 15% off

This document specifies properties of cryptographic mechanisms to redact authentic data. In particular, it defines the processes involved in those mechanisms, the participating parties, and the cryptographic properties.

  • Standard
    11 pages
    English language
    sale 15% off
  • Draft
    11 pages
    English language
    sale 15% off

This document defines a process reference model (PRM) for the domain of information security management, which is meeting the criteria defined in ISO/IEC 33004 for process reference models (see Annex A). It is intended to guide users of ISO/IEC 27001 to: — incorporate the process approach as described by ISO/IEC 27000:2018, 4.3, within the ISMS; — be aligned to all the work done within other standards of the ISO/IEC 27000 family from the perspective of the operation of ISMS processes — support users in the operation of an ISMS ? this document is complementing the requirements-oriented perspective of ISO/IEC 27003 with an operational, process-oriented point of view.

  • Technical specification
    43 pages
    English language
    sale 15% off
  • Draft
    43 pages
    English language
    sale 15% off

IEC 63154:2021 specifies requirements, methods of testing and required test results where standards are needed to provide a basic level of protection against cyber incidents (i.e. malicious attempts, which actually or potentially result in adverse consequences to equipment, their networks or the information that they process, store or transmit) for:
a) shipborne radio equipment forming part of the global maritime distress and safety system (GMDSS) mentioned in the International Convention for Safety of Life at Sea (SOLAS) as amended, and by the Torremolinos International Convention for the Safety of Fishing Vessels as amended, and to other shipborne radio equipment, where appropriate;
b) shipborne navigational equipment mentioned in the International Convention for Safety of Life at Sea (SOLAS) as amended, and by the Torremolinos International Convention for the Safety of Fishing Vessels as amended,
c) other shipborne navigational aids, and Aids to Navigation (AtoN), where appropriate.

  • Standard
    130 pages
    English and French language
    sale 15% off
  • Standard
    1 page
    English language
    sale 15% off
  • Draft
    1 page
    English language
    sale 15% off

This document specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701 in combination with ISO/IEC 27001, in addition to the requirements contained within ISO/IEC 27006 and ISO/IEC 27701. It is primarily intended to support the accreditation of certification bodies providing PIMS certification. The requirements contained in this document need to be demonstrated in terms of competence and reliability by anybody providing PIMS certification, and the guidance contained in this document provides additional interpretation of these requirements for any body providing PIMS certification. NOTE This document can be used as a criteria document for accreditation, peer assessment or other audit processes.

  • Technical specification
    9 pages
    English language
    sale 15% off
  • Draft
    9 pages
    English language
    sale 15% off
  • Standard
    8 pages
    English language
    sale 15% off
  • Draft
    8 pages
    English language
    sale 15% off
  • Standard
    13 pages
    English language
    sale 15% off
  • Draft
    14 pages
    English language
    sale 15% off
  • Standard
    1 page
    English language
    sale 15% off
  • Draft
    1 page
    English language
    sale 15% off

This document specifies guidelines for developing a cybersecurity framework. It is applicable to cybersecurity framework creators regardless of their organizations' type, size or nature.

  • Technical specification
    24 pages
    English language
    sale 15% off
  • Draft
    24 pages
    English language
    sale 15% off
  • Standard
    39 pages
    English language
    sale 15% off
  • Draft
    39 pages
    English language
    sale 15% off

The document takes a multiple agency as well as a citizen-centric viewpoint. It provides guidance on: — smart city ecosystem privacy protection; — how standards can be used at a global level and at an organizational level for the benefit of citizens; and — processes for smart city ecosystem privacy protection. This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations that provide services in smart city environments.

  • Technical specification
    37 pages
    English language
    sale 15% off
  • Draft
    37 pages
    English language
    sale 15% off

This International Standard specifies requirements and provides guidance for bodies providing
audit and certification of an information security management system (ISMS), in addition to the
requirements contained within ISO/IEC 17021-1 and ISO/IEC 27001. It is primarily intended to support
the accreditation of certification bodies providing ISMS certification.
The requirements contained in this International Standard need to be demonstrated in terms of
competence and reliability by any body providing ISMS certification, and the guidance contained in
this International Standard provides additional interpretation of these requirements for any body
providing ISMS certification.
NOTE This International Standard can be used as a criteria document for accreditation, peer assessment or
other audit processes.

  • Standard
    49 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document provides an overview of cybersecurity. This document: — describes cybersecurity and relevant concepts, including how it is related to and different from information security; — establishes the context of cybersecurity; — does not cover all terms and definitions applicable to cybersecurity; and — does not limit other standards in defining new cybersecurity-related terms for use. This document is applicable to all types and sizes of organization (e.g. commercial enterprises, government agencies, not-for-profit organizations).

  • Technical specification
    17 pages
    English language
    sale 15% off
  • Draft
    17 pages
    English language
    sale 15% off

This document provides guidance on concepts, objectives and processes for the governance of information security, by which organizations can evaluate, direct, monitor and communicate the information security-related processes within the organization. The intended audience for this document is: — governing body and top management; — those who are responsible for evaluating, directing and monitoring an information security management system (ISMS) based on ISO/IEC 27001; — those responsible for information security management that takes place outside the scope of an ISMS based on ISO/IEC 27001, but within the scope of governance. This document is applicable to all types and sizes of organizations. All references to an ISMS in this document apply to an ISMS based on ISO/IEC 27001. This document focuses on the three types of ISMS organizations given in Annex B. However, this document can also be used by other types of organizations.

  • Standard
    16 pages
    English language
    sale 15% off
  • Draft
    16 pages
    English language
    sale 15% off

This document discusses the threats, risks, and controls related to: — systems that provide digital asset custodian services and/or exchange services to their customers (consumers and businesses) and management of security when an incident occurs; — asset information (including the signature key of the digital asset) that a custodian of digital assets manages. This document is addressed to digital asset custodians that manage signature keys associated with digital asset accounts. In such a case, certain specific recommendations apply. The following is out of scope of this document: — core security controls of blockchain and DLT systems; — business risks of digital asset custodians; — segregation of customer's assets; — governance and management issues.

  • Technical report
    35 pages
    English language
    sale 15% off
  • Draft
    35 pages
    English language
    sale 15% off

This document specifies the security requirements for physically unclonable functions (PUFs). Specified security requirements concern the output properties, tamper-resistance and unclonability of a single and a batch of PUFs. Since it depends on the application which security requirements a PUF needs to meet, this documents also describes the typical use cases of a PUF. Amongst PUF use cases, random number generation is out of scope in this document.

  • Standard
    16 pages
    English language
    sale 15% off
  • Draft
    16 pages
    English language
    sale 15% off

This document specifies methods for generating and testing prime numbers as required in cryptographic protocols and algorithms. Firstly, this document specifies methods for testing whether a given number is prime. The testing methods included in this document are divided into two groups: — probabilistic primality tests, which have a small error probability. All probabilistic tests described here can declare a composite to be a prime; — deterministic methods, which are guaranteed to give the right verdict. These methods use so-called primality certificates. Secondly, this document specifies methods to generate prime numbers. Again, both probabilistic and deterministic methods are presented. NOTE It is possible that readers with a background in algorithm theory have already had previous encounters with probabilistic and deterministic algorithms. The deterministic methods in this document internally still make use of random bits (to be generated via methods described in ISO/IEC 18031), and "deterministic" only refers to the fact that the output is correct with probability one. Annex A provides error probabilities that are utilized by the Miller-Rabin primality test. Annex B describes variants of the methods for generating primes so that particular cryptographic requirements can be met. Annex C defines primitives utilized by the prime generation and verification methods.

  • Standard
    33 pages
    English language
    sale 15% off
  • Draft
    33 pages
    English language
    sale 15% off

This document specifies five methods for authenticated encryption, i.e. defined ways of processing a data string with the following security objectives: — data confidentiality, i.e. protection against unauthorized disclosure of data; — data integrity, i.e. protection that enables the recipient of data to verify that it has not been modified; — data origin authentication, i.e. protection that enables the recipient of data to verify the identity of the data originator. All five methods specified in this document are based on a block cipher algorithm, and require the originator and the recipient of the protected data to share a secret key for this block cipher. Key management is outside the scope of this document. Key management techniques are defined in ISO/IEC 11770 (all parts). Four of the mechanisms in this document, namely mechanisms 3, 4, 5 (AAD variant only) and 6, allow data to be authenticated which is not encrypted. That is, these mechanisms allow a data string that is to be protected to be divided into two parts, D, the data string that is to be encrypted and integrity-protected, and A (the additional authenticated data) that is integrity-protected but not encrypted. In all cases, the string A can be empty. NOTE Examples of types of data that can need to be sent in unencrypted form, but whose integrity is to be protected, include addresses, port numbers, sequence numbers, protocol version numbers and other network protocol fields that indicate how the plaintext is to be handled, forwarded or processed.

  • Standard
    26 pages
    English language
    sale 15% off
  • Draft
    25 pages
    English language
    sale 15% off

This document specifies mechanisms to establish shared symmetric keys between groups of entities. It defines: — symmetric key-based key establishment mechanisms for multiple entities with a key distribution centre (KDC); and — symmetric key establishment mechanisms based on a general tree-based logical key structure with both individual rekeying and batch rekeying. It also defines key establishment mechanisms based on a key chain with group forward secrecy, group backward secrecy or both group forward and backward secrecy. This document also describes the required content of messages which carry keying material or are necessary to set up the conditions under which the keying material can be established. This document does not specify information that has no relation with key establishment mechanisms, nor does it specify other messages such as error messages. The explicit format of messages is not within the scope of this document. This document does not specify the means to be used to establish the initial secret keys required to be shared between each entity and the KDC, nor key lifecycle management. This document also does not explicitly address the issue of interdomain key management.

  • Standard
    18 pages
    English language
    sale 15% off
  • Draft
    18 pages
    English language
    sale 15% off

This part of IEC 62443 establishes requirements for:
• defining a system under consideration (SUC) for an industrial automation and control
system (IACS);
• partitioning the SUC into zones and conduits;
• assessing risk for each zone and conduit;
• establishing the target security level (SL-T) for each zone and conduit; and
• documenting the security requirements.

  • Standard
    34 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document describes test methods for determining the conformance of security crypto suites defined in ISO/IEC 29167-16. This document contains conformance tests for all mandatory and applicable optional functions. The conformance parameters are the following: — parameters that apply directly affecting system functionality and inter-operability; — protocol including commands and replies; — nominal values and tolerances. Unless otherwise specified, the tests in this document are to be applied exclusively to RFID tags and interrogators defined in the ISO/IEC 18000 series using ISO/IEC 29167-16.

  • Standard
    21 pages
    English language
    sale 15% off
  • Draft
    21 pages
    English language
    sale 15% off

For security evaluation of biometric verification systems and biometric identification systems, this document is dedicated to the security evaluation of biometric recognition performance applying the ISO/IEC 15408 series. It provides requirements and recommendations to the developer and the evaluator for the supplementary activities on biometric recognition performance specified in ISO/IEC 19989-1. The evaluation of presentation attack detection techniques is out of the scope of this document except for presentation from impostor attempts under the policy of the intended use following the TOE guidance documentation.

  • Standard
    33 pages
    English language
    sale 15% off

For security evaluation of biometric recognition performance and presentation attack detection for biometric verification systems and biometric identification systemsthis document specifies: — extended security functional components to SFR Classes in ISO/IEC 15408-2; — supplementary activities to methodology specified in ISO/IEC 18045 for SAR Classes of ISO/IEC 15408-3. This document introduces the general framework for the security evaluation of biometric systems, including extended security functional components, and supplementary activities to methodology, which is additional evaluation activities and guidance/recommendations for an evaluator to handle those activities. The supplementary evaluation activities are developed in this document while the detailed recommendations are developed in ISO/IEC 19989-2 (for biometric recognition aspects) and in ISO/IEC 19989-3 (for presentation attack detection aspects). This document is applicable only to TOEs for single biometric characteristic type. However, the selection of a characteristic from multiple characteristics in SFRs is allowed.

  • Standard
    62 pages
    English language
    sale 15% off

For security evaluation of biometric verification systems and biometric identification systems, this document is dedicated to security evaluation of presentation attack detection applying the ISO/IEC 15408 series. It provides recommendations and requirements to the developer and the evaluator for the supplementary activities on presentation attack detection specified in ISO/IEC 19989-1. This document is applicable only to TOEs for single biometric characteristic type but for the selection of a characteristic from multiple characteristics.

  • Standard
    18 pages
    English language
    sale 15% off

This document gives guidelines for information security incident response in ICT security operations. This document does this by firstly covering the operational aspects in ICT security operations from a people, processes and technology perspective. It then further focuses on information security incident response in ICT security operations including information security incident detection, reporting, triage, analysis, response, containment, eradication, recovery and conclusion. This document is not concerned with non-ICT incident response operations such as loss of paper-based documents. This document is based on the "Detection and reporting" phase, the "Assessment and decision" phase and the "Responses" phase of the "Information security incident management phases" model presented in ISO/IEC 27035‑1:2016. The principles given in this document are generic and intended to be applicable to all organizations, regardless of type, size or nature. Organizations can adjust the provisions given in this document according to their type, size and nature of business in relation to the information security risk situation. This document is also applicable to external organizations providing information security incident management services.

  • Standard
    31 pages
    English language
    sale 15% off

This document serves as a general model for subsequent parts specifying non-repudiation mechanisms using cryptographic techniques. The ISO/IEC 13888 series provides non-repudiation mechanisms for the following phases of non-repudiation: — evidence generation; — evidence transfer, storage and retrieval; and — evidence verification. Dispute arbitration is outside the scope of the ISO/IEC 13888 series.

  • Standard
    20 pages
    English language
    sale 15% off