REN/ESI-0019411-2v231

    • sale 15% off
    • Standard
      31 pages
      English language
    • sale 10% off
    • Standard
      31 pages
      English language
    • e-Library read for
      1 day
    • sale 15% off
    • Standard
      31 pages
      English language
    • sale 10% off
    • Draft
      31 pages
      English language
    • e-Library read for
      1 day

REN/ESI-0019411-1v131

    • sale 15% off
    • Standard
      56 pages
      English language
    • sale 10% off
    • Standard
      56 pages
      English language
    • e-Library read for
      1 day
    • sale 15% off
    • Standard
      56 pages
      English language
    • sale 10% off
    • Draft
      56 pages
      English language
    • e-Library read for
      1 day
    • sale 10% off
    • Standard
      76 pages
      English language
    • e-Library read for
      1 day
    • sale 10% off
    • Draft
      73 pages
      English language
    • e-Library read for
      1 day

This document addresses the physical security of data centres based upon the criteria and classifications for “availability”, “security” and “energy efficiency enablement” within EN 50600 1.
This document provides designations for the data centres spaces defined in EN 50600 1.
This document specifies requirements and recommendations for those data centre spaces, and the systems employed within those spaces, in relation to protection against:
a)   unauthorized access addressing organizational an...
view more

    • sale 10% off
    • Standard
      40 pages
      English language
    • e-Library read for
      1 day
    • sale 10% off
    • Draft
      39 pages
      English language
    • e-Library read for
      1 day

This document specifies requirements, methods of testing and required test results where
standards are needed to provide a basic level of protection against cyber incidents (i.e.
malicious attempts, which actually or potentially result in adverse consequences to equipment,
their networks or the information that they process, store or transmit) for:
a) shipborne radio equipment forming part of the global maritime distress and safety system
(GMDSS) mentioned in the International Convention fo...
view more

    • sale 10% off
    • Standard
      65 pages
      English language
    • e-Library read for
      1 day

This Recommendation | International Standard gives guidelines for information security controls applicable to the
provision and use of cloud services by providing:
– additional implementation guidance for relevant controls specified in ISO/IEC 27002;
– additional controls with implementation guidance that specifically relate to cloud services.
This Recommendation | International Standard provides controls and implementation guidance for both cloud service
providers and cloud service custome...
view more

    • sale 10% off
    • Standard
      44 pages
      English language
    • e-Library read for
      1 day

This document provides guidance on the ways an organization can plan and prepare for, and implement, electronic discovery from the perspective of both technology and processes. This document provides guidance on proactive measures that can help enable effective and appropriate electronic discovery and processes. This document is relevant to both non-technical and technical personnel involved in some or all of the electronic discovery activities.

    • sale 15% off
    • Standard
      29 pages
      English language
    • sale 15% off
    • Draft
      29 pages
      English language

This document specifies properties of cryptographic mechanisms to redact authentic data. In particular, it defines the processes involved in those mechanisms, the participating parties, and the cryptographic properties.

    • sale 15% off
    • Standard
      11 pages
      English language
    • sale 15% off
    • Draft
      11 pages
      English language

This document defines a process reference model (PRM) for the domain of information security management, which is meeting the criteria defined in ISO/IEC 33004 for process reference models (see Annex A). It is intended to guide users of ISO/IEC 27001 to: — incorporate the process approach as described by ISO/IEC 27000:2018, 4.3, within the ISMS; — be aligned to all the work done within other standards of the ISO/IEC 27000 family from the perspective of the operation of ISMS processes — support u...view more

    • sale 15% off
    • Technical specification
      43 pages
      English language
    • sale 15% off
    • Draft
      43 pages
      English language

IEC 63154:2021 specifies requirements, methods of testing and required test results where standards are needed to provide a basic level of protection against cyber incidents (i.e. malicious attempts, which actually or potentially result in adverse consequences to equipment, their networks or the information that they process, store or transmit) for:
a) shipborne radio equipment forming part of the global maritime distress and safety system (GMDSS) mentioned in the International Convention for S...
view more

    • sale 15% off
    • Standard
      130 pages
      English and French language
    • sale 15% off
    • Standard
      1 page
      English language
    • sale 15% off
    • Draft
      1 page
      English language

This document specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701 in combination with ISO/IEC 27001, in addition to the requirements contained within ISO/IEC 27006 and ISO/IEC 27701. It is primarily intended to support the accreditation of certification bodies providing PIMS certification. The requirements contained in this document need to be demonstrated in terms of competence and...view more

    • sale 15% off
    • Technical specification
      9 pages
      English language
    • sale 15% off
    • Draft
      9 pages
      English language
    • sale 15% off
    • Standard
      8 pages
      English language
    • sale 15% off
    • Draft
      8 pages
      English language
    • sale 15% off
    • Standard
      13 pages
      English language
    • sale 15% off
    • Draft
      14 pages
      English language

This document specifies guidelines for developing a cybersecurity framework. It is applicable to cybersecurity framework creators regardless of their organizations' type, size or nature.

    • sale 15% off
    • Technical specification
      24 pages
      English language
    • sale 15% off
    • Draft
      24 pages
      English language
    • sale 15% off
    • Standard
      1 page
      English language
    • sale 15% off
    • Draft
      1 page
      English language
    • sale 15% off
    • Standard
      39 pages
      English language
    • sale 15% off
    • Draft
      39 pages
      English language

The document takes a multiple agency as well as a citizen-centric viewpoint. It provides guidance on: — smart city ecosystem privacy protection; — how standards can be used at a global level and at an organizational level for the benefit of citizens; and — processes for smart city ecosystem privacy protection. This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations that provide services in ...view more

    • sale 15% off
    • Technical specification
      37 pages
      English language
    • sale 15% off
    • Draft
      37 pages
      English language

This International Standard specifies requirements and provides guidance for bodies providing
audit and certification of an information security management system (ISMS), in addition to the
requirements contained within ISO/IEC 17021-1 and ISO/IEC 27001. It is primarily intended to support
the accreditation of certification bodies providing ISMS certification.
The requirements contained in this International Standard need to be demonstrated in terms of
competence and reliability by any body...
view more

    • sale 10% off
    • Standard
      49 pages
      English language
    • e-Library read for
      1 day

This document provides an overview of cybersecurity. This document: — describes cybersecurity and relevant concepts, including how it is related to and different from information security; — establishes the context of cybersecurity; — does not cover all terms and definitions applicable to cybersecurity; and — does not limit other standards in defining new cybersecurity-related terms for use. This document is applicable to all types and sizes of organization (e.g. commercial enterprises, governme...view more

    • sale 15% off
    • Technical specification
      17 pages
      English language
    • sale 15% off
    • Draft
      17 pages
      English language

This document provides guidance on concepts, objectives and processes for the governance of information security, by which organizations can evaluate, direct, monitor and communicate the information security-related processes within the organization. The intended audience for this document is: — governing body and top management; — those who are responsible for evaluating, directing and monitoring an information security management system (ISMS) based on ISO/IEC 27001; — those responsible for in...view more

    • sale 15% off
    • Standard
      16 pages
      English language
    • sale 15% off
    • Draft
      16 pages
      English language

This document discusses the threats, risks, and controls related to: — systems that provide digital asset custodian services and/or exchange services to their customers (consumers and businesses) and management of security when an incident occurs; — asset information (including the signature key of the digital asset) that a custodian of digital assets manages. This document is addressed to digital asset custodians that manage signature keys associated with digital asset accounts. In such a case,...view more

    • sale 15% off
    • Technical report
      35 pages
      English language
    • sale 15% off
    • Draft
      35 pages
      English language

This document specifies the security requirements for physically unclonable functions (PUFs). Specified security requirements concern the output properties, tamper-resistance and unclonability of a single and a batch of PUFs. Since it depends on the application which security requirements a PUF needs to meet, this documents also describes the typical use cases of a PUF. Amongst PUF use cases, random number generation is out of scope in this document.

    • sale 15% off
    • Standard
      16 pages
      English language
    • sale 15% off
    • Draft
      16 pages
      English language

This document specifies methods for generating and testing prime numbers as required in cryptographic protocols and algorithms. Firstly, this document specifies methods for testing whether a given number is prime. The testing methods included in this document are divided into two groups: — probabilistic primality tests, which have a small error probability. All probabilistic tests described here can declare a composite to be a prime; — deterministic methods, which are guaranteed to give the righ...view more

    • sale 15% off
    • Standard
      33 pages
      English language
    • sale 15% off
    • Draft
      33 pages
      English language

This document specifies five methods for authenticated encryption, i.e. defined ways of processing a data string with the following security objectives: — data confidentiality, i.e. protection against unauthorized disclosure of data; — data integrity, i.e. protection that enables the recipient of data to verify that it has not been modified; — data origin authentication, i.e. protection that enables the recipient of data to verify the identity of the data originator. All five methods specified i...view more

    • sale 15% off
    • Standard
      26 pages
      English language
    • sale 15% off
    • Draft
      25 pages
      English language

This document specifies mechanisms to establish shared symmetric keys between groups of entities. It defines: — symmetric key-based key establishment mechanisms for multiple entities with a key distribution centre (KDC); and — symmetric key establishment mechanisms based on a general tree-based logical key structure with both individual rekeying and batch rekeying. It also defines key establishment mechanisms based on a key chain with group forward secrecy, group backward secrecy or both group f...view more

    • sale 15% off
    • Standard
      18 pages
      English language
    • sale 15% off
    • Draft
      18 pages
      English language

This part of IEC 62443 establishes requirements for:
• defining a system under consideration (SUC) for an industrial automation and control
system (IACS);
• partitioning the SUC into zones and conduits;
• assessing risk for each zone and conduit;
• establishing the target security level (SL-T) for each zone and conduit; and
• documenting the security requirements.

    • sale 10% off
    • Standard
      34 pages
      English language
    • e-Library read for
      1 day

This document describes test methods for determining the conformance of security crypto suites defined in ISO/IEC 29167-16. This document contains conformance tests for all mandatory and applicable optional functions. The conformance parameters are the following: — parameters that apply directly affecting system functionality and inter-operability; — protocol including commands and replies; — nominal values and tolerances. Unless otherwise specified, the tests in this document are to be applied ...view more

    • sale 15% off
    • Standard
      21 pages
      English language
    • sale 15% off
    • Draft
      21 pages
      English language

For security evaluation of biometric verification systems and biometric identification systems, this document is dedicated to the security evaluation of biometric recognition performance applying the ISO/IEC 15408 series. It provides requirements and recommendations to the developer and the evaluator for the supplementary activities on biometric recognition performance specified in ISO/IEC 19989-1. The evaluation of presentation attack detection techniques is out of the scope of this document ex...view more

    • sale 15% off
    • Standard
      33 pages
      English language

For security evaluation of biometric recognition performance and presentation attack detection for biometric verification systems and biometric identification systemsthis document specifies: — extended security functional components to SFR Classes in ISO/IEC 15408-2; — supplementary activities to methodology specified in ISO/IEC 18045 for SAR Classes of ISO/IEC 15408-3. This document introduces the general framework for the security evaluation of biometric systems, including extended security fu...view more

    • sale 15% off
    • Standard
      62 pages
      English language

For security evaluation of biometric verification systems and biometric identification systems, this document is dedicated to security evaluation of presentation attack detection applying the ISO/IEC 15408 series. It provides recommendations and requirements to the developer and the evaluator for the supplementary activities on presentation attack detection specified in ISO/IEC 19989-1. This document is applicable only to TOEs for single biometric characteristic type but for the selection of a c...view more

    • sale 15% off
    • Standard
      18 pages
      English language

This document gives guidelines for information security incident response in ICT security operations. This document does this by firstly covering the operational aspects in ICT security operations from a people, processes and technology perspective. It then further focuses on information security incident response in ICT security operations including information security incident detection, reporting, triage, analysis, response, containment, eradication, recovery and conclusion. This document is...view more

    • sale 15% off
    • Standard
      31 pages
      English language

This document specifies mechanisms for the provision of specific, communication-related, non‑repudiation services using asymmetric cryptographic techniques.

    • sale 15% off
    • Standard
      13 pages
      English language

This document serves as a general model for subsequent parts specifying non-repudiation mechanisms using cryptographic techniques. The ISO/IEC 13888 series provides non-repudiation mechanisms for the following phases of non-repudiation: — evidence generation; — evidence transfer, storage and retrieval; and — evidence verification. Dispute arbitration is outside the scope of the ISO/IEC 13888 series.

    • sale 15% off
    • Standard
      20 pages
      English language
    • sale 15% off
    • Standard
      12 pages
      English language

This International Standard provides a privacy framework which
- specifies a common privacy terminology;
- defines the actors and their roles in processing personally identifiable information (PII);
- describes privacy safeguarding considerations; and
- provides references to known privacy principles for information technology.
This International Standard is applicable to natural persons and organizations involved in specifying,
procuring, architecting, designing, developing, testing, main...
view more

    • sale 10% off
    • Standard
      37 pages
      English language
    • e-Library read for
      1 day
    • sale 10% off
    • Standard
      37 pages
      English language
    • e-Library read for
      1 day

The scope of this Recommendation | International Standard is to define guidelines supporting the implementation of
information security controls in telecommunications organizations.
The adoption of this Recommendation | International Standard will allow telecommunications organizations to meet
baseline information security management requirements of confidentiality, integrity, availability and any other relevant
security property.

    • sale 10% off
    • Standard
      41 pages
      English language
    • e-Library read for
      1 day

This document provides requirements and recommendations to vendors on the disclosure of
vulnerabilities in products and services. Vulnerability disclosure enables users to perform technical
vulnerability management as specified in ISO/IEC 27002:2013, 12.6.1[1]. Vulnerability disclosure helps
users protect their systems and data, prioritize defensive investments, and better assess risk. The goal
of vulnerability disclosure is to reduce the risk associated with exploiting vulnerabilities. Coor...
view more

    • sale 10% off
    • Standard
      42 pages
      English language
    • e-Library read for
      1 day

This document provides requirements and recommendations for how to process and remediate reported potential vulnerabilities in a product or service.
This document is applicable to vendors involved in handling vulnerabilities.

    • sale 10% off
    • Standard
      21 pages
      English language
    • e-Library read for
      1 day

The present document specifies high-level security and data protection provisions for consumer IoT devices that are
connected to network infrastructure (such as the Internet or home network) and their interactions with associated
services. The associated services are out of scope. A non-exhaustive list of examples of consumer IoT devices includes:
• connected children's toys and baby monitors;
• connected smoke detectors, door locks and window sensors;
• IoT gateways, base stations and hubs...
view more

    • sale 10% off
    • Standard
      34 pages
      English language
    • e-Library read for
      1 day
    • sale 10% off
    • Standard
      34 pages
      English language
    • e-Library read for
      1 day
    • sale 15% off
    • Standard
      34 pages
      English language
    • sale 15% off
    • Standard
      32 pages
      English language
    • sale 15% off
    • Standard
      30 pages
      English language

This document provides fundamental terminology for blockchain and distributed ledger technologies.

    • sale 15% off
    • Standard
      10 pages
      English language
    • sale 15% off
    • Draft
      10 pages
      English language

IEC 62443-3-2:2020 establishes requirements for:
• defining a system under consideration (SUC) for an industrial automation and control system (IACS);
• partitioning the SUC into zones and conduits;
• assessing risk for each zone and conduit;
• establishing the target security level (SL-T) for each zone and conduit; and
• documenting the security requirements.

    • sale 15% off
    • Standard
      31 pages
      English language
    • sale 15% off
    • Standard
      63 pages
      English and French language

This document establishes commonly accepted control objectives, controls and guidelines for
implementing measures to protect Personally Identifiable Information (PII) in line with the privacy
principles in ISO/IEC 29100 for the public cloud computing environment.
In particular, this document specifies guidelines based on ISO/IEC 27002, taking into consideration
the regulatory requirements for the protection of PII which can be applicable within the context of the
information security risk e...
view more

    • sale 10% off
    • Standard
      35 pages
      English language
    • e-Library read for
      1 day
    • sale 10% off
    • Standard
      35 pages
      English language
    • e-Library read for
      1 day

This document specifies controls which shape the content and the structure of online privacy notices as well as the process of asking for consent to collect and process personally identifiable information (PII) from PII principals. This document is applicable in any online context where a PII controller or any other entity processing PII informs PII principals of processing.

    • sale 15% off
    • Standard
      25 pages
      English language
    • sale 15% off
    • Draft
      25 pages
      English language

This document provides an overview of privacy and personally identifiable information (PII) protection as applied to blockchain and distributed ledger technologies (DLT) systems.

    • sale 15% off
    • Technical report
      17 pages
      English language

This International Standard specifies the requirements for establishing, implementing, maintaining
and continually improving an information security management system within the context of the
organization. This International Standard also includes requirements for the assessment and treatment
of information security risks tailored to the needs of the organization. The requirements set out in this
International Standard are generic and are intended to be applicable to all organizations, rega...
view more

    • sale 10% off
    • Corrigendum
      1 page
      Slovenian language
    • e-Library read for
      1 day

This document specifies the requirements for creating sector-specific standards that extend ISO/IEC 27001, and complement or amend ISO/IEC 27002 to support a specific sector (domain, application area or market). This document explains how to: — include requirements in addition to those in ISO/IEC 27001, — refine or interpret any of the ISO/IEC 27001 requirements, — include controls in addition to those of ISO/IEC 27001:2013, Annex A and ISO/IEC 27002, — modify any of the controls of ISO/IEC 2700...view more

    • sale 15% off
    • Standard
      18 pages
      English language
    • sale 10% off
    • Draft
      24 pages
      English language
    • e-Library read for
      1 day

EN-ISO-IEC 29134 guidelines for - a process on privacy impact assessments, and - a structure and content of a PIA report. It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations. This document is relevant to those involved in designing or implementing projects, including the parties operating data processing systems and services that process PII.

    • sale 10% off
    • Standard
      53 pages
      English language
    • e-Library read for
      1 day
    • sale 10% off
    • Standard
      53 pages
      English language
    • e-Library read for
      1 day

EN-ISO/IEC 27019 provides guidance based on ISO/IEC 27002:2013 applied to process control systems used by the energy utility industry for controlling and monitoring the production or generation, transmission, storage and distribution of electric power, gas, oil and heat, and for the control of associated supporting processes. This includes in particular the following: - central and distributed process control, monitoring and automation technology as well as information systems used for their ope...view more

    • sale 10% off
    • Standard
      46 pages
      English language
    • e-Library read for
      1 day
    • sale 10% off
    • Standard
      46 pages
      English language
    • e-Library read for
      1 day

EN-ISO/IEC 18045 is a companion document to the “Evaluation criteria for IT security”, ISO/IEC 15408. This International Standard defines the minimum actions to be performed by an evaluator in order to conduct an ISO/IEC 15408 evaluation, using the criteria and evaluation evidence defined in ISO/IEC 15408. This International Standard does not define evaluator actions for certain high assurance ISO/IEC 15408 components, where there is as yet no generally agreed guidance.

    • sale 10% off
    • Standard
      302 pages
      English language
    • e-Library read for
      1 day