iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC FDIS 27011

(Main)

Information security, cybersecurity and privacy protection — Information security controls based on ISO/IEC 27002 for telecommunications organizations

Information security, cybersecurity and privacy protection — Information security controls based on ISO/IEC 27002 for telecommunications organizations

Sécurité de l'information, cybersécurité et protection de la vie privée — Mesures de sécurité de l'information pour les organismes de télécommunications sur la base de l'ISO/IEC 27002

General Information

Status
Not Published
ICS
35.030 - IT Security
Technical Committee
ISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protection
Drafting Committee
ISO/IEC JTC 1/SC 27/WG 1 - Information security management systems
Current Stage
5060 - Close of voting Proof returned by Secretariat
Start Date
08-Jan-2024
Completion Date
09-Jan-2024
Ref Project

Relations

Revises
ISO/IEC 27011:2016 - Information technology — Security techniques — Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations
Effective Date
23-Apr-2020

Buy Standard

ISO/IEC FDIS 27011 - Information security, cybersecurity and privacy protection — Information security controls based on ISO/IEC 27002 for telecommunications organizations Released:30. 10. 2023ISO/IEC FDIS 27011 - Information security, cybersecurity and privacy protection — Information security controls based on ISO/IEC 27002 for telecommunications organizations Released:30. 10. 2023
PreviousNext
Draft
ISO/IEC FDIS 27011 - Information security, cybersecurity and privacy protection — Information security controls based on ISO/IEC 27002 for telecommunications organizations Released:30. 10. 2023
English language
29 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
27011
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection — Information
Voting begins on:
2023-11-13 security controls based on ISO/
IEC 27002 for telecommunications
Voting terminates on:
2024-01-08
organizations
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/IEC FDIS 27011:2023(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS. © ISO/IEC 2023

---------------------- Page: 1 ----------------------
ISO/IEC FDIS 27011:2023(E)
FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
27011
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection — Information
Voting begins on:
security controls based on ISO/
IEC 27002 for telecommunications
Voting terminates on:
organizations
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
RECIPIENTS OF THIS DRAFT ARE INVITED TO
ISO copyright office
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
CP 401 • Ch. de Blandonnet 8
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
CH-1214 Vernier, Geneva
DOCUMENTATION.
Phone: +41 22 749 01 11
IN ADDITION TO THEIR EVALUATION AS
Reference number
Email: copyright@iso.org
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
ISO/IEC FDIS 27011:2023(E)
Website: www.iso.org
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
Published in Switzerland
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN­
DARDS TO WHICH REFERENCE MAY BE MADE IN
ii
  © ISO/IEC 2023 – All rights reserved
NATIONAL REGULATIONS. © ISO/IEC 2023

---------------------- Page: 2 ----------------------
ISO/IEC 27011:2023(E)
INTERNATIONAL STANDARD ISO/IEC 27011
RECOMMENDATION ITU-T X.1051
Information security, cybersecurity and privacy protection — Information security controls
based on ISO/IEC 27002 for telecommunications organizations
Summary
This Recommendation | International Standard:
a) establishes guidelines and general principles for initiating, implementing, maintaining and improving
information security controls in telecommunications organizations based on ISO/IEC 27002;
b) provides an implementation baseline of information security controls within telecommunications
organizations to ensure the confidentiality, integrity and availability of telecommunications facilities,
services and information handled, processed or stored by the facilities and services.
As a result of implementing this Recommendation | International Standard, telecommunications organizations, both within
and between jurisdictions, will:
a) be able to ensure the confidentiality, integrity and availability of global telecommunications facilities,
services and the information handled, processed or stored within global facilities and services;
b) have adopted secure collaborative processes and controls ensuring the lowering of risks in the delivery of
telecommunications services;
c) be able to deliver information security in an effective and efficient manner;
d) have adopted a consistent holistic approach to information security;
e) be able to improve the security culture of organizations, raise staff awareness and increase public trust.
Keywords
information security controls and telecommunications extended controls, information security management, ISO/IEC
27002, information security risk assessment, information security risk treatment.
© ISO/IEC 2023 – All rights reserved
iii

---------------------- Page: 3 ----------------------
ISO/IEC 27011:2023(E)
CONTENTS
Page
1 Scope . 1
2 Normative references. 1
3 Definitions and abbreviations . 1
3.1 Definitions .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 27033-7:2023(Main)
Information technology – Network security — Part 7: Guidelines for network virtualization security

This document aims to identify security risks of network virtualization and proposes guidelines for the implementation of network virtualization security. Overall, this document intends to considerably aid the comprehensive definition and implementation of security for any organization’s virtualization environments. It is aimed at users and implementers who are responsible for the implementation and maintenance of the technical controls required to provide secure virtualization environments.

  • Standard
    23 pages
    English language
    sale 15% off
  • Draft
    23 pages
    English language
    sale 15% off
  • Draft
    23 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 9569:2023(Main)
Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Patch Management Extension for the ISO/IEC 15408 series and ISO/IEC 18045

This document specifies patch management (PAM) security assurance requirements and is intended to be used as an extension of the ISO/IEC 15408 series and ISO/IEC 18045. The security assurance requirements specified in this document do not include evaluation or test activities on the final target of evaluation (TOE), but focus on the initial TOE and on the life cycle processes used by manufacturers. Additionally, this document gives guidance to facilitate the evaluation of the TOE, including the patch and development processes which support the patch management. This document lists options for evaluation authorities (or mutual recognition agreements) on how to utilize the additional assurance and additional evidence in their processes to enable the developer to consistently re-certify their updated or patched TOEs to the benefit of the users. The implementation of these options using an evaluation scheme is out of the scope of this document.

  • Technical specification
    36 pages
    English language
    sale 15% off
  • Draft
    36 pages
    English language
    sale 15% off
  • Draft
    36 pages
    English language
    sale 15% off
ISO
ISO/IEC 27402:2023(Main)
Cybersecurity — IoT security and privacy — Device baseline requirements

This document provides baseline ICT requirements for IoT devices to support security and privacy controls.

  • Standard
    16 pages
    English language
    sale 15% off
  • Draft
    16 pages
    English language
    sale 15% off
  • Draft
    16 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 6114:2023(Main)
Cybersecurity — Security considerations throughout the product life cycle

This document describes security considerations throughout the product life cycle (SCLC), which is a framework that spans the entire information and communications technology (ICT) product life cycle. The aim of the framework is to align the industry and bring greater transparency to customers at every point on the ICT product life cycle. This document describes the following items for suppliers, end users (consumers), intermediaries of the ICT supply chain, service providers, and regulators: — definition of phases in the ICT product life cycle from concept to retirement; — threat vectors possible in each phase of the life cycle; — potential controls against those threat vectors. The target audiences of this document are suppliers and consumers of ICT products, including all participants throughout the supply chain such as silicon chip designers, fabricators, product assemblers, logistics providers, service providers, and information security organizations. Clauses 5 to 11 target an organization’s strategic and risk management teams. This document provides an end-to-end view of the threats in each phase to help the organization shape their plans, procedures and policies.

  • Technical report
    44 pages
    English language
    sale 15% off
  • Draft
    46 pages
    English language
    sale 15% off
  • Draft
    46 pages
    English language
    sale 15% off
ISO
ISO/IEC 23837-2:2023(Main)
Information security — Security requirements, test and evaluation methods for quantum key distribution — Part 2: Evaluation and testing methods

This document specifies test and evaluation methods for the security evaluation of quantum key distribution (QKD). It also describes evaluation activities that constitute the test and evaluation methods for the security functional requirements on the implementation of QKD protocols, the quantum optical components and conventional network components in QKD modules. Moreover, supplementary evaluation activities for security assurance requirements are provided to support the security evaluation of QKD with appropriate assurance levels.

  • Standard
    106 pages
    English language
    sale 15% off
  • Draft
    106 pages
    English language
    sale 15% off
  • Draft
    106 pages
    English language
    sale 15% off
ISO
ISO/IEC 23837-1:2023(Main)
Information security — Security requirements, test and evaluation methods for quantum key distribution — Part 1: Requirements

This document specifies a general framework for the security evaluation of quantum key distribution (QKD) according to the ISO/IEC 15408 series. Specifically, it specifies a baseline set of common security functional requirements (SFRs) for QKD modules, including SFRs on the conventional network components and the quantum optical components, and the entire implementation of QKD protocols. To facilitate the analysis of SFRs, security problems that QKD modules can face in their operational environment are analysed based on a structural analysis of the security functionality of QKD modules and the classification of QKD protocols. The SFRs on conventional network components of QKD modules are mainly characterized under the framework of the ISO/IEC 15408 series and also refer to the methodology of ISO/IEC 19790 and relevant standards on testing of cryptographic modules and network devices.

  • Standard
    52 pages
    English language
    sale 15% off
ISO
ISO/IEC 9797-1:2011/Amd 1:2023(Amendment)
Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher — Amendment 1
  • Standard
    1 page
    English language
    sale 15% off
ISO
ISO/IEC TS 27560:2023(Main)
Privacy technologies — Consent record information structure

This document specifies an interoperable, open and extensible information structure for recording PII principals' consent to PII processing. This document provides requirements and recommendations on the use of consent receipts and consent records associated with a PII principal's PII processing consent, aiming to support the: — provision of a record of the consent to the PII principal; — exchange of consent information between information systems; — management of the life cycle of the recorded consent.

  • Technical specification
    52 pages
    English language
    sale 15% off
  • Draft
    51 pages
    English language
    sale 15% off
  • Draft
    51 pages
    English language
    sale 15% off
ISO
ISO/IEC 27071:2023(Main)
Cybersecurity — Security recommendations for establishing trusted connections between devices and services

This document provides a framework and recommendations for establishing trusted connections between devices and services based on hardware security modules. It includes recommendations for components such as: hardware security module, roots of trust, identity, authentication and key establishment, remote attestation, data integrity and authenticity. This document is applicable to scenarios that establish trusted connections between devices and services based on hardware security modules. This document does not address privacy concerns.

  • Standard
    24 pages
    English language
    sale 15% off
  • Draft
    24 pages
    English language
    sale 15% off
ISO
ISO/IEC 4922-1:2023(Main)
Information security — Secure multiparty computation — Part 1: General

This document specifies definitions, terminology and processes for secure multiparty computation and related technology, in order to establish a taxonomy and enable interoperability. In particular, this document defines the processes involved in cryptographic mechanisms which compute a function on data while the data are kept private; the participating parties; and the cryptographic properties. The terminology contained in this document is common to the ISO/IEC 4922 series.

  • Standard
    10 pages
    English language
    sale 15% off