SIST-TS CEN/TS 18053-2:2024
(Main)Digital Chain of Custody for CBRNE Evidence - Part 2: Data Management and Audit
Digital Chain of Custody for CBRNE Evidence - Part 2: Data Management and Audit
This document provides guidelines for managing and auditing Digital Custody Metadata (DCM), enabling stakeholders to identify and audit custody ownership for CBRNE evidence in the dCoC. It proposes a metadata structure to manage resources assigned to CBRNE evidence and comply with good data governance practices, raising awareness at each custody transfer point.
In addition to considering using the Business Process Model and Notation (BPMN) to specify metadata management processes, therelevance of standard procedures to overcome DCM-related challenges is also addressed. In this domain, the focus is on the metadata structures required to manage digital asset custodians while outlining some of the activities that should be considered when specifying a DCM governance workflow.
This document is the second part of a series of technical specifications for the provision of DCM services for managing data related to the preservation of CBRNE evidence. Please see the first part of this series for a complete understanding of the concepts and stakeholders’ role within the custody transfer lifecycle.
Digitale Beweiskette für CBRNE-Beweise - Teil 2: Datenmanagement und Audit
Chaîne de contrôle numérique pour éléments de preuve CBRNE - Partie 2 : Gestion des données et audit
Digitalna skrbniška veriga za dokaze CBRNE - 2. del: Upravljanje podatkov in presoja
General Information
Standards Content (Sample)
SLOVENSKI STANDARD
01-november-2024
Digitalna skrbniška veriga za dokaze CBRNE - 2. del: Upravljanje podatkov in
presoja
Digital Chain of Custody for CBRNE Evidence - Part 2: Data Management and Audit
Digitale Beweiskette für CBRNE-Beweise - Teil 2: Datenmanagement und Audit
Ta slovenski standard je istoveten z: CEN/TS 18053-2:2024
ICS:
13.300 Varstvo pred nevarnimi Protection against dangerous
izdelki goods
35.240.99 Uporabniške rešitve IT na IT applications in other fields
drugih področjih
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
CEN/TS 18053-2
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
September 2024
TECHNISCHE SPEZIFIKATION
ICS 13.300; 35.240.99
English Version
Digital Chain of Custody for CBRNE Evidence - Part 2: Data
Management and Audit
Digitale Beweiskette für CBRNE-Beweise - Teil 2:
Datenmanagement und Audit
This Technical Specification (CEN/TS) was approved by CEN on 26 May 2024 for provisional application.
The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to
submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.
CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS
available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in
parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2024 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 18053-2:2024 E
worldwide for CEN national Members.
Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative References . 5
3 Terms and Definitions. 5
4 Symbols and Abbreviated Terms . 5
5 Data Governance in the Digital Custody Transfer Domain . 6
5.1 General. 6
5.2 The Data Governance Process . 7
5.3 The Custody Transfer Lifecycle . 8
5.4 CTP Lifecycle . 11
5.4.1 CTP Status Management . 11
5.4.2 CTP Global Process . 13
5.5 Authentication and verification of assigned resources . 15
5.6 Managing Resources Assigned to the Mission . 17
6 Digital Custody Metadata Structure . 18
6.1 General. 18
6.2 The Relevance of Data Governance . 18
6.3 Controlling and Monitoring each Custody Transfer Point . 18
6.4 Risk Compliance and Reporting Policies . 20
7 Defining Indicators to Monitor Digital Evidence Custody . 21
8 Digital Custody Data Model . 22
Annex A (informative) Example of the dCoC domain diagram for CTP evidence . 24
Annex B (informative) Role-Permission Matrix . 25
Annex C (informative) Guidance for the Structure of the KPI Metadata . 26
Annex D (informative) Mockup of the interface for assigning Resources . 30
Bibliography . 32
European foreword
This document (CEN/TS 18053-2:2024) has been prepared by Technical Committee CEN/TC 391
“Societal and citizen security”, the secretariat of which is held by AFNOR.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national standards body.
A complete listing of these bodies can be found on the CEN website.
According to the CEN/CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and the
United Kingdom.
Introduction
This document presents the metadata that should be considered for automating the custody transfer of
digital evidence items within a digital Chain of Custody (dCoC). The goal is to provide guidelines for a
standardized metadata structure for auditing the custody transfer between stakeholders. These
guidelines intend to support data integrity and to ensure compliance with business rules in each custody
transfer point (CTP).
The proposed data structure is designated as Digital Custody Metadata (DCM). It is an essential tool for
auditing the data governance workflow, providing a digital log with information about who has custody
and how that custody was transferred between stakeholders. Such information should be admissible in
administrative, disciplinary, and judicial proceedings. If a digital log of each custody transfer is not
preserved, the evidence presented in court may be challenged and ruled inadmissible. Therefore, the goal
is to provide guidelines for a non-repudiation digital log, ensuring a standard data structure for data
management and auditing.
In order to understand who holds a CBRNE digital evidence item within each CTP lifecycle, the DCM
should provide comprehensive information. This information encompasses details about the location and
timing of the custody transfer, identification of the custody owner and receiver, and metadata about the
package used for transporting the digital evidence items. Additionally, the DCM should provide insights
into the status of the CTP, including information about successfully executed CTPs and triggers for
situational awareness.
In this domain, actions related to situational awareness that necessitate the involvement of the Mission
Command Team or pertain to suspicious situations potentially jeopardising the integrity of the DCM
should be highlighted. These actions warrant specific instructions on how to proceed with the custody
transfer. In such instances, the CTP dendrogram should clearly outline the particular CTP node that
triggered the alert.
This document focuses on the CBRNE digital evidence item transport lifecycle, from collection to its final
destination. Sample collection techniques, preservation and packaging procedures are outside the scope
of this document as they are well documented in existing standards. A well-documented dCoC should be
established through a data governance process and with guidelines to ensure the integrity of the DCM for
each CTP in the dCoC process.
This Part 2 should be considered alongside with Part 1 - Overview and concepts. Together with Part 1 -
Overview and concepts - it is possible to obtain a complete understanding of the custody transfer lifecycle.
1 Scope
This document provides guidelines for managing and auditing Digital Custody Metadata (DCM), enabling
stakeholders to identify and audit custody ownership for CBRNE digital evidence items in the digital chain
of custody (dCoC). It proposes a metadata structure to manage resources assigned to a CBRNE mission
and comply with good data governance practices, raising awareness at each custody transfer point.
The information flow within the dCoC is modelled using the Business Process Model and Notation
(BPMN) to specify the DCM governance workflow. This standard notation provides a formal
representation that helps understand the challenges associated with the DCM. The goal is to focus on the
metadata structures required to manage digital asset custodians while outlining the data to be considered
when specifying a DCM governance workflow.
This document is the second part of two Technical Specifications (TS) on the provision of DCM services
for managing data related to the custody of CBRNE digital evidence items.
2 Normative References
There are no normative references in this document.
3 Terms and Definitions
No terms and definitions are listed in this document.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
• IEC Electropedia: available at https://www.electropedia.org/
• ISO Online browsing platform: available at https://www.iso.org/obp
4 Symbols and Abbreviated Terms
AAA Authentication, Authorization, and Accounting
API Application Programming Interface
CC Command Centre
CTP Custody Transfer Point
dCoC digital Chain of Custody
DCM Digital Custody Metadata
GUI Graphical User Interface
ICT Information and Communications Technology
KPI Key Performance Indicator
RAV Remote Aerial Vehicle
RGV Remote Ground Vehicle
ROV Remotely Operated Vehicle
TS Technical Specification
UX User Interface
5 Data Governance in the Digital Custody Transfer Domain
5.1 General
This section provides guidelines for implementing data verification measures, guaranteeing their
availability, integrity, authentication, confidentiality, and non-repudiation. These measures serve the
purpose of creating a digital evidence log, documenting custodianships and the transfer of digital custody
between stakeholders. The digital log constitutes an information assurance storage, enabling auditing of
the data governance workflow while ensuring integrity checks are in place.
Those responsible for data governance, particularly those who need to analyse metadata characterizing
the digital evidence, should seek to create:
• A culture that considers DCM as a valuable digital asset, being accountable for ensuring that legal,
ethical, and other requirements comply;
• Assure that all DCM are harmonized and adequately stored in an evidence log, with the possibility to
query the chronological execution of custody transfer transactions;
• All parties involved in developing policy, planning and implementation should know the causes of
failure associated with DCM processes, their responsibilities, and potential mitigation actions.
Management support is also essential for successfully establishing, implementing, maintaining and
continually improving the DCM process. Management should evaluate existing policies and demonstrate
leadership and commitment to mitigate uncertainty [1]. The goal is to provide a reliable data governance
workflow for each CTP lifecycle.
Figure 1 illustrates that the DCM process is organized into three levels of metadata governance.
Maintaining an appropriate balance between controls and management should be considered for
effective communication with all stakeholders involved in the CBRNE mission. Additionally, any
situational-awareness actions requiring the intervention of the Mission Command Team or associated
with suspicious situations that could potentially compromise the integrity of the DCM should be flagged
for in-depth analysis. These situations should be communicated to all stakeholders, including operational
decision-makers, to enhance awareness and accountability.
Figure 1 — Metadata governance harmonization
-----------------
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.