ISO/IEC JTC 1/SC 27

ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC JTC 1/SC 27 develops International Standards, Technical Reports, and Technical Specifications within the field of information security. Standardization activity by this subcommittee includes general methods, management system requirements, techniques and guidelines to address information security, cybersecurity and privacy. Drafts of International Standards by ISO/IEC JTC 1 or any of its subcommittees are sent out to participating national standardization bodies for ballot, comments and contributions. Publication as an ISO/IEC International Standard requires approval by a minimum of 75% of the national bodies casting a vote.{{ cite web| title=ISO/IEC JTC 1/SC 27 – IT Security techniques Home| url=http://www.jtc1sc27.din.de/en| author=DIN| date=2015-08-12| access-date=2013-09-26}} The international secretariat of ISO/IEC JTC 1/SC 27 is the Deutsches Institut für Normung (DIN) located in Germany.{{cite web| title=ISO/IEC JTC 1/SC 27 – Secretariat| url=http://www.iso.org/iso/home/standards_development/list_of_iso_technical_committees/technical_committee_contact.htm?commid=45306| access-date=2013-08-22| author=ISO}}

History

ISO/IEC JTC 1/SC 27 was founded by ISO/IEC JTC 1 in 1990. The subcommittee was formed when ISO/IEC JTC 1/SC 20, which covered standardization within the field of security techniques, covering "secret-key techniques" (ISO/IEC JTC 1/SC 20/WG 1), "public-key techniques" (ISO/IEC JTC 1/SC 20/WG 2), and "data encryption protocols" (ISO/IEC JTC 1/SC 20/WG 3) was disbanded. This allowed for ISO/IEC JTC 1/SC 27 to take over the work of ISO/IEC JTC 1/SC 20 (specifically that of its first two working groups) as well as to extend its scope to other areas within the field of IT security techniques.{{citation| title= ISO/IEC JTC1 Standing Document N 2| chapter=ISO/IEC JTC 1/SC 27 Security techniques| year=2012| author=ISO}} Since 1990, the subcommittee has extended or altered its scope and working groups to meet the current standardization demands. ISO/IEC JTC 1/SC 27, which started with three working groups, eventually expanded its structure to contain five.{{cite book| title=SC 27 Platinum Book| editor=Humphreys, Edward| year=2010| publisher=Gripping Press Ltd| location=Suffolk, UK| access-date=2013-08-22| url=http://www.jtc1sc27.din.de/sixcms_upload/media/3031/SC27Platinum_Book201010.pdf}} The two new working groups were added in April 2006, at the 17th Plenary Meeting in Madrid, Spain.{{cite journal| title=Getting Ready to the Changing Risk Situation| journal=Synthesis Journal| year=2008| access-date=2013-08-22| url=http://www.itsc.org.sg/pdf/synthesis08/Two_WG4.pdf| author=Meng-Chow, Kang}}

Scope

The scope of ISO/IEC JTC 1/SC 27 is "The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as:{{cite report| title=SC 27 Business Plan October 2014 – September 2015| author=Fumy, Walter| date=2012-10-10| url=http://jtc1info.org/wp-content/uploads/2013/03/SC-27-Business-Plan-2012.pdf| access-date=2013-08-22| type=Business Plan}}

Security requirements capture methodology;
Management of information and ICT security; in particular information security management systems, security processes, security controls and services;
Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information;
Security management support documentation including terminology, guidelines as well as procedures for the registration of security components;
Security aspects of identity management, biometrics and privacy;
Conformance assessment, accreditation and auditing requirements in the area of information security management systems;
Security evaluation criteria and methodology.

SC 27 engages in active liaison and collaboration with appropriate bodies to ensure the proper development and application of SC 27 standards and technical reports in relevant areas."

Structure

ISO/IEC JTC 1/SC 27 is made up of five working groups (WG), each of which is responsible for the technical development of information and IT security standards within the programme of work of ISO/IEC JTC 1/SC 27. In addition, ISO/IEC JTC 1/SC 27 has two special working groups (SWG): (i) SWG-M, which operates under the direction of ISO/IEC JTC 1/SC 27 with the primary task of reviewing and evaluating the organizational effectiveness of ISO/IEC JTC 1/SC 27 processes and mode of operations; and (ii) SWG-T, which operates under the direction of ISO/IEC JTC 1/SC 27 to address topics beyond the scope of the respective existing WGs or that can affect directly or indirectly multiple WGs. ISO/IEC JTC 1/SC 27 also has a Communications Officer whose role is to promote the work of ISO/IEC JTC 1/SC 27 through different channels: press releases and articles, conferences and workshops, interactive ISO chat forums and other media channels.

The focus of each working group is described in the group's terms of reference. Working groups of ISO/IEC JTC 1/SC 27 are:{{cite web| title=ISO/IEC JTC 1/SC 27 IT Security techniques| access-date=2013-08-22| url=http://www.iso.org/iso/home/standards_development/list_of_iso_technical_committees/iso_technical_committee.htm?commid=45306| author=ISO| page=Structure}}

class="wikitable" width="60%" ! width="20%" \| Working Group ! width="40%" \| Working Area
ISO/IEC JTC 1/SC 27/SWG-M	Management
ISO/IEC JTC 1/SC 27/SWG-T	Transversal items
ISO/IEC JTC 1/SC 27/WG 1	Information security management systems
ISO/IEC JTC 1/SC 27/WG 2	Cryptography and security mechanisms
ISO/IEC JTC 1/SC 27/WG 3	Security evaluation, testing and specification
ISO/IEC JTC 1/SC 27/WG 4	Security controls and services
ISO/IEC JTC 1/SC 27/WG 5	Identity management and privacy technologies

Collaborations

ISO/IEC JTC 1/SC 27 works in close collaboration with a number of other organizations or subcommittees, both internal and external to ISO or IEC, in order to avoid conflicting or duplicative work. Organizations internal to ISO or IEC that collaborate with or are in liaison to ISO/IEC JTC 1/SC 27 include:{{cite web|title=ISO/IEC JTC 1/SC 27 Liaisons|url=http://www.iso.org/iso/home/standards_development/list_of_iso_technical_committees/iso_technical_committee.htm?commid=45306|website=ISO|access-date=2015-07-14}}

ISO/IEC JTC 1/SWG 6, Management
ISO/IEC JTC 1/WG 7, Sensor networks
ISO/IEC JTC 1/WG 9, Big Data
ISO/IEC JTC 1/WG 10, Internet of Things (IoT)
ISO/IEC JTC 1/SC 6, Telecommunications and information exchange between systems
ISO/IEC JTC 1/SC 7, Software and systems engineering
ISO/IEC JTC 1/SC 17, Cards and personal identification
ISO/IEC JTC 1/SC 22, Programming languages, their environments and system software interfaces
ISO/IEC JTC 1/SC 25, Interconnection of information technology equipment
ISO/IEC JTC 1/SC 31, Automatic identification and data capture techniques
ISO/IEC JTC 1/SC 36, Information technology for learning, education and training
ISO/IEC JTC 1/SC 37, Biometrics
ISO/IEC JTC 1/SC 38, Cloud computing and distributed platforms
ISO/IEC JTC 1/SC 40, IT Service Management and IT Governance
ISO/TC 8, Ships and marine technology
ISO/TC 46, Information and documentation
ISO/TC 46/SC 11, Archives/records management
ISO/TC 68, Financial services
ISO/TC 68/SC 2, Financial Services, security
ISO/TC 68/SC 7, Core banking
ISO/TC 171, Document management applications
ISO/TC 176, Quality management and quality assurance
ISO/TC 176/SC 3, Supporting technologies
ISO/TC 204, Intelligent transport systems
ISO/TC 215, Health informatics
ISO/TC 251, Asset management
ISO/TC 259, Outsourcing
ISO/TC 262, Risk management
ISO/TC 272, Forensic sciences
ISO/TC 292, Security and resilience
ISO/CASCO, Committee on Conformity Assessments
ISO/TMB/JTCG, Joint technical Coordination Group on MSS
ISO/TMB/SAG EE 1, Strategic Advisory Group on Energy Efficiency
IEC/SC 45A, Instrumentation, control and electrical systems of nuclear facilities
IEC/TC 57, Power systems management and associated information exchange
IEC/TC 65, Industrial-process measurement, control and automation
IEC Advisory Committee on Information security and data privacy (ACSEC)

Some organizations external to ISO or IEC that collaborate with or are in liaison to ISO/IEC JTC 1/SC 27 include:{{cite web| title=ISO/IEC JTC 1/SC 27 Membership| author=DIN| date=2015-08-12| access-date=2013-08-22| url=http://www.jtc1sc27.din.de/cmd?level=tpl-bereich&languageid=en&cmsareaid=members}}

Attribute-based Credentials for Trust (ABC4Trust)
Article 29 Data Protection Working Party
Common Criteria Development Board (CCDB)
Consortium of Digital Forensic Specialists (CDFS)
CEN/TC 377
CEN/PC 428 e-Competence and ICT professionalism
Cloud Security Alliance (CSA)
Cloud Standards Customer Council (CSCC)
Common Study Center of Telediffusion and Telecommunication (CCETT)
The Cyber Security Naming & Information Structure Groups (Cyber Security)
Ecma International
European Committee for Banking Standards (ECBS)
European Network and Information Security Agency (ENISA)
European Payments Council (EPC)
European Telecommunications Standards Institute (ETSI)
European Data Centre Association (EUDCA)
Eurocloud
Future of Identity in the Information Society (FIDIS)
Forum of Incident Response and Security Teams (FIRST)
Information Security Forum (ISF)
Latinoamerican Institute for Quality Assurance (INLAC)
Institute of Electrical and Electronics Engineers (IEEE)
International Conference of Data Protection and Privacy Commissioners
International Information Systems Security Certification Consortium ((ISC)2)
International Smart Card Certification Initiatives (ISCI)
The International Society of Automation (ISA)
INTERPOL
ISACA
International Standardized Commercial Identifier (ISCI)
Information Security Forum (ISF)
ITU-T
Kantara Initiative
MasterCard
PReparing Industry to Privacy-by-design by supporting its Application in REsearch (PRIPARE)
Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security (TREsPASS)
Privacy and Identity Management for Community Services (PICOS)
Privacy-Preserving Computation in the Cloud (PRACTICE)
The Open Group
The OpenID Foundation (OIDF)
TeleManagement Forum (TMForum)
Trusted Computing Group (TCG)
Visa

Member countries

Countries pay a fee to ISO to be members of subcommittees.{{cite manual| url=http://www.iso.org/iso/iso_membership_manual_2012.pdf| pages=17–18| chapter=III. What Help Can I Get from the ISO Central Secretariat?| title=ISO Membership Manual| author=ISO| date=June 2012| access-date=2013-07-12| publisher=ISO}}

The 51 "P" (participating) members of ISO/IEC JTC 1/SC 27 are: Algeria, Argentina, Australia, Austria, Belgium, Brazil, Canada, Chile, China, Cyprus, Czech Republic, Côte d'Ivoire, Denmark, Finland, France, Germany, India, Ireland, Israel, Italy, Jamaica, Japan, Kazakhstan, Kenya, Republic of Korea, Luxembourg, Malaysia, Mauritius, Mexico, Netherlands, New Zealand, Norway, Peru, Poland, Romania, Russian Federation, Rwanda, Singapore, Slovakia, South Africa, Spain, Sri Lanka, Sweden, Switzerland, Thailand, the Republic of Macedonia, Ukraine, United Arab Emirates, United Kingdom, United States of America, and Uruguay.

The 20 "O" (observing) members of ISO/IEC JTC 1/SC 27 are: Belarus, Bosnia and Herzegovina, Costa Rica, El Salvador, Estonia, Ghana, Hong Kong, Hungary, Iceland, Indonesia, Islamic Republic of Iran, Lithuania, Morocco, State of Palestine, Portugal, Saudi Arabia, Serbia, Slovenia, Swaziland, and Turkey.{{cite web| url=http://www.iso.org/iso/home/standards_development/list_of_iso_technical_committees/iso_technical_committee_participation.htm?commid=45306| title=ISO/IEC JTC 1/SC 27 - IT Security techniques| access-date=2013-08-23| author=ISO}}

As of August 2014, the spread of meeting locations since Spring 1990 has been as shown below:

File:SC27-Locations.jpg

Published standards

ISO/IEC JTC 1/SC 27 currently has 147 published standards within the field of IT security techniques, including:{{cite web| title=Standards Catalogue: ISO/IEC JTC 1/SC 27 – IT Security techniques| author=ISO| access-date=2015-08-20| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_tc_browse.htm?commid=45306&published=on}}{{cite web| title=Freely Available Standards| access-date=2015-08-20| url=http://standards.iso.org/ittf/PubliclyAvailableStandards/index.html| publisher=ISO}}{{cite web|title=ISO/IEC JTC 1/SC 27|url=http://www.iso.org/iso/home/standards_development/list_of_iso_technical_committees/iso_technical_committee.htm?commid=45306|website=ISO|access-date=2015-07-14}}

class="wikitable sortable" width="100%" ! data-sort-type="number" width="14%" \| ISO/IEC Standard ! width="29%" \| Title ! width="6%" \| Status ! width="49%" \| Description ! width= "2%" \| WG
data-sort-value="27000" \| ISO/IEC 27000 [http://webarchive.loc.gov/all/20121224191516/http://standards.iso.org/ittf/licence.html free]	Information technology – Security techniques – Information security management systems – Overview and vocabulary	Published (2018)	Describes the overview and vocabulary of ISMS{{cite web\| title=ISO/IEC 27000:2014\| author=ISO\| access-date=2015-08-20\| url=http://www.iso.org/iso/catalogue_detail?csnumber=63411\| date=2014-01-15}}	1
data-sort-value="27001" \| ISO/IEC 27001	Information technology – Security techniques – Information security management systems – Requirements	Published (2013)	Specifies the requirements for establishing, implementing, monitoring, and maintaining documented a documented ISMS within an organization.{{cite web\| title=ISO/IEC 27001:2013\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=54534\| date=2013-09-25\| access-date=2013-09-26\| author=ISO}} "Transition mapping" ISO/IEC 27023 provides a set of tables showing the correspondence between editions 1 and 2 of the standard	1
data-sort-value="27002" \| ISO/IEC 27002	Information technology – Security techniques – Code of practice for information security controls	Published (2013)	Provides guidelines for information security management practices for use by those selecting, implementing, or maintaining ISMS{{cite web\| title=ISO/IEC 27002:2013\| date=2013-09-25\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=54533\| access-date=2013-09-26\| author=ISO}} "Transition mapping" ISO/IEC 27023 provides a set of tables showing the correspondence between editions 1 and 2 of the standard	1
data-sort-value="27006" \| ISO/IEC 27006	Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems	Published (2015)	Specifies general requirements for a third-party body operating ISMS (in accordance with ISO/IEC 27001:2005) certification/registration has to meet, if it is to be recognized as competent and reliable in the operation of ISMS certification / registration{{cite web\|title=ISO/IEC 27006:2011\|url=http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=59144\|website=ISO\|access-date=2015-09-02}}	1
data-sort-value="27011" \| ITU-T X.1051 / ISO/IEC 27011	Information technology -- Security techniques -- Information security management guidelines for telecommunications organizations based on ISO/IEC 27002	Published (2008)	This recommendation/international standard: a) establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in telecommunications organizations based on ISO/IEC 27002; b) provides an implementation baseline of Information Security Management within telecommunications organizations to ensure the confidentiality, integrity and availability of telecommunications facilities and services{{cite web\|title=ISO/IEC 27011:2008\|url=http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=43751\|website=ISO\|access-date=2015-09-02}}	1
data-sort-value="18033-1" \| ISO/IEC 18033-1	Information technology – Security techniques – Encryption algorithms – Part 1: General	Published (2015)	Specifies encryption systems for the purpose of data confidentiality{{cite web\| title=ISO/IEC 18033-1:2015\| date=2015-07-24\| access-date=2015-08-20\| author=ISO/IEC\| url=http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=54530}}	2
data-sort-value="19772" \| ISO/IEC 19772	Information technology – Security techniques – Authenticated encryption	Published (2009)	Specifies six methods for authenticated encryption with the security objectives of:{{cite web\| access-date=2013-08-23\| author=ISO/IEC\| date=2009-02-12\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=46345\| title=ISO/IEC 19772:2009}} Data confidentiality Data integrity Data origin authentication	2
data-sort-value="15408-1" \| ISO/IEC 15408-1 [http://webarchive.loc.gov/all/20121224191516/http://standards.iso.org/ittf/licence.html free]	Information technology – Security techniques – Evaluation criteria for IT security – Part 1: Introduction and general model	Published (2009, corrected and reprinted 2014)	Establishes the general concepts and principles of IT security evaluation, and specifies the general model of evaluation given by various other parts of ISO/IEC 15408.{{cite web\| title=ISO/IEC 15408-1:2009\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=50341\| date=2015-03-18\| access-date=2015-08-20\| author=ISO}}	3
data-sort-value="19792" \| ISO/IEC 19792	Information technology – Security techniques – Security evaluation of biometrics	Published (2009)	Specifies the subjects to be addressed during the security evaluation of a biometric system{{cite web\| title=ISO/IEC 19792:2009\| access-date=2013-08-23\| author=ISO/IEC\| date=2009-07-30\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=51521}}	3
data-sort-value="27031" \| ISO/IEC 27031	Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity	Published (2011)	Describes the concepts and principles of ICT readiness for business continuity and the method and framework needed to identify aspects in which to improve it.{{cite web\| title=ISO/IEC 27031:2011\| date=2011-03-01\| access-date=2013-08-22\| author= ISO/IEC\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=44374}}	4
data-sort-value="27034-01" \| ISO/IEC 27034-1	Information technology – Security techniques – Application security – Part 1: Overview and concepts	Published (2011)	Addresses the management needs for ensuring the security of applications and presents an overview of application security through the introduction of definitions, concepts, principles and processes{{cite web\| title=ISO/IEC 27034-1:2011\| author=ISO/IEC\| date=2011-11-21\| access-date=2013-08-22\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=44378}}	4
data-sort-value="27035" \| ISO/IEC 27035	Information technology -- Security techniques -- Information security incident management	Published (2011)	Provides a structured and planned approach to:{{cite web\| title=ISO/IEC 27035:2011\| date=2011-08-17\| access-date=2013-08-22\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=44379\| author=ISO/IEC}} Detect, report, and assess information security incidents Respond to and manage information security incidents Detect, assess, and manage information security vulnerabilities	4
data-sort-value="27037" \| ISO/IEC 27037	Information technology – Security techniques – Guidelines for identification, collection, acquisition and preservation of digital evidence	Published (2012)	Provides guidance for the handling of digital evidence that could be of evidential value{{cite web\| title=ISO/IEC 27037:2012\| access-date=2013-09-26\| author=ISO\| date=2012-10-15\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=44381}}	4
data-sort-value="24760-1" \| ISO/IEC 24760-1 [http://standards.iso.org/ittf/PubliclyAvailableStandards/c057914_ISO_IEC_24760-1_2011.zip free]	Information technology – Security techniques – A framework for identity management – Part 1: Terminology and concepts	Published (2011)	Provides a framework for the secure and reliable management of identities by:{{cite report\| title=Report on ISO/IEC/JTC1/SC27 Activities in Digital Identities\| date=2006-12-05\| author=Brackney, Dick\| type=Presentation\| access-date=2013-08-22\| url=http://www.itu.int/dms_pub/itu-t/oth/06/04/T06040050030001PDFE.pdf}} Defining the terms for identity management Specifying the core concepts of identity and identity management{{cite web\| title=ISO/IEC 24760-1:2011\| author=ISO/IEC\| date=2011-12-07\| access-date=2013-08-22\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=57914}}	5
data-sort-value="24760-2" \| ISO/IEC 24760-2	Information technology - Security techniques - A framework for identity management - Part 2: Reference architecture and requirements	Published (2015)	Provides guidelines for the implementation of systems for the management of identity information and specifies requirements for the implementation and operation of a framework for identity management.{{cite web\|title=ISO/IEC 24760-2\|url=http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=57915\|website=ISO\|access-date=2015-08-20}}	5
data-sort-value="24761" \| ISO/IEC 24761	Information technology – Security techniques – Authentication context for biometrics	Published (2009)	Specifies the structure and data elements of Authentication Context for Biometrics (ACBio), which checks the validity of biometric verification process results{{cite web\| title=ISO/IEC 24761:2009\| access-date=2013-08-23\| author=ISO/IEC\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=41531\| date=2009-05-11}}	5
data-sort-value="29100" \| ISO/IEC 29100 [http://standards.iso.org/ittf/PubliclyAvailableStandards/c045123_ISO_IEC_29100_2011.zip free]	Information technology – Security techniques – Privacy framework	Published (2011)	Provides a privacy framework that:{{cite web\| date=2011-12-05\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=45123\| access-date=2013-09-26\| author=ISO\| title=ISO/IEC 29100:2011}} Specifies a common privacy terminology Describes privacy safeguarding considerations Provides references to known privacy principles for IT	5
data-sort-value="29101" \| ISO/IEC 29101	Information technology – Security techniques – Privacy architecture framework	Published (2013)	Defines a privacy architecture framework that:{{cite web\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=45124\| access-date=2013-12-12\| date=2013-10-16\| author=ISO\| title=ISO/IEC 29101:2013\| edition=1}} Specifies concerns for ICT systems that process PII Lists components for the implementation of such systems Provides architectural views contextualizing these components Applicable to entities involved in specifying, procuring, designing, testing, maintaining, administering and operating ICT systems that process PII. Focuses primarily on ICT systems that are designed to interact with PII principals.	5

References

External links

[http://www.jtc1sc27.din.de/cmd?level=tpl-home&contextid=jtc1sc27&languageid=en ISO/IEC JTC 1/SC 27 home page]
[http://www.iso.org/iso/home/standards_development/list_of_iso_technical_committees/iso_technical_committee.htm?commid=45306 ISO/IEC JTC 1/SC 27 page at ISO]
[http://www.jtc1.org ISO/IEC Joint Technical Committee 1 - Information Technology (public website)]
[http://www.iso.org/jtc1 ISO/IEC Joint Technical Committee 1 (Livelink password-protected available documents)]
[http://www.iso.org/jtc1 ISO/IEC Joint Technical Committee 1 (freely available documents), JTC 1 Supplement, Standing Documents and Templates]
[http://www.iso.org/directives ISO and IEC procedural documentation]
[http://www.iso.org/patents ISO DB Patents (including JTC 1 patents)]
[http://www.itu.int/ITU-T/studygroups/com17/index.html ITU-T Study Group 17 (SG17)]
[http://www.iso.ch ISO International Organization for Standardization]
[http://www.iec.ch IEC International Electrotechnical Commission]
[http://www.jtc1sc27.din.de/sbe/sd7 Access to ISO/IEC JTC 1/SC 27 Freely Available Standards]

#027

Category:Identity management initiative

Category:Information assurance standards

class="wikitable sortable" width="100%" ! data-sort-type="number" width="14%" \| ISO/IEC Standard ! width="29%" \| Title ! width="6%" \| Status ! width="49%" \| Description ! width= "2%" \| WG
data-sort-value="27000" \| ISO/IEC 27000 [http://webarchive.loc.gov/all/20121224191516/http://standards.iso.org/ittf/licence.html free]	Information technology – Security techniques – Information security management systems – Overview and vocabulary	Published (2018)	Describes the overview and vocabulary of ISMS{{cite web\| title=ISO/IEC 27000:2014\| author=ISO\| access-date=2015-08-20\| url=http://www.iso.org/iso/catalogue_detail?csnumber=63411\| date=2014-01-15}}	1
data-sort-value="27001" \| ISO/IEC 27001	Information technology – Security techniques – Information security management systems – Requirements	Published (2013)	Specifies the requirements for establishing, implementing, monitoring, and maintaining documented a documented ISMS within an organization.{{cite web\| title=ISO/IEC 27001:2013\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=54534\| date=2013-09-25\| access-date=2013-09-26\| author=ISO}} "Transition mapping" ISO/IEC 27023 provides a set of tables showing the correspondence between editions 1 and 2 of the standard	1
data-sort-value="27002" \| ISO/IEC 27002	Information technology – Security techniques – Code of practice for information security controls	Published (2013)	Provides guidelines for information security management practices for use by those selecting, implementing, or maintaining ISMS{{cite web\| title=ISO/IEC 27002:2013\| date=2013-09-25\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=54533\| access-date=2013-09-26\| author=ISO}} "Transition mapping" ISO/IEC 27023 provides a set of tables showing the correspondence between editions 1 and 2 of the standard	1
data-sort-value="27006" \| ISO/IEC 27006	Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems	Published (2015)	Specifies general requirements for a third-party body operating ISMS (in accordance with ISO/IEC 27001:2005) certification/registration has to meet, if it is to be recognized as competent and reliable in the operation of ISMS certification / registration{{cite web\|title=ISO/IEC 27006:2011\|url=http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=59144\|website=ISO\|access-date=2015-09-02}}	1
data-sort-value="27011" \| ITU-T X.1051 / ISO/IEC 27011	Information technology -- Security techniques -- Information security management guidelines for telecommunications organizations based on ISO/IEC 27002	Published (2008)	This recommendation/international standard: a) establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in telecommunications organizations based on ISO/IEC 27002; b) provides an implementation baseline of Information Security Management within telecommunications organizations to ensure the confidentiality, integrity and availability of telecommunications facilities and services{{cite web\|title=ISO/IEC 27011:2008\|url=http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=43751\|website=ISO\|access-date=2015-09-02}}	1
data-sort-value="18033-1" \| ISO/IEC 18033-1	Information technology – Security techniques – Encryption algorithms – Part 1: General	Published (2015)	Specifies encryption systems for the purpose of data confidentiality{{cite web\| title=ISO/IEC 18033-1:2015\| date=2015-07-24\| access-date=2015-08-20\| author=ISO/IEC\| url=http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=54530}}	2
data-sort-value="19772" \| ISO/IEC 19772	Information technology – Security techniques – Authenticated encryption	Published (2009)	Specifies six methods for authenticated encryption with the security objectives of:{{cite web\| access-date=2013-08-23\| author=ISO/IEC\| date=2009-02-12\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=46345\| title=ISO/IEC 19772:2009}} Data confidentiality Data integrity Data origin authentication	2
data-sort-value="15408-1" \| ISO/IEC 15408-1 [http://webarchive.loc.gov/all/20121224191516/http://standards.iso.org/ittf/licence.html free]	Information technology – Security techniques – Evaluation criteria for IT security – Part 1: Introduction and general model	Published (2009, corrected and reprinted 2014)	Establishes the general concepts and principles of IT security evaluation, and specifies the general model of evaluation given by various other parts of ISO/IEC 15408.{{cite web\| title=ISO/IEC 15408-1:2009\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=50341\| date=2015-03-18\| access-date=2015-08-20\| author=ISO}}	3
data-sort-value="19792" \| ISO/IEC 19792	Information technology – Security techniques – Security evaluation of biometrics	Published (2009)	Specifies the subjects to be addressed during the security evaluation of a biometric system{{cite web\| title=ISO/IEC 19792:2009\| access-date=2013-08-23\| author=ISO/IEC\| date=2009-07-30\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=51521}}	3
data-sort-value="27031" \| ISO/IEC 27031	Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity	Published (2011)	Describes the concepts and principles of ICT readiness for business continuity and the method and framework needed to identify aspects in which to improve it.{{cite web\| title=ISO/IEC 27031:2011\| date=2011-03-01\| access-date=2013-08-22\| author= ISO/IEC\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=44374}}	4
data-sort-value="27034-01" \| ISO/IEC 27034-1	Information technology – Security techniques – Application security – Part 1: Overview and concepts	Published (2011)	Addresses the management needs for ensuring the security of applications and presents an overview of application security through the introduction of definitions, concepts, principles and processes{{cite web\| title=ISO/IEC 27034-1:2011\| author=ISO/IEC\| date=2011-11-21\| access-date=2013-08-22\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=44378}}	4
data-sort-value="27035" \| ISO/IEC 27035	Information technology -- Security techniques -- Information security incident management	Published (2011)	Provides a structured and planned approach to:{{cite web\| title=ISO/IEC 27035:2011\| date=2011-08-17\| access-date=2013-08-22\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=44379\| author=ISO/IEC}} Detect, report, and assess information security incidents Respond to and manage information security incidents Detect, assess, and manage information security vulnerabilities	4
data-sort-value="27037" \| ISO/IEC 27037	Information technology – Security techniques – Guidelines for identification, collection, acquisition and preservation of digital evidence	Published (2012)	Provides guidance for the handling of digital evidence that could be of evidential value{{cite web\| title=ISO/IEC 27037:2012\| access-date=2013-09-26\| author=ISO\| date=2012-10-15\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=44381}}	4
data-sort-value="24760-1" \| ISO/IEC 24760-1 [http://standards.iso.org/ittf/PubliclyAvailableStandards/c057914_ISO_IEC_24760-1_2011.zip free]	Information technology – Security techniques – A framework for identity management – Part 1: Terminology and concepts	Published (2011)	Provides a framework for the secure and reliable management of identities by:{{cite report\| title=Report on ISO/IEC/JTC1/SC27 Activities in Digital Identities\| date=2006-12-05\| author=Brackney, Dick\| type=Presentation\| access-date=2013-08-22\| url=http://www.itu.int/dms_pub/itu-t/oth/06/04/T06040050030001PDFE.pdf}} Defining the terms for identity management Specifying the core concepts of identity and identity management{{cite web\| title=ISO/IEC 24760-1:2011\| author=ISO/IEC\| date=2011-12-07\| access-date=2013-08-22\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=57914}}	5
data-sort-value="24760-2" \| ISO/IEC 24760-2	Information technology - Security techniques - A framework for identity management - Part 2: Reference architecture and requirements	Published (2015)	Provides guidelines for the implementation of systems for the management of identity information and specifies requirements for the implementation and operation of a framework for identity management.{{cite web\|title=ISO/IEC 24760-2\|url=http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=57915\|website=ISO\|access-date=2015-08-20}}	5
data-sort-value="24761" \| ISO/IEC 24761	Information technology – Security techniques – Authentication context for biometrics	Published (2009)	Specifies the structure and data elements of Authentication Context for Biometrics (ACBio), which checks the validity of biometric verification process results{{cite web\| title=ISO/IEC 24761:2009\| access-date=2013-08-23\| author=ISO/IEC\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=41531\| date=2009-05-11}}	5
data-sort-value="29100" \| ISO/IEC 29100 [http://standards.iso.org/ittf/PubliclyAvailableStandards/c045123_ISO_IEC_29100_2011.zip free]	Information technology – Security techniques – Privacy framework	Published (2011)	Provides a privacy framework that:{{cite web\| date=2011-12-05\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=45123\| access-date=2013-09-26\| author=ISO\| title=ISO/IEC 29100:2011}} Specifies a common privacy terminology Describes privacy safeguarding considerations Provides references to known privacy principles for IT	5
data-sort-value="29101" \| ISO/IEC 29101	Information technology – Security techniques – Privacy architecture framework	Published (2013)	Defines a privacy architecture framework that:{{cite web\| url=http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=45124\| access-date=2013-12-12\| date=2013-10-16\| author=ISO\| title=ISO/IEC 29101:2013\| edition=1}} Specifies concerns for ICT systems that process PII Lists components for the implementation of such systems Provides architectural views contextualizing these components Applicable to entities involved in specifying, procuring, designing, testing, maintaining, administering and operating ICT systems that process PII. Focuses primarily on ICT systems that are designed to interact with PII principals.	5