Part 2: ICT security standards and guidance documents

Transcription

1 Part 2: ICT security standards and guidance documents Version 3.0 April, 2007 Introduction The purpose of this part of the Security Standards Roadmap is to provide a summary of existing, approved ICT security standards. Part 3 of the Roadmap will address standards that are under development. The standards are listed by topic. Initially, the taxonomy for listing the standards will be kept very simple to ease the task of compilation. However, it is anticipated that the taxonomy will be expanded as the number of entries grows and as the editors gain experience in presenting the entries. It is also likely that some standards will occupy more than one category within the taxonomy. Each entry provides the title of the standard, a short abstract or description, a document reference (e.g. ITU-T Rec. X.800, ISO/IEC 17799, IETF RFC 3631) the date of publication/approval and the responsible SDO. There is also provision for a short comment or linkage to the standard where it is available on-line. This section includes standards of ATIS, ETSI, IEEE, IETF, ISO/IEC JTC 1, and ITU-T. Standards of other SDOs will be included as the Roadmap becomes more established. [Note: the listing of standards included in this section is not yet complete. In particular, the ISO/IEC listings are incomplete in that they include only standards from a subset of the Technical Committees.]. Taxonomy The initial taxonomy chosen for this Roadmap is fairly simple though categories are likely to be added as the Roadmap is developed and expands. Currently, standards are listed under the following primary categories: General ICT security guidance documents Security Architectures, Models and Frameworks Security management standards and guidance documents Security policy and policy mechanisms Security assessment and evaluation criteria Baseline security requirements

2 Intrusion Detection Security services Generic Security Services Access Control services Authentication Services Trusted Third Party services Audit and Alarms services Security mechanisms Authentication mechanisms Confidentiality mechanisms i. Encryption Algorithms & techniques ii. Key Management iii. Miscellaneous cryptographic mechanisms Integrity mechanisms i. Check systems ii. Hash Functions Non-repudiation mechanisms i. Trusted Third party mechanisms ii. Digital Signature mechanisms iii. Time Stamping Network security Transport Layer security Application layer security Security protocol standards Secure messaging PKI and Directory standards Disaster Recovery Next Generation Networks Security terminology and glossaries

3 Security management Sector-specific security standards Multimedia Security of television signals and services Facsimile Mobile Satellite Lawful intercept Miscelaneous Acronyms and Abbreviations CD Committee Draft (ISO/IEC) Cor - Corrigendum BCP Best Current Practice (IETF) ETSI European Telecommunications Standards Institute EG ETSI Guide EN European Standard ES ETSI Standard FCD Final Committee Draft (ISO/IEC) PDTR Proposed Draft Technical Report (ISO/IEC) FDIS Final Draft International Standard (ISO/IEC) IEEE Institute of Electrical and Electronics Engineers IETF Internet Engineering Task Force Info. Informational (IETF) IS International Standard (ISO/IEC) ISO/IEC International Organization for Standardization/International Electrotechnical Commission ITU-T International Telecommunication Union, Telecommunication Standardization Sector JTC 1 Joint Technical Committee 1 (of ISO/IEC) MI Miscellaneous deliverable (ETSI) NP New work Proposal (ISO/IEC) PP Pre-published document (ATIS)

4 Rec. ITU-T Recommendation RFC Request for Comment (IETF) SC Subcommittee (of ISO/IEC JTC 1) SD Standing Document (ISO/IEC JTC1 SC27) SG Study Group (of ITU-T) SR Special Report (ETSI) TR Technical Report (ISO/IEC) TS Technical Specification (ETSI) WD Working Draft (ISO/IEC) How to use the Security Standards Database The hot link to the Security Standards Database is given below. The user may select one of two views: the Organizational View lists standards by participating organization; the Functional View lists standards by topic. Under the Functional View, opening a topic folder will provide a list of the standards included under that particular topic. More details on any particular standard are available by clicking on the link to standard. This takes the user to a new summary view entitled Work Item Details. Additional information is available about the group responsible for the standard and about the standard itself from this view. By selecting the standard (as listed in the Reference box of the Work Item View) a link is provided either to the standard itself or to the source of the standard. (Note: some organizations make their standards freely available while other organizations charge for their standards.) Under the Organizational View, standards are listed under the responsible organization and subgroup. As with the Functional View, selecting the standard itself takes the user to the Work Item View mentioned above.

5