JTC 1/SC 27Security Techniques - Översikt arbetsgrupper och standarder

Transcription

1 JTC 1/SC 27Security Techniques - Översikt arbetsgrupper och standarder WG 1 Information security management systems WG 2 Cryptography and security mechanisms WG 3 Security evaulation criteria WG 4 Security controls and services WG 5 Identity management and privacy technologies WG 1 AG 11 Ledningssystem Lars Söderlund ISO/IEC :2004 Information technology -- Security techniques -- Management of information and communications technology security -- Part 1: Concepts and models for information and communications technology security management ISO/IEC 27000:2009 Information technology -- Security Bengt Rydstedt techniques -- Information security management systems -- Overview and vocabulary ISO/IEC NP Information technology -- Security techniques -Lars Söderlund - Information security management systems -- Requirements ISO/IEC 27001:2005 Information technology -- Security techniques -- Information security management systems -- Requirements ISO/IEC NP Information technology -- Security techniques -Lars Söderlund - Code of practice for information security management ISO/IEC 27002:2005 Information technology -- Security techniques -- Code of practice for information security management ISO/IEC Information technology -- Security techniques -- Information security management system implementation guidance ISO/IEC 27006:2007 Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems ISO/IEC NP Information security management guidelines for inter-sector communications Wiggo Öberg 1

2 ISO/IEC 27011:2008 Information technology -- Security techniques -- Information security management guidelines for telecommunications organizations based on ISO/IEC ISO/IEC NP 27013, Guidance on the integrated implementation of ISO/IEC and ISO/IEC ISO/IEC NP 27015, Guidelines for Information security management system for financial and insurance services sector Jan Branzell Hans Peterson Study Period Economics Per Oscarson AG 12 Mätning Lars Gunnerholm ISO/IEC Information technology -- Security techniques -- Information security management -- Measurement AG 13 Risk och revision Anders Carlstedt ISO/IEC 27005:2008 Information technology -- Security techniques -- Information security risk management ISO/IEC CD Information technology -- Security techniques -Anders Carlstedt - Guidelines for information security management systems auditing ISO/IEC WD Guidance for auditors on ISMS controls Susan Ström ISO/IEC NP 27014, Information security governance framework Susan Ström ISO Guidelines for management systems auditing Anders Carlstedt WG 2 AG 21 Kryptografi Pär Holm tf. ISO/IEC 7064:2003 Information technology -- Security techniques -- Check character systems ISO/IEC CD Information technology -- Security techniques -- Digital signature schemes giving message recovery -- Part 2: Integer factorization based mechanisms ISO/IEC :2002 Information technology -- Security techniques -- Digital signature schemes giving message recovery -- Part 2: Integer factorization based mechanisms ISO/IEC :2002/Amd 1:2008 ISO/IEC :2006 Information technology -- Security techniques -- Digital signature schemes giving message recovery -- Part 3: Discrete logarithm based mechanisms ISO/IEC FCD Information technology -- Security techniques -- Message Authentication Codes (MACs) -- Part 1: Mechanisms using a block cipher 2

3 ISO/IEC :1999 Information technology -- Security techniques -- Message Authentication Codes (MACs) -- Part 1: Mechanisms using a block cipher ISO/IEC :2002 Information technology -- Security techniques -- Message Authentication Codes (MACs) -- Part 2: Mechanisms using a dedicated hash-function ISO/IEC FCD Information technology -- Security techniques -- Message Authentication Codes (MACs) -- Part 2: Mechanisms using a dedicated hash-function ISO/IEC WD Information technology -- Security techniques -- Message Authentication Codes (MACs) -- Part 3: Mechanisms using a universal hash-function ISO/IEC FCD Information technology -- Security techniques -- Entity authentication -- Part 1: General ISO/IEC :1997 Information technology -- Security techniques -- Entity authentication -- Part 1: General ISO/IEC :2008 Information technology -- Security techniques -- Entity authentication -- Part 2: Mechanisms using symmetric encipherment algorithms ISO/IEC :2008/CD Cor 1 ISO/IEC :1998 Information technology -- Security techniques -- Entity authentication -- Part 3: Mechanisms using digital signature techniques ISO/IEC :1998/FPDAmd 1 Three-party entity authentification ISO/IEC :1998/CD Cor 1 ISO/IEC :1999 Information technology -- Security techniques -- Entity authentication -- Part 4: Mechanisms using a cryptographic check function ISO/IEC :1999/CD Cor 1 ISO/IEC FCD Information technology -- Security techniques -- Entity authentication -- Part 5: Mechanisms using zero-knowledge techniques ISO/IEC :2004 Information technology -- Security techniques -- Entity authentication -- Part 5: Mechanisms using zero-knowledge techniques 3

4 ISO/IEC CD Information technology -- Security techniques -- Entity authentication -- Part 6: Mechanisms using manual data transfer ISO/IEC :2005 Information technology -- Security techniques -- Entity authentication -- Part 6: Mechanisms using manual data transfer ISO/IEC :2005/CD Cor 1 ISO/IEC 10116:2006 Information technology -- Security techniques -- Modes of operation for an n-bit block cipher ISO/IEC 10116:2006/Cor 1:2008 ISO/IEC :2000 Information technology -- Security techniques -- Hash-functions -- Part 1: General ISO/IEC :2000 Information technology -- Security techniques -- Hash-functions -- Part 2: Hash-functions using an n- bit block cipher ISO/IEC FCD Information technology -- Security techniques -- Hash-functions -- Part 2: Hash-functions using an n- bit block cipher ISO/IEC :2000/Cor 2:2007 ISO/IEC :2004 Information technology -- Security techniques -- Hash-functions -- Part 3: Dedicated hash-functions ISO/IEC :2004/Amd 1:2006 Dedicated Hash-Function 8 (SHA-224) ISO/IEC :1998 Information technology -- Security techniques -- Hash-functions -- Part 4: Hash-functions using modular arithmetic ISO/IEC FCD Information technology -- Security techniques -- Key management -- Part 1: Framework ISO/IEC :1996 Information technology -- Security techniques -- Key management -- Part 1: Framework ISO/IEC :2008 Information technology -- Security techniques -- Key management -- Part 2: Mechanisms using symmetric techniques ISO/IEC :2008/CD Cor 1 4

5 ISO/IEC :2008 Information technology -- Security techniques -- Key management -- Part 3: Mechanisms using asymmetric techniques ISO/IEC :2008/CD Cor 1 ISO/IEC :2006 Information technology -- Security techniques -- Key management -- Part 4: Mechanisms based on weak secrets ISO/IEC :2006/CD Cor 1 ISO/IEC :2004 IT security techniques -- Non-repudiation - - Part 1: General ISO/IEC Information technology -- Security techniques -- Non-repudiation -- Part 1: General ISO/IEC FCD Information technology -- Security techniques -- Non-repudiation -- Part 2: Mechanisms using symmetric techniques ISO/IEC :1998 Information technology -- Security techniques -- Non-repudiation -- Part 2: Mechanisms using symmetric techniques ISO/IEC FCD Information technology -- Security techniques -- Non-repudiation -- Part 3: Mechanisms using asymmetric techniques ISO/IEC :1997 Information technology -- Security techniques -- Non-repudiation -- Part 3: Mechanisms using asymmetric techniques ISO/IEC :2008 Information technology -- Security techniques -- Digital signatures with appendix -- Part 1: General ISO/IEC :2008 Information technology -- Security techniques -- Digital signatures with appendix -- Part 2: Integer factorization based mechanisms ISO/IEC :2006 Information technology -- Security techniques -- Digital signatures with appendix -- Part 3: Discrete logarithm based mechanisms ISO/IEC :2006/Cor 1:2007 ISO/IEC :2006/FPDAmd 1 ISO/IEC :2006/Cor 2:2009 5

6 ISO/IEC :2008 Information technology -- Security techniques -- Cryptographic techniques based on elliptic curves -- Part 1: General ISO/IEC :2008/Cor 1:2009 ISO/IEC FCD Information technology -- Security techniques -- Cryptographic techniques based on elliptic curves -- Part 5: Elliptic curve generation ISO/IEC :2008 Information technology -- Security techniques -- Time-stamping services -- Part 1: Framework ISO/IEC FCD Information technology -- Security techniques -- Time-stamping services -- Part 2: Mechanisms producing independent tokens ISO/IEC :2002 Information technology -- Security techniques -- Time-stamping services -- Part 2: Mechanisms producing independent tokens ISO/IEC :2004 Information technology -- Security techniques -- Time-stamping services -- Part 3: Mechanisms producing linked tokens ISO/IEC FCD Information technology -- Security techniques -- Time-stamping services -- Part 3: Mechanisms producing linked tokens ISO/IEC 18031:2005 Information technology -- Security techniques -- Random bit generation ISO/IEC 18031:2005/Cor 1:2009 ISO/IEC 18032:2005 Information technology -- Security techniques -- Prime number generation ISO/IEC :2005 Information technology -- Security techniques -- Encryption algorithms -- Part 1: General ISO/IEC NP Information technology -- Security techniques -- Encryption algorithms -- Part 1: General ISO/IEC :2005/FPDAmd 1 ISO/IEC :2006 Information technology -- Security techniques -- Encryption algorithms -- Part 2: Asymmetric ciphers ISO/IEC NP Information technology -- Security techniques -- Encryption algorithms -- Part 3: Block ciphers 6

7 WG 3 AG 31 Kravställning och verifiering ISO/IEC :2005 Information technology -- Security techniques -- Encryption algorithms -- Part 3: Block ciphers ISO/IEC :2005/Cor 1:2006 ISO/IEC :2005/Cor 2:2007 ISO/IEC :2005/Cor 3:2008 ISO/IEC NP Information technology -- Security techniques -- Encryption algorithms -- Part 4: Stream ciphers ISO/IEC :2005 Information technology -- Security techniques -- Encryption algorithms -- Part 4: Stream ciphers ISO/IEC :2005/FPDAmd 1.2 Titre manque ISO/IEC 19772:2009 Information technology -- Security techniques -- Authenticated encryption ISO/IEC 24761:2009 Information technology -- Security techniques -- Authentication context for biometrics ISO/IEC NP IT Security Techniques - signcryption ISO/IEC WD Proposal on lightweight cryptography ISO/IEC 15292:2001 Information technology - Security techniques - Protection Profile registration procedures ISO/IEC FCD Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 1: Introduction and general model ISO/IEC :2005 Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 1: Introduction and general model ISO/IEC :2008 Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 2: Security functional components ISO/IEC :2008 Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 3: Security assurance components ISO/IEC TR 15446:2009 Information technology -- Security techniques -- Guide for the production of Protection Profiles and Security Targets ISO/IEC 18045:2008 Information technology -- Security techniques -- Methodology for IT security evaluation 7

8 ISO/IEC 19790:2006 Information technology -- Security techniques -- Security requirements for cryptographic modules WG 4 AG 41 Säkerhetsåtgärder och tjänster Vakant ISO/IEC NP Information technology -- Security techniques - - Security requirements for cryptographic modules ISO/IEC 19790:2006/Cor 1:2008 ISO/IEC DTR Information technology -- Security techniques -- Security assessment of operational systems ISO/IEC TR 19791:2006 Information technology -- Security techniques -- Security assessment of operational systems ISO/IEC FDIS Information technology -- Security techniques -- Security evaluation of biometrics ISO/IEC 21827:2008 Information technology -- Security techniques -- Systems Security Engineering -- Capability Maturity Model (SSE-CMM ) ISO/IEC 24759:2008 Information technology -- Security techniques -- Test requirements for cryptographic modules ISO/IEC WD Verification of cryptographic protocols ISO/IEC NP Information technology - Security techniques - Responsible Vulnerability Disclosure ISO/IEC :2009 Information technology -- Trusted Platform Module -- Part 1: Overview ISO/IEC :2009 Information technology -- Trusted Platform Module -- Part 2: Design principles ISO/IEC :2009 Information technology -- Trusted Platform Module -- Part 3: Structures ISO/IEC :2009 Information technology -- Trusted Platform Module -- Part 4: Commands ISO/IEC TR 14516:2002 Information technology -- Security techniques -- Guidelines for the use and management of Trusted Third Party services ISO/IEC NP TR Information technology -- Security techniques -- A framework for IT security assurance -- Part 1: Overview and framework 8

9 ISO/IEC TR :2005 Information technology -- Security techniques -- A framework for IT security assurance -- Part 1: Overview and framework ISO/IEC NP TR Information technology -- Security techniques -- A framework for IT security assurance -- Part 2: Assurance methods ISO/IEC TR :2005 Information technology -- Security techniques -- A framework for IT security assurance -- Part 2: Assurance methods ISO/IEC NP TR Information technology -- Security techniques -- A framework for IT security assurance -- Part 3: Analysis of assurance methods ISO/IEC TR :2007 Information technology -- Security techniques -- A framework for IT security assurance -- Part 3: Analysis of assurance methods ISO/IEC 15816:2002 Information technology -- Security techniques -- Security information objects for access control ISO/IEC 15945:2002 Information technology -- Security techniques -- Specification of TTP services to support the application of digital signatures ISO/IEC :2006 Information technology -- Security techniques -- IT network security -- Part 1: Network security management ISO/IEC :2006 Information technology -- Security techniques -- IT network security -- Part 2: Network security architecture ISO/IEC :2005 Information technology -- Security techniques -- IT network security -- Part 3: Securing communications between networks using security gateways ISO/IEC :2005 Information technology -- Security techniques -- IT network security -- Part 4: Securing remote access ISO/IEC :2006 Information technology -- Security techniques -- IT network security -- Part 5: Securing communications across networks using virtual private networks 9

10 ISO/IEC 18043:2006 Information technology -- Security techniques -- Selection, deployment and operations of intrusion detection systems ISO/IEC TR 18044:2004 Information technology -- Security techniques Information security incident management ISO/IEC 24762:2008 Information technology -- Security techniques -- Guidelines for information and communications technology disaster recovery services ISO/IEC WD ICT readiness for business continuity ISO/IEC WD Guidelines for cybersecurity. Jan Branzell Christine Haeberlein ISO/IEC NP Information technology -- IT Network security ISO/IEC FCD Information technology -- Security techniques -- IT network security -- Part 1: Guidelines for network security ISO/IEC WD Information technology -- Security techniques -- IT network security -- Part 2: Guidelines for the design and implementation of network security ISO/IEC CD Information technology -- Security techniques -- IT network security -- Part 3: Reference networking scenarios -- Risks, design techniques and control issues ISO/IEC NP Information technology -- Security techniques -- IT network security -- Part 4: Securing communications between networks using security gateways - Risks, design techniques and control issues ISO/IEC NP Information technology -- Security techniques -- IT network security -- Part 5: Securing virtual private networks - Risks, design techniques and control issues ISO/IEC NP Information technology -- Security techniques -- IT network security -- Part 6: IP convergence ISO/IEC NP Information technology -- Security techniques -- IT network security -- Part 7: Wireless ISO/IEC WD Guidelines for application security -- Part 1: Overview and concepts 10

11 WG 5 ISO/IEC CD Information technology - Security techniques --Jan Branzell Information security incident management ISO/IEC NP Information technology - Security techniques - Christine Haeberlein Guidelines for security of outsourcing ISO/IEC WD TR Best Practices on stamping services AG 42 Digital bevissäkring Dan Larsson ISO/IEC NP Information technology - Security techniques - Dan Larsson Guidelines for identification, Collection and/or acquisition and preservation of digital evidence AG 51 Integritetsskydd och Hans Hedbom ISO/IEC CD Information technology -- Biometric template ID-hantering protection ISO/IEC WD Information Technology -- Security Hans Hedbom Techniques -- A Framework for Identity Management ISO/IEC CD Information technology -- Security techniques -Hans Hedbom - Privacy framework ISO/IEC WD Information technology -- Security techniques -- Privacy reference architecture ISO/IEC NP Information technology - Security techniques - A framework for access management ISO/IEC WD Information technology -- Security techniques -- Entity authentication assurance 11