35.030 – IT Security – PDF Standards Store ?u= Wed, 06 Nov 2024 02:56:17 +0000 en-US hourly 1 https://wordpress.org/?v=6.7.1 ?u=/wp-content/uploads/2024/11/cropped-icon-150x150.png 35.030 – IT Security – PDF Standards Store ?u= 32 32 JIS X 5094:2019 ?u=/product/publishers/jis/jis-x-50942019/ Wed, 06 Nov 2024 02:56:17 +0000 Technical requirements for TAA to certify UTC-traceability
Published By Publication Date Number of Pages
JIS 2019-03-20 25
]]> This Standard

— defines the functionality of the time assessment authority (TAA),

— describes an overall architecture for providing the time to the time-stamping authority (TSA) and to guarantee the correctness of it through the use of the TAA, and

— gives technical guidelines for the TAA to provide, and to provide assurance in, a trusted time source to the TSA.

NOTE The International Standard corresponding to this Standard and the symbol of degree of correspondence are as follows.

ISO/IEC 18014-4 : 2015 Information technology — Security techniques — Time-stamping services — Part 4 : Traceability of time sources (MOD)

In addition, symbols which denote the degree of correspondence in the contents between the relevant International Standards and JIS are IDT (identical), MOD (modified), and NEQ (not equivalent) according to ISO/IEC Guide 21-1.

]]> IWA 17:2014 ?u=/product/publishers/iso/iwa-172014/ Wed, 06 Nov 2024 01:35:44 +0000 Information and operations security and integrity requirements for lottery and gaming organizations
Published By Publication Date Number of Pages
ISO 2014-12 22
]]> IWA 17:2014 covers all types of lottery and gaming organizations, including commercial enterprises, government agencies and non-profit organizations. IWA 17:2014 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented security and integrity system within the context of the organization's overall risks. It specifies the requirements for the implementation of security and integrity controls applicable to the needs of individual organizations, so that the security and integrity management systems can be designed to ensure the selection of adequate and proportionate security and integrity controls that protect assets and give confidence to interested parties.

The requirements set out in IWA 17:2014 are generic and are intended to be applicable to all organizations, regardless of type, size and nature.

]]> ISO/TS 23635:2022 ?u=/product/publishers/iso/iso-ts-236352022/ Wed, 06 Nov 2024 01:33:39 +0000 Blockchain and distributed ledger technologies - Guidelines for governance
Published By Publication Date Number of Pages
ISO 2022-02 36
]]> This document provides guiding principles and a framework for the governance of DLT systems.

The document also provides guidance on the fulfilment of governance, including risk and regulatory contexts, that supports the effective, efficient, and acceptable use of DLT systems.

]]> ISO/TS 23258:2021 ?u=/product/publishers/iso/iso-ts-232582021/ Wed, 06 Nov 2024 01:33:33 +0000 Blockchain and distributed ledger technologies - Taxonomy and Ontology
Published By Publication Date Number of Pages
ISO 2021-11 36
]]> This document specifies a taxonomy and an ontology for blockchain and distributed ledger technologies (DLT). The taxonomy includes a taxonomy of concepts, a taxonomy of DLT systems and a taxonomy of application domains, purposes and economy activity sections for use cases. The ontology includes classes and attributes as well as relations between concepts.

The audience includes but is not limited to academics, architects, customers, users, tool developers, regulators, auditors and standards development organizations.

]]> ISO/TS 21177:2019 ?u=/product/publishers/iso/iso-ts-211772019/ Wed, 06 Nov 2024 01:31:34 +0000 Intelligent transport systems — ITS station security services for secure session establishment and authentication between trusted devices
Published By Publication Date Number of Pages
ISO 2019-08 96
]]> This document contains specifications for a set of ITS station security services required to ensure the authenticity of the source and integrity of information exchanged between trusted entities:

— devices operated as bounded secured managed entities, i.e. "ITS Station Communication Units" (ITS-SCU) and "ITS station units" (ITS-SU) specified in ISO 21217, and

— between ITS-SUs (composed of one or several ITS-SCUs) and external trusted entities such as sensor and control networks.

These services include authentication and secure session establishment which are required to exchange information in a trusted and secure manner.

These services are essential for many ITS applications and services including time-critical safety applications, automated driving, remote management of ITS stations (ISO 24102-2[5]), and roadside/infrastructure related services.

]]> ISO/TR 23576:2020 ?u=/product/publishers/iso/iso-tr-235762020/ Wed, 06 Nov 2024 01:16:31 +0000 Blockchain and distributed ledger technologies — Security management of digital asset custodians
Published By Publication Date Number of Pages
ISO 2020-12 42
]]> This document discusses the threats, risks, and controls related to:

— systems that provide digital asset custodian services and/or exchange services to their customers (consumers and businesses) and management of security when an incident occurs;

— asset information (including the signature key of the digital asset) that a custodian of digital assets manages.

This document is addressed to digital asset custodians that manage signature keys associated with digital asset accounts. In such a case, certain specific recommendations apply.

The following is out of scope of this document:

— core security controls of blockchain and DLT systems;

— business risks of digital asset custodians;

— segregation of customer's assets;

— governance and management issues.

]]> ISO/TR 23455:2019 ?u=/product/publishers/iso/iso-tr-234552019/ Wed, 06 Nov 2024 01:16:27 +0000 Blockchain and distributed ledger technologies — Overview of and interactions between smart contracts in blockchain and distributed ledger technology systems
Published By Publication Date Number of Pages
ISO 2019-09 50
]]> This document provides an overview of smart contracts in BC/DLT systems; describing what smart contracts are and how they work. It also discusses methods of interaction between multiple smart contracts. This document focuses on technical aspects of smart contracts. Smart contracts for legally binding use and applications will only be briefly mentioned in this document.

]]> ISO/TR 23249:2022 ?u=/product/publishers/iso/iso-tr-232492022/ Wed, 06 Nov 2024 01:16:23 +0000 Blockchain and distributed ledger technologies – Overview of existing DLT systems for identity management
Published By Publication Date Number of Pages
ISO 2022-05 44
]]> This document provides an overview of existing DLT systems for identity management, i.e. the mechanisms by which one or more entities can create, receive, modify, use and revoke a set of identity attributes.

This document covers the following topics:

—    Managing identity for individuals, organizations, things (IoT & objects), functions and processes and other entities including within and across DLT systems.

—    Description of the actors and their interactions and common interfaces.

—    Architectures.

—    Existing relevant standards and frameworks.

]]> ISO/TR 23244:2020 ?u=/product/publishers/iso/iso-tr-232442020/ Wed, 06 Nov 2024 01:16:22 +0000 Blockchain and distributed ledger technologies — Privacy and personally identifiable information protection considerations
Published By Publication Date Number of Pages
ISO 2020-05 24
]]> This document provides an overview of privacy and personally identifiable information (PII) protection as applied to blockchain and distributed ledger technologies (DLT) systems.

]]> ISO/IEC TS 30104:2015 ?u=/product/publishers/iso/iso-iec-ts-301042015/ Wed, 06 Nov 2024 01:05:12 +0000 Information Technology — Security Techniques — Physical Security Attacks, Mitigation Techniques and Security Requirements
Published By Publication Date Number of Pages
ISO 2015-05 38
]]> Physical security mechanisms are employed by cryptographic modules where the protection of the modules sensitive security parameters is desired. ISO/IEC TS 30104:2015 addresses how security assurance can be stated for products where the risk of the security environment requires the support of such mechanisms. This Technical Specification addresses the following topics:

– a survey of physical security attacks directed against different types of hardware embodiments including a description of known physical attacks, ranging from simple attacks that require minimal skill or resources, to complex attacks that require trained, technical people and considerable resources;

– guidance on the principles, best practices and techniques for the design of tamper protection mechanisms and methods for the mitigation of those attacks; and

– guidance on the evaluation or testing of hardware tamper protection mechanisms and references to current standards and test programs that address hardware tamper evaluation and testing.

The information in ISO/IEC TS 30104:2015 is useful for product developers designing hardware security implementations, and testing or evaluation of the final product. The intent is to identify protection methods and attack methods in terms of complexity, cost and risk to the assets being protected. In this way cost effective protection can be produced across a wide range of systems and needs.

]]>