Informationsteknik, kontorsutrustning

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: CEN
Svarsdatum: den 21 jan 2020
Se merSe mindre
 

This part of ISO/IEC 15408 establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of the standard which in its entirety is meant to be used as the basis for evaluation of security properties of IT products.

Part one provides an overview of all parts of ISO/IEC 15408 standard. It describes the various parts of the standard; defines the terms and abbreviations to be used in all parts of the standard; establishes the core concept of a Target of Evaluation (TOE); the evaluation context and describes the audience to which the evaluation criteria are addressed. An introduction to the basic security concepts necessary for evaluation of IT products is given.

It defines the various operations by which the functional and assurance components given in ISO/IEC 15408-2 and ISO/IEC 15408-3 may be tailored through the use of permitted operations.

The key concepts of protection profiles (PP), packages of security requirements and the topic of conformance are specified and the consequences of evaluation, evaluation results are described. This part of ISO/IEC 15408 gives guidelines for the specification of Security Targets (ST) and provides a description of the organization of components throughout the model. General information about the evaluation methodology are given in ISO/IEC 18045 and the scope of evaluation schemes is provided.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: CEN
Svarsdatum: den 21 jan 2020
Se merSe mindre
 

This part of ISO/IEC 15408 defines the required structure and content of security functional components for the purpose of security evaluation. It includes a catalogue of functional components that will meet the common security functionality requirements of many IT products.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: CEN
Svarsdatum: den 21 jan 2020
Se merSe mindre
 

This part of ISO/IEC 15408 defines the assurance requirements of ISO/IEC 15408. It includes the evaluation assurance levels (EALs) that define a scale for measuring assurance for component Targets of Evaluation (TOEs), the composed assurance packages (CAPs) that define a scale for measuring assurance for composed TOEs, the individual assurance components from which the assurance levels and packages are composed, and the criteria for evaluation of Protection Profiles (PPs) and Security Targets (STs)

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: CEN
Svarsdatum: den 21 jan 2020
Se merSe mindre
 

This International Standard is a companion document to the "Evaluation criteria for IT security", ISO/IEC 15408. This International Standard defines the minimum actions to be performed by an evaluator in order to conduct an ISO/IEC 15408 evaluation, using the criteria and evaluation evidence defined in ISO/IEC 15408.

This International Standard does not define evaluator actions for certain high assurance ISO/IEC 15408 components, where there is as yet no generally agreed guidance.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: CEN
Svarsdatum: den 21 jan 2020
Se merSe mindre
 

This document gives guidelines for

— a process on privacy impact assessments, and

— a structure and content of a PIA report.

It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations.

This document is relevant to those involved in designing or implementing projects, including the parties operating data processing systems and services that process PII.

Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: CEN
Svarsdatum: den 21 jan 2020
Se merSe mindre
 

This International Standard specifies the security requirements for a cryptographic module utilised within a security system protecting sensitive information in computer and telecommunication systems. This International Standard defines four security levels for cryptographic modules to provide for a wide spectrum of data sensitivity (e.g. low value administrative data, million dollar funds transfers, life protecting data, personal identity information, and sensitive information used by government) and a diversity of application environments (e.g. a guarded facility, an office, removable media, and a completely unprotected location). This International Standard specifies four security levels for each of 11 requirement areas with each security level increasing security over the preceding level.

This International Standard specifies security requirements specified intended to maintain the security provided by a cryptographic module and compliance to this International Standard is not sufficient to ensure that a particular module is secure or that the security provided by the module is sufficient and acceptable to the owner of the information that is being protected.

Ämnesområden: Ledningssystem; IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: CEN
Svarsdatum: den 21 jan 2020
Se merSe mindre
 

This document provides guidance on managing an information security management system (ISMS) audit programme, on conducting audits, and on the competence of ISMS auditors, in addition to the guidance contained in ISO 19011:2011.

This document is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme.

Se merSe mindre
 

This document provides guidance based on ISO/IEC 27002:2013 applied to process control systems used by the energy utility industry for controlling and monitoring the production or generation, transmission, storage and distribution of electric power, gas, oil and heat, and for the control of associated supporting processes. This includes in particular the following:

— central and distributed process control, monitoring and automation technology as well as information systems used for their operation, such as programming and parameterization devices;

— digital controllers and automation components such as control and field devices or Programmable Logic Controllers (PLCs), including digital sensor and actuator elements;

— all further supporting information systems used in the process control domain, e.g. for supplementary data visualization tasks and for controlling, monitoring, data archiving, historian logging, reporting and documentation purposes;

— communication technology used in the process control domain, e.g. networks, telemetry, telecontrol applications and remote control technology;

— Advanced Metering Infrastructure (AMI) components, e.g. smart meters;

— measurement devices, e.g. for emission values;

— digital protection and safety systems, e.g. protection relays, safety PLCs, emergency governor mechanisms;

— energy management systems, e.g. of Distributed Energy Resources (DER), electric charging infrastructures, in private households, residential buildings or industrial customer installations;

— distributed components of smart grid environments, e.g. in energy grids, in private households, residential buildings or industrial customer installations;

— all software, firmware and applications installed on above-mentioned systems, e.g. DMS (Distribution Management System) applications or OMS (Outage Management System);

— any premises housing the above-mentioned equipment and systems;

— remote maintenance systems for above-mentioned systems.

This document does not apply to the process control domain of nuclear facilities. This domain is covered by IEC 62645.

This document also includes a requirement to adapt the risk assessment and treatment processes described in ISO/IEC 27001:2013 to the energy utility industry-sector–specific guidance provided in this document.

Kommittébeteckning: SIS/TK 611 (Informationsteknik)
Källa: ISO
Svarsdatum: den 26 jan 2020
Se merSe mindre
 

This document

— extends the existing cloud computing vocabulary and reference architecture in ISO/IEC 17788 and ISO/IEC 17789 to describe an ecosystem involving devices using cloud services,

— describes the various types of data flowing within the devices and cloud computing ecosystem,

— describes the impact of connected devices on the data that flow within the cloud computing ecosystem,

— describes flows of data between cloud services, cloud service customers and cloud service users,

— provides foundational concepts, including a data taxonomy, and

— identifies the categories of data that flow across the cloud service customer devices and cloud services.

This document is applicable primarily to cloud service providers, cloud service customers and cloud service users, but also to any person or organization involved in legal, policy, technical or other implications of data flows between devices and cloud services.

Kommittébeteckning: SIS/TK 303 (IT-system och IT-tjänster)
Källa: ISO
Svarsdatum: den 27 jan 2020
Se merSe mindre
 

This document defines the capabilities of issue management tools and is used to select best one from many issue management tools. The evaluation and selection of the issue management tools is performed in accordance with ISO/IEC 20741 which defines the general evaluation selection process and evaluation characteristics. Issue management is based on the activities and tasks described in several processes (e.g. Quality Assurance Process, Maintenance Process, and Operation Process, etc.) of ISO/IEC 12207.

This document is independent of the development style such as waterfall or agile, and development phase such as development phase or operation phase also.

Kommittébeteckning: SIS/TK 611 (Informationsteknik)
Källa: ISO
Svarsdatum: den 29 jan 2020
Se merSe mindre
 

This International Standard defines test methods for performance characteristics of RFID tags for item management and specifies the general requirements and test requirements for tags which are applicable to the selection of the devices for an application. The summary of the test reports forms a unified tag datasheet. It does not apply to testing in relation to regulatory or similar requirements.

Kommittébeteckning: SIS/TK 563 (Additiv tillverkning)
Källa: CEN
Svarsdatum: den 3 feb 2020
Se merSe mindre
 

This document provides the specification for the Additive Manufacturing File Format (AMF), an interchange format to address the current and future needs of additive manufacturing technology.

This document specifies the requirements for the preparation, display and transmission for the AMF. When prepared in a structured electronic format, strict adherence to an extensible markup language (XML)[1] schema supports standards-compliant interoperability.

NOTE A W3C XML schema definition (XSD) for the AMF is available from ISO from http:// standards .iso .org/ iso/ 52915 and from ASTM from www .astm .org/ MEETINGS/ images/ amf .xsd. An implementation guide for such an XML schema is provided in Annex A.

It is recognized that there is additional information relevant to the final part that is not covered by the current version of this document. Suggested future features are listed in Annex B.

This document does not specify any explicit mechanisms for ensuring data integrity, electronic signatures and encryptions.

Kommittébeteckning: SIS/TK 611 (Informationsteknik)
Källa: ISO
Svarsdatum: den 9 feb 2020
Se merSe mindre
 

The primary purpose of the multipart standard ISO/IEC 19763 is to specify a metamodel framework for interoperability. This part of ISO/IEC 19763 specifies the metamodel that provides a facility to register administrative and evolution information related to ontologies.

The metamodel that this part specifies is intended to promote interoperation among application systems, by providing administrative and evolution information related to ontologies, accompanied with standardized ontology repositories that register ontologies themselves in specific languages.

This part of ISO/IEC 19763 does not specify the metamodels of ontologies expressed in specific languagesand the mappings among them. They are specified in other specifications such as the Ontology Definition

Metamodel from the Object Management Group (see bibliography item [1]).

Kommittébeteckning: SIS/TK 448 (Teknik och stödsystem för personlig identifiering)
Källa: ISO
Svarsdatum: den 10 feb 2020
Se merSe mindre
 

This part of ISO/IEC 19795:

⎯ establishes general principles for testing the performance of biometrics systems in terms of error rates and throughput rates for purposes including measurement of performance, prediction of performance, comparison of performance, and verifying compliance with specified performance requirements;

⎯ specifies performance metrics for biometric systems;

⎯ specifies requirements on the recording of test data and reporting of test results; and

⎯ specifies requirements on test protocols in order to:

⎯ reduce bias due to inappropriate data collection or analytic procedures;

⎯ help achieve the best estimate of field performance for the expended effort;

⎯ improve understanding of the limits of applicability of the test results.

This part of ISO/IEC 19795 is applicable to empirical performance testing of biometric systems and algorithms through analysis of the comparison scores and decisions output by the system, without requiring detailed knowledge of the system’s algorithms or of the underlying distribution of biometric characteristics in the population of interest.

Not within the scope of this part of ISO/IEC 19795 is the measurement of error and throughput rates for people deliberately trying to subvert the intended operation of the biometric system (e.g., by presentation attacks).

Kommittébeteckning: SIS/TK 450 (IT-standarder för Lärande)
Källa: SIS
Svarsdatum: den 14 feb 2020
Se merSe mindre
 

Denna standard beskriver överföring av information mellan följande processer: — Skoladministration — Tjänstefördelning — Schemaläggning Standarden beskriver också överföring av information från processen Schemaläggning till olika processer som använder lektionsinformation. Denna standard omfattar även: — Beskrivning av innebörden hos begrepp som förekommer i standarden — Klassdiagram som redogör för informationens struktur — Villkor för när information är obligatorisk — Protokoll för datautbyte — Värdeförråd Denna standard omfattar inte — Hur processen Skoladministration mottar information från andra processer eller system

Kommittébeteckning: SIS/TK 255 (Vägtrafikinformatik)
Källa: CEN
Svarsdatum: den 17 feb 2020
Se merSe mindre
 

This document specifies the test suite structure (TSS) and test purposes (TP) to evaluate the conformity of on-board equipment (OBE) and roadside equipment (RSE) to ISO 12813:2019.

It provides a basis for conformance tests for dedicated short-range communication (DSRC) OBE and RSE to support interoperability between different equipment supplied by different manufacturers.

ISO 12813 defines requirements on the CCC interface level, but not for the RSE or OBE internal functional behaviour. Consequently, tests regarding OBE and/or RSE functional behaviour remain outside the scope of this document.

Kommittébeteckning: SIS/TK 255 (Vägtrafikinformatik)
Källa: CEN
Svarsdatum: den 17 feb 2020
Se merSe mindre
 

This document specifies the test suite structure (TSS) and test purposes (TP) to evaluate the conformity

of on-board equipment (OBE) and roadside equipment (RSE) to ISO 12813:2019.

It provides a basis for conformance tests for dedicated short-range communication (DSRC) OBE and RSE

to support interoperability between different equipment supplied by different manufacturers.

ISO 12813 defines requirements on the CCC interface level, but not for the RSE or OBE internal functional

behaviour. Consequently, tests regarding OBE and/or RSE functional behaviour remain outside the scope

of this document.

Kommittébeteckning: SIS/TK 255 (Vägtrafikinformatik)
Källa: ISO
Svarsdatum: den 17 feb 2020
Se merSe mindre
 

This document specifies the test suite structure (TSS) and test purposes (TP) to evaluate the conformity of on-board equipment (OBE) and roadside equipment (RSE) to ISO 12813:2019.

It provides a basis for conformance tests for dedicated short-range communication (DSRC) OBE and RSE to support interoperability between different equipment supplied by different manufacturers.

ISO 12813 defines requirements on the CCC interface level, but not for the RSE or OBE internal functional behaviour. Consequently, tests regarding OBE and/or RSE functional behaviour remain outside the scope of this document.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 7 mar 2020
Se merSe mindre
 

This document provides the guidelines for ICT incident response operations. This document is not concerned with non-ICT incident response operations such as loss of paper-based documents. The guidelines are based on the "Detection and Reporting" phase, the "Assessment and Decision" phase and the "Responses" phase of the "Information security incident management phases" model presented in ISO/IEC 27035-1:2016.

The principles given in this document are generic and intended to be applicable to all organizations, regardless of type, size or nature. Organizations can adjust the guidelines given in this document according to their type, size and nature of business in relation to the information security risk situation. This document is also applicable to external organizations providing information security incident management services.

Kommittébeteckning: SIS/TK 189 (Innemiljö och energianvändning i byggnader)
Källa: CEN
Svarsdatum: den 8 mar 2020
Se merSe mindre
 

The purpose of ISO 16484-5:2017 is to define data communication services and protocols for computer equipment used for monitoring and control of HVAC&R and other building systems and to define, in addition, an abstract, object-oriented representation of information communicated between such equipment, thereby facilitating the application and use of digital control technology in buildings.