Informationsteknik, kontorsutrustning

This document provides the guidelines for ICT incident response operations. This document is not concerned with non-ICT incident response operations such as loss of paper-based documents. The guidelines are based on the "Detection and Reporting" phase, the "Assessment and Decision" phase and the "Responses" phase of the "Information security incident management phases" model presented in ISO/IEC 27035-1:2016.

The principles given in this document are generic and intended to be applicable to all organizations, regardless of type, size or nature. Organizations can adjust the guidelines given in this document according to their type, size and nature of business in relation to the information security risk situation. This document is also applicable to external organizations providing information security incident management services.

The purpose of ISO 16484-5:2017 is to define data communication services and protocols for computer equipment used for monitoring and control of HVAC&R and other building systems and to define, in addition, an abstract, object-oriented representation of information communicated between such equipment, thereby facilitating the application and use of digital control technology in buildings.

This document specifies video-based point cloud compression.

For security evaluation of biometric verification systems and biometric identification systems, this document is dedicated to the security evaluation of biometric recognition performance applying the ISO/IEC 15408 series. It provides:

— guidance and requirements to the developer and the evaluator for the supplementary activities on biometric recognition performance specified in ISO/IEC 19989-1.

The following item is outside the scope of this document:

— the evaluation of presentation attack detection techniques except for presentation from impostor attempts under the policy of the intended use following the TOE guidance documentation.

For security evaluation of biometric verification systems and biometric identification systems, this document is dedicated to security evaluation of presentation attack detection applying the ISO/IEC 15408 series. It provides:

— Guidance and requirements to the developer and the evaluator for the supplementary activities on presentation attack detection specified in ISO/IEC 19989-1.

This document is applicable only to TOEs for single biometric characteristic type. However, the selection of a characteristic from multiple characteristics in SFRs is allowed.

The scope of this project is to define a general object-oriented information model that may be used to structure information and identify services used in point-of-care (POC) medical device communications. The scope is primarily focused on acute care medical devices and the communication of patient vital signs information.

This International Standard provides guidelines in addition to the guidance given in the ISO/IEC 27000 family of standards for implementing information security management within information sharing communities.

This International Standard provides controls and guidance specifically relating to initiating, implementing, maintaining, and improving information security in inter-organizational and intersector communications. It provides guidelines and general principles on how the specified requirements can be met using established messaging and other technical methods.

This International Standard is applicable to all forms of exchange and sharing of sensitive information, both public and private, nationally and internationally, within the same industry or market sector or between sectors. In particular, it may be applicable to information exchanges and sharing relating to the provision, maintenance and protection of an organization’s or nation state’s critical infrastructure. It is designed to support the creation of trust when exchanging and sharing sensitive information, thereby encouraging the international growth of information sharing communities.

The scope of this Recommendation | International Standard is to define guidelines supporting the implementation of information security controls in telecommunications organizations.

The adoption of this Recommendation | International Standard will allow telecommunications organizations to meet baseline information security management requirements of confidentiality, integrity, availability and any other relevant security property.

This document establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.

In particular, this document specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services.

This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations.

The guidelines in this document can also be relevant to organizations acting as PII controllers. However, PII controllers can be subject to additional PII protection legislation, regulations and obligations, not applying to PII processors. This document is not intended to cover such additional obligations.

This document provides requirements and recommendations to vendors on the disclosure of vulnerabilities in products and services. Vulnerability disclosure enables users to perform technical vulnerability management as specified in ISO/IEC 27002:2013, 12.6.1[1]. Vulnerability disclosure helps users protect their systems and data, prioritize defensive investments, and better assess risk. The goal of vulnerability disclosure is to reduce the risk associated with exploiting vulnerabilities. Coordinated vulnerability disclosure is especially important when multiple vendors are affected. This document provides:

— guidelines on receiving reports about potential vulnerabilities;

— guidelines on disclosing vulnerability remediation information;

— terms and definitions that are specific to vulnerability disclosure;

— an overview of vulnerability disclosure concepts;

— techniques and policy considerations for vulnerability disclosure;

— examples of techniques, policies (Annex A), and communications (Annex B).

Other related activities that take place between receiving and disclosing vulnerability reports are described in ISO/IEC 30111.

This document is applicable to vendors who choose to practice vulnerability disclosure to reduce risk to users of vendors’ products and services.

This International Standard gives guidelines for how to process and resolve potential vulnerability information in a product or online service.

This International Standard is applicable to vendors involved in handling vulnerabilities.

This Recommendation | International Standard provides guidance on concepts, objectives and processes for the governance of information security, by which organizations can evaluate, direct, monitor and communicate the information security-related processes within the organization.

The intended audience for this document is:

• Governing body and top management

• Those who are responsible for evaluating, directing and monitoring an ISMS (Information Security Management Systems) based upon ISO/IEC 27001

• Those responsible for information security management that takes place outside the scope of an ISMS based upon ISO/IEC 27001, but within the scope of governance.

This Recommendation | International Standard is applicable to all types and sizes of organizations.

All references to an ISMS in this document apply to an ISMS based upon ISO/IEC 27001.

This document focuses on the three types of ISMS organizations given in Annex B. However, this document can also be used by other types of organizations.

This document specifies data formats for both transport and storage of genomic information, including the conversion process.

The formats defined in ISO/IEC 23008-12:2017 enable the interchange, editing, and display of images, as well as the carriage of metadata associated with those images.
The Image File Format builds on tools defined in ISO/IEC 14496-12 to define an interoperable storage format for a single image, a collection of images, and sequences of images.
ISO/IEC 23008-12:2017 specifies brands for the storage of images and image sequences conforming to High Efficiency Video Coding (HEVC).
NOTE       The storage of HEVC video sequences is out of scope and is handled by ISO/IEC 14496‑15.
This format defines normative structures used to contain metadata, how to link that metadata to the images, and defines how metadata of certain forms is carried.

This Recommendation | International Standard specifies the syntax and semantics of video usability information (VUI)

parameters and supplemental enhancement information (SEI) messages. The VUI parameters and SEI messages defined

in this standard may be conveyed within coded video bitstreams in a manner specified in a video coding specification or

may be conveyed by other means as determined by the specifications for systems that make use of such coded video

bitstreams. This document is particularly intended for use with coded video bitstreams as specified by Rec. ITU-T H.VVC |

ISO/IEC 23090-3, although it is drafted in a manner intended to be sufficiently generic that it may also be used with other

types of coded video bitstreams.

This document is written in a manner such that it is intended to be referenced by other technical specifications. Such other

technical specifications are to be written in a manner to specify certain necessary elements to enable the use of the VUI

parameters and SEI messages.

VUI parameters and SEI messages can assist in processes related to decoding, display or other purposes. However, unless

otherwise specified in a referencing specification, the interpretation and use of the VUI parameters and SEI messages

specified in this document is not a required functionality of a video decoder or receiving video system. Although semantics

are specified for the VUI parameters and SEI messages, decoders and receiving video systems may simply ignore the

content of the and VUI parameters and SEI messages or may use them in some manner not specified in this document.

This Recommendation | International Standard specifies a video coding technology known as Versatile Video Coding, comprising a video coding technology with a compression capability that is substantially beyond that of the prior generations of such standards and with sufficient versatility for effective use in a broad range of applications.

Only the syntax format, semantics, and associated decoding process requirements are specified, while other matters such as pre-processing, the encoding process, system signalling and multiplexing, data loss recovery, post-processing, and video display are considered to be outside the scope of this Recommendation | International Standard. Any encoding process that produces bitstream data that conforms to the specified bitstream syntax format requirements of this Recommendation | International Standard is considered to be in conformance with the requirements of this Recommendation | International Standard. Additionally, the internal processing steps performed within a decoder are also considered to be outside the scope of this Recommendation | International Standard; only the externally observable output behaviour is required to conform to the specifications of this Recommendation | International Standard. The decoding process is specified such that all decoders that conform to a specified combination of capabilities known as the profile, tier, and level will produce numerically identical cropped decoded output pictures when invoking the decoding process associated with that profile for a bitstream conforming to that profile, tier and level. Any decoding process that produces identical cropped decoded output pictures to those produced by the process described herein (with the correct output order or output timing, as specified) is considered to be in conformance with the requirements of this Recommendation | International Standard.

This Recommendation | International Standard is designed to be generic in the sense that it serves a wide range of applications, bit rates, resolutions, qualities and services. Applications should cover, among other things, digital storage media, television broadcasting and real-time communications. In the course of creating this Recommendation | International Standard, various requirements from typical applications have been considered, necessary algorithmic elements have been developed, and these have been integrated into a single syntax. Hence, this Recommendation | International Standard will facilitate video data interchange among different applications.

Considering the practicality of implementing the full syntax of this Recommendation | International Standard, however, a limited number of subsets of the syntax are also stipulated by means of "profiles", "tiers" and "levels". These and other related terms are formally defined in Clause 3.

A "profile" is a subset of the entire bitstream syntax that is specified in this Recommendation | International Standard. Within the bounds imposed by the syntax of a given profile, it is still possible to require a very large variation in the performance of encoders and decoders depending upon the values taken by syntax elements in the bitstream such as the specified size of the decoded pictures. In many applications, it is currently neither practical nor economical to implement a decoder capable of dealing with all hypothetical uses of the syntax within a particular profile.

In order to deal with this problem, "tiers" and "levels" are specified within each profile. A level of a tier is a specified set of constraints imposed on values of the syntax elements in the bitstream. These constraints may be simple limits on values. Alternatively they may take the form of constraints on arithmetic combinations of values (e.g., picture width multiplied by picture height multiplied by number of pictures decoded per second). A level specified for a lower tier is more constrained than a level specified for a higher tier.

Coded video content conforming to this Recommendation | International Standard uses a common syntax. In order to achieve a subset of the complete syntax, flags, parameters and other syntax elements are included in the bitstream that signal the presence or absence of syntactic elements that occur later in the bitstream.

Rec. ITU-T H.SEI | ISO/IEC 23002-7 specifies the syntax and semantics of the video usability information (VUI) parameters and supplemental enhancement information (SEI) messages that do not affect the conformance specifications in Annex C. These VUI parameters and SEI messages may be used together with this Recommendation | International Standard.

This is the first version of this Recommendation | International Standard.

This document provides specifications for the normative representation of the following types of genomic information: unaligned sequencing reads including read identifiers and quality values aligned sequencing reads including read identifiers and quality values reference sequences

This Technical Specification outlines the standards needed to identify and label the Subject of Care (SoC) and the Individual Provider on objects such as identification (wrist) bands, identification tags or other objects, to enable automatic data capture using data carriers in the care delivery process.

It provides for a unique SoC identification that may be used for other purposes, such as recording the identity of the SoC in individual health records.

This Technical Specification serves as a reference for any organization which plans to implement or improve Automatic Identification and Data Capture (AIDC) in their delivery of care process. It is to be used in conjunction with the GS1 system of standards. Other solutions, such as using other identification systems, are possible but not addressed by this Technical Specification.

This Technical Specification describes good practices to reduce/avoid variation and workarounds which challenge the efficiency of AIDC at the point of care and compromise patient safety.

This Technical Specification specifies how to manage identifiers in the AIDC process, and completes the information found in ISO/TS 22220 and ISO/TS 27575.

This document serves as a general model for subsequent parts specifying non-repudiation mechanisms using cryptographic techniques. ISO/IEC 13888 (all parts) provides non-repudiation mechanisms for the following phases of non-repudiation:

— evidence generation;

— evidence transfer, storage and retrieval; and

— evidence verification.

Dispute arbitration is outside the scope of ISO/IEC 13888 (all parts).

This document specifies the storage format for streams of video that is structured as NAL units, such as AVC (ISO/IEC 14496-10) and HEVC (ISO/IEC 23008-2) video streams.