IT-säkerhet

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 8 sep 2019
Se merSe mindre
 

This document specifies the test calibration methods and apparatus used when calibrating test tools for cryptographic modules under ISO/IEC 19790:2012 and ISO/IEC 24759:2017 against the test metrics defined in ISO/IEC 17825:2016 for mitigation of non-invasive attack classes.

Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: CEN
Svarsdatum: den 10 sep 2019
Se merSe mindre
 

This document provides the overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards. This document is applicable to all types and sizes of organization (e.g. commercial enterprises, government agencies, not-for-profit organizations).

The terms and definitions provided in this document

— cover commonly used terms and definitions in the ISMS family of standards;

— do not cover all terms and definitions applied within the ISMS family of standards; and

— do not limit the ISMS family of standards in defining new terms for use.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 17 sep 2019
Se merSe mindre
 

This document specifies controls which will shape the content and the structure of online privacy notices as well as the process of asking for consent to collect and process personally identifiable information (PII) from PII principals.

This document is applicable in any online context where a PII controller or any other entity processing PII informs PII principals of processing.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 23 sep 2019
Se merSe mindre
 

For security evaluation of biometric recognition performance and presentation attack detection for biometric verification systems and biometric identification systems, ISO/IEC 19989 (all parts) specifies:

- Extended security functional components to SFR Classes in ISO/IEC 15408-2: 2008,

- Supplementary activities to methodology specified in ISO/IEC 18045:2008 for SAR Classes of ISO/IEC 15408-3: 2008.

This document consists of the introduction of the general framework for the security evaluation of biometric systems, including extended security functional components, and supplementary activities to methodology, which is additional evaluation activities and guidance/recommendations for an evaluator to handle those activities. The supplementary evaluation activities are developed in this document while the detailed recommendations are developed in ISO/IEC 19989-2 (for biometric recognition aspects) and in ISO/IEC 19989-3 (for presentation attack detection aspects). This document is applicable only to TOEs for single biometric characteristic type. However, the selection of a characteristic from multiple characteristics in SFRs is allowed.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 28 sep 2019
Se merSe mindre
 

This International Standard specifies six methods for authenticated encryption, i.e. defined ways of processing a data string with the following security objectives:

-data confidentiality, i.e. protection against unauthorized disclosure of data,

-data integrity, i.e. protection that enables the recipient of data to verify that it has not been modified,

-data origin authentication, i.e. protection that enables the recipient of data to verify the identity of the data originator.

All six methods specified in this International Standard are based on a block cipher algorithm, and require the originator and the recipient of the protected data to share a secret key for this block cipher. Key management is outside the scope of this standard; key management techniques are defined in ISO/IEC 11770.

Four of the mechanisms in this standard, namely mechanisms 3, 4, 5 (AAD variant only) and 6, allow data to be authenticated which is not encrypted. That is, these mechanisms allow a data string that is to be protected to be divided into two parts, D, the data string that is to be encrypted and integrity-protected, and A (the additional authenticated data) that is integrity-protected but not encrypted. In all cases, the string A may be empty.

NOTE Examples of types of data that may need to be sent in unencrypted form, but whose integrity should be

protected, include addresses, port numbers, sequence numbers, protocol version numbers, and other network protocol fields

that indicate how the plaintext should be handled, forwarded, or processed.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 14 okt 2019
Se merSe mindre
 

This document specifies the security requirements for physically unclonable functions (PUFs). Specified security requirements concern the output properties, tamper-resistance and unclonability of a single and a batch of PUFs. Since it depends on the application which security requirements a PUF should meet, this documents also describes the typical use cases of a PUF.

Amongst PUF use cases, random number generation is out of scope in this document. For the definitions of security requirements (and their evaluation and test methods), refer to the existing International Standards related to random number generators, ISO/IEC 18031[1].

The concrete test evaluation methods for each security requirements defined in this document are provided in ISO/IEC 20897-2.

This document is related to ISO/IEC 19790 which specifies security requirements for cryptographic modules. In those modules, CSPs (e.g. key) and PSPs (e.g. ID) are the assets to protect. PUF is one solution to avoid storing security parameters, thereby increasing the overall security of a cryptographic module.

Se merSe mindre
 

This International Standard specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021-1 and ISO/IEC 27001. It is primarily intended to support the accreditation of certification bodies providing ISMS certification.

The requirements contained in this International Standard need to be demonstrated in terms of competence and reliability by any body providing ISMS certification, and the guidance contained in this International Standard provides additional interpretation of these requirements for any body providing ISMS certification.

NOTE This International Standard can be used as a criteria document for accreditation, peer assessment or other audit processes.

Ämnesområden: IT-säkerhet
Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 16 okt 2019
Se merSe mindre
 

This part of ISO/IEC 9797 specifies the following MAC algorithms that use a secret key and a universal hash-function with an n-bit result to calculate an m-bit MAC based on the block ciphers specified in ISO/IEC 18033-3 and the stream ciphers specified in ISO/IEC 18033-4:

a) UMAC;

b) Badger;

c) Poly1305-AES;

d) GMAC.