|
Part 2: Approved ICT Security Standards |
| (Version
4.2,
January 2010) |
|
Introduction
The purpose of this part of the Security Standards Roadmap is to provide a
summary of existing, approved ICT security standards. Part 3 of the Roadmap
will address standards that are under development.
The standards are listed by topic. Initially, the taxonomy for listing the
standards will be kept very simple to ease the task of compilation. However,
it is anticipated that the taxonomy will be expanded as the number of
entries grows and as the editors gain experience in presenting the entries.
It is also likely that some standards will occupy more than one category
within the taxonomy.
Each entry provides the title of the standard, a short abstract or
description, a document reference (e.g. ITU-T Rec. X.800, ISO/IEC 17799,
IETF RFC 3631) the date of publication/approval and the responsible SDO.
There is also provision for a short comment or linkage to the standard where
it is available on-line.
This section includes standards of ATIS, ETSI, IEEE, IETF, ISO/IEC JTC 1,
and ITU-T. Standards of other SDOs will be included as the Roadmap becomes
more established. [Note: the listing of standards included in this section
is not yet complete. In particular, the ISO/IEC listings are incomplete
in that they include only standards from a subset of the Technical Committees.].
How to use the Security Standards Database
The user may select one of two views: the Organizational View lists standards
by participating organization; the Functional View lists standards by topic.
Under the Functional View, opening a topic folder will provide a list
of the standards included under that particular topic. More details
on any particular standard are available by clicking on the link to standard.
This takes the user to a new summary view entitled Work Item Details.
Additional information is available about the group responsible for the standard
and about the standard itself from this view. By selecting the standard
(as listed in the Reference box of the Work Item View) a link is provided
either to the standard itself or to the source of the standard.
(Note: some organizations make their standards freely available
while other organizations charge for their standards.)
Under the Organizational View, standards are listed under the responsible
organization and subgroup. As with the Functional View, selecting the standard
itself takes the user to the Work Item View mentioned above.
|
|
|
|
|
Taxonomy |
The taxonomy chosen for this Roadmap is fairly simple though
categories are added as the Roadmap is developed and expands.
Currently, standards are listed under the following primary categories:
- General ICT security guidance documents
- Security Architectures, Models and Frameworks
- Security management standards and guidance documents
- Security policy and policy mechanisms
- Security assessment and evaluation criteria
- Security Assurance
- Baseline security requirements
- Intrusion Detection
- Security services
- Generic Security Services
- Access Control services
- Authentication Services
- Trusted Third Party services
- Audit and Alarms services
- Security mechanisms
- Access Control mechanisms
- Authentication mechanisms
- Confidentiality mechanisms
- Integrity mechanisms
- Non-repudiation mechanisms
- Generic security mechanisms
- Biometrics
- Check systems
- Crypto utilities
- Digital Signature mechanisms
- Electronic signatures
- Encryption Algorithms & techniques
- Hash Functions
- Miscellaneous cryptographic mechanisms
- Smart cards
- Trusted Third party mechanisms
- Time Stamping
- Application layer security
- Critical Infrastructure Protection
- Digital identity
- Directories
- Disaster Recovery
- Emergency Services
- Identity management
- Incident management
- IPTV security
- Key management
- Malicious Code
- Mobile security
- Network Management
- Network security
- Network Layer security
- Next Generation Networks
- Patch Management
- PKI
- Privacy
- Secure messaging
- Security terminology and glossaries
- Security protocol standards
- Spam and Spyware
- Transport Layer security
- Threats and threat assessment
- Vulnerabilities and security analysis
- Web services
- Wireless
- Sector-specific security standards
- Facsimile
- Lawful intercept
- Mobile
- Miscellaneous
- Multimedia
- Security of television signals and services
- Satellite
| |
|
|
Acronyms and Abbreviations |
|
Cor - Corrigendum
BCP – Best Current Practice (IETF)
ETSI – European Telecommunications Standards Institute
EG – ETSI Guide
EN – European Standard
ES – ETSI Standard
EXP – Experimental (IETF)
FCD – Final Committee Draft (ISO/IEC)
PDTR – Proposed Draft Technical Report (ISO/IEC)
FDIS – Final Draft International Standard (ISO/IEC)
IEEE – Institute of Electrical and Electronics Engineers
IETF – Internet Engineering Task Force
Info. – Informational (IETF)
IS – International Standard (ISO/IEC)
ISO/IEC – International Organization for Standardization/International
Electrotechnical Commission
ITU-T –International Telecommunication Union, Telecommunication
Standardization Sector
JTC 1 – Joint Technical Committee 1 (of ISO/IEC)
MI – Miscellaneous deliverable (ETSI)
NP – New work Proposal (ISO/IEC)
PP – Pre-published document (ATIS)
Rec. – ITU-T Recommendation
RFC – Request for Comment (IETF)
SC – Subcommittee (of ISO/IEC JTC 1)
SD – Standing Document (ISO/IEC JTC1 SC27)
SG – Study Group (of ITU-T)
SR – Special Report (ETSI)
TR – Technical Report (ISO/IEC)
TS – Technical Specification (ETSI)
WD – Working Draft (ISO/IEC) | |
|
|
|
|
<<
Introduction (Main page) -
Part 1 -
Part 2 -
Part 3 -
Part 4 -
Part 5
>>
|
|
|
