Committed to connecting the world

ITU 150

ITU-T work programme

Study period:
Study group:
Working party:
Question:
 
GSI:
Status:






Registered:
Consented between:
and
Work item:
Subject/title:
Base text:
Editor:
ITU-T A.1 Justification form for proposed new Recommendations
Total found: 93 Page Size:
List viewTabular viewCustomized tab. view
12345
Work itemSubject / TitleSummary
X.TRSM6edTechnical Report Security in telecommunications and information technology - An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications; 6th editionThis technical report provides a broad introduction to the ICT security work of the ITU-T and, more specifically, it summarizes how the ITU-T is responding to global cybersecurity challenges with Recommendations, guidance documents and outreach initiatives. It is primarily directed towards those who have responsibility for, or an interest in, information and communications security and the related standards, as well as those who simply need to gain a better understanding of ICT security issues.
X.gsiisoGuidelines on security of the individual information service for operatorsRecommendation ITU-T X.gsiiso addresses the aspects of security of the information service provided by the telecommunication operators. In the transforming from traditional basic network operator to comprehensive information service provider, the operators expand their services to content service and ICT. The new services not only change the operational models, and they also bring new security issues to be resolved. This Recommendation provides guidelines on security of the individual information service for operators. The scope covers the classification of individual information service, the security requirement, the mechanism, and the coordination.
X.sgmvnoSupplement to ITU-T X.805 Security guideline for mobile virtual network operator (MVNO)A mobile virtual network operator (MVNO) is a mobile communications services provider that does not own mobile network infrastructure. Due to inadequate security experiences and unsubstantial security fundamentals, it is inevitable that MVNOs have to face serious security threats. This supplement to ITU-T X.805 provides security guideline for MVNOs to additional support of Recommendation ITU-T X.805 from MVNO perspective. This supplement also provides the main features of MVNOs and typical threats to MVNOs. Based on the features and threats of MVNOs, this supplement provides the security framework of MVNOs, including security objectives, security requirements, security technologies, and best practices.
X.tigscTechnical implementation guidelines for ITU-T X.805Many organizations in developing countries as well as developed countries may have difficulties in implementing the high-level domains described in Recommendation ITU-T X.805. Recommendation ITU-T X.tigsc is aimed at providing a set of countermeasures to implement the high-level domains. The technical implementation guideline for security countermeasures can be used to improve organizations' security strength with provision of understandable implementation guideline of technical countermeasures. A set of countermeasures or solutions described in this Recommendation ITU-T X.tigsc could assist organizations in managing information security risks and implementing technical domains. The audience of this Recommendation include, but not limited to, those individuals responsible for implementing an organization's information
X.1051revInformation technology - Security techniques - Information security control guidelines based on ISO/IEC 27002 for telecommunications organizationsITU-T Rec. X.1051 | ISO/IEC 27011 a) establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in telecommunications organizations based on ISO/IEC 27002; b) provides an implementation baseline of information security controls within telecommunications organizations to ensure the confidentiality, integrity and availability of telecommunications facilities, services and information handled, processed or stored by the facilities and services. As a result of implementing this Recommendation | International Standard, telecommunications organizations, both within and between jurisdictions, will: a) be able to assure the confidentiality, integrity and availability of the global telecommunications facilities, services and the information handled, processed or stored within the global facilities and services; b) have adopted secure collaborative processes and controls ensuring the lowering of risks in the delivery of telecommunications services; c) be able to redeployed resources to more productive activities; d) have adopted a consistent holistic approach to information security; e) be able to improve the security culture of organisations, raise staff awareness and increase public trust.
X.gpimInformation technology - Security techniques - Code of practice for personally identifiable information protectionRecommendation ITU-T X.gpim would provide a guideline of management of personal information in the context of telecommunications. It also would define privacy controls and good practices for personal information protection. The objective of this Recommendation would be to provide a common ground for the management of personal information. The Recommendation would be applicable to all relevant departments in a telecommunication organization throughout the life cycle of personal information, i.e. from generation to the destruction. The Recommendation would be also applicable to all types and sizes of telecommunication organizations, which collect, use, process personally identifiable information as part of information processing. It will be developed in line with work of ISO/IEC JTC 1/SC 27/WG 5 in this area. The specific need for protection of personal information specific to telecommunication organizations will be clearly identified in the course of development of this Recommendation.
X.sgsmInformation security management guidelines for small and medium telecommunication organizationsThis Recommendation: (a) establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in small and medium-sized telecommunication organizations based on Rec. [ITU-T X.1051| ISO/IEC 27011]; (b) provides an implementation baseline of information security management for small and medium-sized telecommunication organizations to ensure the confidentiality, integrity and availability of telecommunication facilities and services. The objectives of this Recommendation are to provide practical guidance suited for small and medium-sized telecommunication organizations on commonly-accepted goals of information security management specifically suited for small and medium-sized telecommunication organizations. As a result of implementing this Recommendation, small and medium-sized telecommunication organizations, both within and between jurisdictions, will: (a) be able to assure the confidentiality, integrity and availability of the specific small and medium-sized telecommunication facilities and services; (b) have adopted secure collaborative processes and controls ensuring the reducing of risks in the delivery of telecommunication services; (c) be able to redeploy resources for more productive activities; (d) have adopted a consistent and holistic approach to information security; (e) be able to improve personnel awareness and morale, and increase public trust.
X.sup-gpimSupplement to ITU-T X.gpim Code of practice for personally identifiable information protection based on ITU-T X.gpim for telecommunications organizationsThe number of telecommunications organizations which process personally identifiable information (PII) is on the rise. Accordingly, the expectation for the protection of a customer's privacy and for the security of personally identifiable information of the customers is also increasing. There is a need for a set of additional controls and their implementation guidelines specific PII protection in addition to those in ITU-T X.gpim | ISO/IEC 29151X.gpim, which are applicable to telecommunications organizations. Its aim is to complement the ITU-T X.gpim | ISO/IEC 29151.
X.1500 Amd.7Overview of cybersecurity information exchange - Amendment 7 - Revised structured cybersecurity information exchange techniquesAmendment 7 to Recommendation ITU-T X.1500 (2011) provides a list of structured cybersecurity information techniques that have been created to be continually updated as these techniques evolve, expand, are newly identified or are replaced. The list follows the outline provided in the body of the Recommendation. This amendment reflects the situation of recommended techniques as of April 2015, including bibliographical references.
X.1525 (ex X.cwss)Common weakness scoring systemRecommendation ITU-T X.1525 on the common weakness scoring system (CWSS) provides an open framework for communicating the characteristics and impacts of information and communication technologies (ICT) weaknesses during development of software capabilities. The goal of this Recommendation is to enable ICT software developers, managers, testers, security vendors and service suppliers, buyers, application vendors and researchers to speak from a common language of scoring ICT weaknesses that could manifest as vulnerabilities when the software is used.
X.ceeCommon event expressionRecommendation ITU-T X.cee on common event expression (CEE) standardizes the way computer events are described, logged, and exchanged. By using CEE's common language and syntax, enterprise-wide log management, correlation, aggregation, auditing, and incident handling can be performed more efficiently and produce better results. The primary goal of the effort is to standardize the representation and exchange of logs from electronic systems. CEE breaks the recording and exchanging of logs into three (3) components: profile, log syntax, and log transport.
X.cee.1CEE overviewRecommendation ITU-T X.cee.1 provides a high-level overview of common event expression (CEE) along with details on the overall architecture and introduces each of the CEE components including the CEE Profile, the Core CEE Profile, CEE Log Syntax (CLS), CEE Log Transport (CLT), a common vocabulary and taxonomy for event logging, log serialization, log transport, and log requirements definition. The CEE overview is the first in a collection of documents and specifications, whose combination provides the necessary pieces to create the complete CEE event log standard.
X.cee.2CEE profileRecommendation ITU-T X.cee.2 defines the method for describing a class of event. This specification is one of a collection of related Recommendations, whose combination provides the necessary pieces to create the complete CEE event log standard.
X.cee.3CEE common log syntax (CLS)One component of the common event expression (CEE) architecture is the CEE common log syntax (CLS). CLS presents a common language for expressing event properties in the form of name-value fields. Recommendation ITU-T X.cee.3 allows these details to be encoded using one of several formats, such as XML or structured text, which are designed for compatibility with existing event log protocols. Consistent event records representation allows users and products to use the similar terms to describe the similar events in compatible ways. This Recommendation defines the CLS component of the CEE architecture.
X.cee.4CEE common log transport (CLT) requirementsThe CEE common log transport (CLT) requirements define the capabilities for a log transport protocol. Such protocols enable CEE common log syntax (CLS) encoded event records to be shared between parties in a universal, machine-readable manner. The intent of CLT is to provide guidance and requirements for vendors and end users regarding how event records should be reliably and securely shared.
X.cogentDesign considerations for improved end-user perception of trustworthiness indicatorsDiverse kinds of attacks employ replicated contents from trustworthy service providers, thereby deceiving end-users into believing its false trustworthiness. Recommendation ITU-T X.cogent describes design consideration for improved end-user perception of trustworthiness indicators. The appendix describes representative techniques for measuring end-user perception of such indicators.
X.csmcAn iterative model for cybersecurity operation using CYBEX techniquesRecommendation ITU-T X.csmc provides an iterative model for cybersecurity operation using CYBEX and defines an activity model of cybersecurity operations, with which it provides common terminology of the activities. The common terminology aids in avoiding mis-communication among entities and facilitates communication and collaboration among entities.
X.sbbSecurity capability requirements for countering smartphone-based botnetsARecommendation ITU-T X.sbb is to provide security capability requirements for countering smartphone-based botnets. The intent of the work item is to study the challenges brought forward by smartphone-based botnets, and hence their specific threats to and requirements on the operator's network as well as smartphone themselves. The scope of study will focus on threat analysis and requirement enumeration. The purpose is to safeguard operator's infrastructures and smartphones, ensure operator's services and service qualities, and enhance user experience. Detailed technical solutions, other intelligent terminals such as tablet devices are beyond the scope of this work item.
X.simefSession information message exchange format (SIMEF)Recommendation ITU-T X.simef describes the information model for the session information message exchange format (SIMEF) and provides an associated data model specified with XML schema. SIMEF defines a data model representation for sharing the transport layer session log information regarding the centralized network security management and security information exchange system. The specification of any transport protocol is beyond the scope of this Recommendation.
X.cspimTechnical requirements for countering instant messaging spam (SPIM)Instant messaging is gaining large popularity and the proliferation of instant messaging spam (SPIM) is becoming a serious problem. The characteristics of instant messaging, such as IP-based, free of charge and wide coverage, cause instant messaging spam (SPIM) spread widely and are out of control. If these problems are not carefully solved, it will have very negative impact on the utilization of instant messaging service itself. This Recommendation identifies characteristics of instant messaging spam (SPIM) and then specifies technical requirements for countering instant messaging spam.
12345