Committed to connecting the world

ITU-T work programme

Study period:
Study group:
Working party:

Consented between:
Work item:
Base text:
ITU-T A.1 Justification form for proposed new Recommendations
Total found: 104 Page Size:
List viewTabular viewCustomized tab. view
Work itemSubject / TitleSummary
X.TRSM6edTechnical Report Security in telecommunications and information technology - An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications; 6th editionThe following text, copied from the executive summary of the 5th edition, provides an example of the possible objectives, audience, application and content of the proposed updated edition: This manual provides a broad introduction to the ICT security work of the ITU-T and, more specifically, it summarizes how the ITU-T is responding to global cybersecurity challenges with Recommendations, guidance documents and outreach initiatives. It is primarily directed towards those who have responsibility for, or an interest in, information and communications security and the related standards, as well as those who simply need to gain a better understanding of ICT security issues. The manual can be used in various ways according to the organization, role and needs of the user. The introductory chapters provide an overview of the current key areas of the ITU-T security work together with a discussion of the basic requirements for the protection of ICT applications, services and information. The threats and vulnerabilities that drive security requirements are highlighted and the role of standards in meeting the requirements is examined. Some of the features that are needed to protect the various entities involved in providing, supporting and using information and communications technology and services are discussed. In addition, the importance of ICT security standards is explained and examples are given of how the ITU-T security work is evolving to meet security requirements. The generic security architectures for open systems and end-to-end communications are then introduced together with some examples of application-specific architectures. These architectures each establish a framework within which the multiple facets of security can be applied in a consistent manner. They also standardize the underlying concepts of security services and mechanisms and contribute to a standardized vocabulary for ICT security terms and basic concepts. The general principles introduced in these architectures form the basis for many of the other standards on security services, mechanisms and protocols, some of which are discussed later in the text. Security management embraces many activities associated with controlling and protecting access to system and network resources, event monitoring and reporting, policy and auditing, as well as managing the information related to these functions and activities. The topics of information security management, risk management and asset management are the focus of one section. Management activities associated with securing the network infrastructure are discussed later in the text in a section that covers the need to secure the data used to monitor and control the telecommunications network as well as topics related to network management and common security management services. The Directory, and its role in supporting authentication and other security services, is explained along with some of the key areas that depend on Directory services. These include identity management, public-key infrastructures, telebiometrics (i.e. personal identification and authentication using biometric devices in telecommunication environments) and privacy. The importance of protecting the Directory information base is also discussed. Some specific examples and approaches to network security are reviewed. These include the security requirements for Next Generation Networks and mobile communications networks which are in transition from a single technology (such as CDMA or GSM) to mobility across heterogeneous platforms using the Internet protocol. Also included in this section is an examination of security provisions for home networks, cable television and ubiquitous sensor networks. A new section on cybersecurity and incident response has been added to this edition of the manual. Effective response to cyber-attacks is dependent on understanding the source and nature of the attack and on sharing information with monitoring agencies. This section discusses the development of a framework for sharing cybersecurity-related information and requirements for detecting, protecting against, mitigating the effects of, and recovering from cyber-attacks. The security needs of a number of application areas are examined with particular emphasis on the security features that are defined in ITU-T Recommendations. Topics discussed include voice over internet protocol (VOIP), internet protocol television (IPTV) and web services. Also included in this section is the topic of identification tags (including RFID tags) which are widely deployed but which are also the subject of growing concern over the risk of privacy infringement. Technical measures for countering common network threats such as spam, malicious code and spyware are presented and a discussion is included on the importance of timely notification and dissemination of software updates and the need for organization and consistency in handling security incidents. In conclusion, there is a short section on possible future directions of ICT security standardization work. A review of sources of additional information is included at the end of the text along with Annexes on definitions and acronyms used in the manual, a summary of security-related Study Groups and a complete listing of Recommendations referenced in this manual. In the electronic version of the text, links are included throughout the text to some of the key ITU-T security resources and outreach information.
X.gsiisoGuidelines on security of the individual information service for operatorsRecommendation ITU-T X.gsiiso addresses the aspects of security of the information service provided by the telecommunication operators. In the transforming from traditional basic network operator to comprehensive information service provider, the operators expand their services to content service and ICT. The new services not only change the operational models, and they also bring new security issues to be resolved. This Recommendation provides guidelines on security of the individual information service for operators. The scope covers the classification of individual information service, the security requirement, the mechanism, and the coordination.
X.sgmvnoSupplement to ITU-T X.805 Security guideline for mobile virtual network operator (MVNO)A mobile virtual network operator (MVNO) is a mobile communications services provider that does not own mobile network infrastructure. Due to inadequate security experiences and unsubstantial security fundamentals, it is inevitable that MVNOs have to face serious security threats. This supplement to ITU-T X.805 provides security guideline for MVNOs to additional support of Recommendation ITU-T X.805 from MVNO perspective. This supplement also provides the main features of MVNOs and typical threats to MVNOs. Based on the features and threats of MVNOs, this supplement provides the security framework of MVNOs, including security objectives, security requirements, security technologies, and best practices.
X.tigscTechnical implementation guidelines for ITU-T X.805Many organizations in developing countries as well as developed countries may have difficulties in implementing the high-level domains described in Recommendation ITU-T X.805. Recommendation ITU-T X.tigsc is aimed at providing a set of countermeasures to implement the high-level domains. The technical implementation guideline for security countermeasures can be used to improve organizations' security strength with provision of understandable implementation guideline of technical countermeasures. A set of countermeasures or solutions described in this Recommendation ITU-T X.tigsc could assist organizations in managing information security risks and implementing technical domains. The audience of this Recommendation include, but not limited to, those individuals responsible for implementing an organization's information
X.1051revInformation technology - Security techniques - Information security control guidelines based on ISO/IEC 27002 for telecommunications organizationsRecommendation ITU-T X.1051rev defines guidelines supporting the implementation of information security management in telecommunications organizations. Rec. ITU-T X.1051 (2008) | ISO/IEC 27011 (2008): a) establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in telecommunications organizations based on ISO/IEC 27002; b) provides an implementation baseline of information security management within telecommunications organizations to ensure the confidentiality, integrity and availability of telecommunications facilities and services. This revision of X.1051 reflects the major structure and technical revisions of ISO/IEC 27002:2013.
X.gpimInformation technology - Security techniques - Code of practice for personally identifiable information protectionRecommendation ITU-T X.gpim would provide a guideline of management of personal information in the context of telecommunications. It also would define privacy controls and good practices for personal information protection. The objective of this Recommendation would be to provide a common ground for the management of personal information. The Recommendation would be applicable to all relevant departments in a telecommunication organization throughout the life cycle of personal information, i.e. from generation to the destruction. The Recommendation would be also applicable to all types and sizes of telecommunication organizations, which collect, use, process personally identifiable information as part of information processing. It will be developed in line with work of ISO/IEC JTC 1/SC 27/WG 5 in this area. The specific need for protection of personal information specific to telecommunication organizations will be clearly identified in the course of development of this Recommendation.
X.sgsmInformation security management guidelines for small and medium telecommunication organizationsRecommendation ITU-T X.sgsm provides guidelines for establishing and operating information security management for small and medium-sized telecommunication organizations (SMTOs) in the telecommunication industry. It covers some of necessary security controls from ITU-T X.1051 | ISO/IEC 27011 for information security management in the context of small and medium telecommunication organizations without huge cost and human resources to implement its information security management system.
X.sup-gpimSupplement to ITU-T X.gpim Code of practice for personally identifiable information protection for telecommunications organizationsThe Supplement to X.gpim provides a set of additional controls and implementation guidelines for the PII protection, which are not described in Recommendation ITU-T X.gpim | ISO/IEC 29151, but should further be applicable to telecommunications organizations to address the PII protection. It is intended that telecommunications organizations should use the controls and their associated implementation guidance described in this Supplement as well as those described in Rec. ITU-T X.gpim | ISO/IEC 29151 to address the PII protection. The Supplement is also applicable to any telecommunication organizations which collect, use, and transfer personally identifiable information as part of information processing.
X.1500 Amd.7Overview of cybersecurity information exchange - Amendment 7 - Revised structured cybersecurity information exchange techniquesAmendment 7 to Recommendation ITU-T X.1500 (2011) provides a list of structured cybersecurity information techniques that have been created to be continually updated as these techniques evolve, expand, are newly identified or are replaced. The list follows the outline provided in the body of the Recommendation. This amendment reflects the situation of recommended techniques as of April 2015, including bibliographical references.
X.ceeCommon event expressionRecommendation ITU-T X.cee on common event expression (CEE) standardizes the way computer events are described, logged, and exchanged. By using CEE's common language and syntax, enterprise-wide log management, correlation, aggregation, auditing, and incident handling can be performed more efficiently and produce better results. The primary goal of the effort is to standardize the representation and exchange of logs from electronic systems. CEE breaks the recording and exchanging of logs into three (3) components: profile, log syntax, and log transport.
X.cee.1CEE overviewRecommendation ITU-T X.cee.1 provides a high-level overview of common event expression (CEE) along with details on the overall architecture and introduces each of the CEE components including the CEE Profile, the Core CEE Profile, CEE Log Syntax (CLS), CEE Log Transport (CLT), a common vocabulary and taxonomy for event logging, log serialization, log transport, and log requirements definition. The CEE overview is the first in a collection of documents and specifications, whose combination provides the necessary pieces to create the complete CEE event log standard.
X.cee.2CEE profileRecommendation ITU-T X.cee.2 defines the method for describing a class of event. This specification is one of a collection of related Recommendations, whose combination provides the necessary pieces to create the complete CEE event log standard.
X.cee.3CEE common log syntax (CLS)One component of the common event expression (CEE) architecture is the CEE common log syntax (CLS). CLS presents a common language for expressing event properties in the form of name-value fields. Recommendation ITU-T X.cee.3 allows these details to be encoded using one of several formats, such as XML or structured text, which are designed for compatibility with existing event log protocols. Consistent event records representation allows users and products to use the similar terms to describe the similar events in compatible ways. This Recommendation defines the CLS component of the CEE architecture.
X.cee.4CEE common log transport (CLT) requirementsThe CEE common log transport (CLT) requirements define the capabilities for a log transport protocol. Such protocols enable CEE common log syntax (CLS) encoded event records to be shared between parties in a universal, machine-readable manner. The intent of CLT is to provide guidance and requirements for vendors and end users regarding how event records should be reliably and securely shared.
X.cogentDesign considerations for improved end-user perception of trustworthiness indicatorsDiverse kinds of attacks employ replicated contents from trustworthy service providers, thereby deceiving end-users into believing its false trustworthiness. Recommendation ITU-T X.cogent describes design consideration for improved end-user perception of trustworthiness indicators. The appendix describes representative techniques for measuring end-user perception of such indicators.
X.csmcAn iterative model for cybersecurity operation using CYBEX techniquesRecommendation ITU-T X.csmc provides an iterative model for cybersecurity operation using CYBEX and defines an activity model of cybersecurity operations, with which it provides common terminology of the activities. The common terminology aids in avoiding mis-communication among entities and facilitates communication and collaboration among entities.
X.cwssCommon weakness scoring systemThis Recommendation on the common weakness scoring system (CWSS) provides an open framework for communicating the characteristics and impacts of software weaknesses. The goal of CWSS is to enable ICT managers, software security vendors, application vendors and researchers to be able to reason and communicate about the relative importance of different weaknesses, whether in the architecture, design, code, or deployment.
X.sbbSecurity capability requirements for countering smartphone-based botnetsARecommendation ITU-T X.sbb is to provide security capability requirements for countering smartphone-based botnets. The intent of the work item is to study the challenges brought forward by smartphone-based botnets, and hence their specific threats to and requirements on the operator's network as well as smartphone themselves. The scope of study will focus on threat analysis and requirement enumeration. The purpose is to safeguard operator's infrastructures and smartphones, ensure operator's services and service qualities, and enhance user experience. Detailed technical solutions, other intelligent terminals such as tablet devices are beyond the scope of this work item.
X.simefSession information message exchange format (SIMEF)Recommendation ITU-T X.simef describes the information model for the session information message exchange format (SIMEF) and provides an associated data model specified with XML schema. SIMEF defines a data model representation for sharing the transport layer session log information regarding the centralized network security management and security information exchange system. The specification of any transport protocol is beyond the scope of this Recommendation.
X.cspimTechnical requirements for countering instant messaging spam (SPIM)Instant messaging is gaining large popularity and the proliferation of instant messaging spam (SPIM) is becoming a serious problem. The characteristics of instant messaging, such as IP-based, free of charge and wide coverage, cause instant messaging spam (SPIM) spread widely and are out of control. If these problems are not carefully solved, it will have very negative impact on the utilization of instant messaging service itself. This Recommendation identifies characteristics of instant messaging spam (SPIM) and then specifies technical requirements for countering instant messaging spam.