Committed to connecting the world

ITU 150

ITU-T work programme

Study period:
Study group:
Working party:

Consented between:
Work item:
Base text:
ITU-T A.1 Justification form for proposed new Recommendations
Total found: 95 Page Size:
List viewTabular viewCustomized tab. view
Work itemSubject / TitleSummary
X.TRSM6edTechnical Report Security in telecommunications and information technology - An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications; 6th editionThis technical report provides a broad introduction to the ICT security work of the ITU-T and, more specifically, it summarizes how the ITU-T is responding to global cybersecurity challenges with Recommendations, guidance documents and outreach initiatives. It is primarily directed towards those who have responsibility for, or an interest in, information and communications security and the related standards, as well as those who simply need to gain a better understanding of ICT security issues.
X.TRsussTechnical Report on the successful use of security standardsThis Technical Report on the successful use of security standards is intended to help users, especially those from developing countries, to gain a better understanding of the value of using security-related ITU-T Recommendations in a variety of contexts (e.g. business, commerce, government, industry). It covers the use of security standards in a variety of applications and also introduces readers to the relevance and importance of foundational security standards such as architectural standards, methodology, definitions, and other high-level guidance. The overall focus is to encourage successful and productive use of these standards.
X.gsiisoGuidelines on security of the individual information service for operatorsRecommendation ITU-T X.gsiiso addresses the aspects of security of the information service provided by the telecommunication operators. In the transforming from traditional basic network operator to comprehensive information service provider, the operators expand their services to content service and ICT. The new services not only change the operational models, and they also bring new security issues to be resolved. This Recommendation provides guidelines on security of the individual information service for operators. The scope covers the classification of individual information service, the security requirement, the mechanism, and the coordination.
X.sdnsec-2Security requirements and reference architecture for Software-Defined NetworkingSoftware-Defined Networking (SDN) enables the administrators to configure network resources very quickly and to adjust network-wide traffic flow to meet changing needs dynamically. SDN controllers serve as a type of operating system for network. By separating the control plane from the network hardware and running the control plane instead as software, the controller facilitates automated network management, as well as integration and administration of applications and network services. However, there are some challenges for implementing a full-scale carrier SDN. One of the most important challenges is SDN security. Generally, security threats for SDN are common to other targets and to traditional networking, but the profile of the threats (including their likelihood and impact and hence their overall risk level) changes with the new SDN architecture. With a centralized SDN controller, the impact of a DoS/DDoS attack can be higher than that directed against a single router. Some new functional entities (e.g., SDN controller), protocols (e.g., ONF OpenFlow) and interfaces (e.g, Application-Control interface, Resource-Control interface) according to the framework of SDN [ITU-T Y.3300] will pose new security threats. All these security threats must be understood and secured. This Recommendation describes use cases to detail new security threats when introducing SDN architecture. This Recommendation identifies security threats for SDN control layer, SDN resource layer, Application-Control interface, and Resource-Control interface according to the framework of SDN [ITU-T Y.3300]. This Recommendation also defines security requirements from above security threats analysis and studies possible security mechanisms for new security threats. After that, security reference architecture for SDN is designed based on above studies on security threats, security requirements and security mechanisms. This security reference architecture can guide the developer to design SDN security functional architecture and implement security functions when developing SDN controller.
X.sgmvnoSupplement to ITU-T X.805 Security guideline for mobile virtual network operator (MVNO)A mobile virtual network operator (MVNO) is a mobile communications services provider that does not own mobile network infrastructure. Due to inadequate security experiences and unsubstantial security fundamentals, it is inevitable that MVNOs have to face serious security threats. This supplement to ITU-T X.805 provides security guidelines for MVNOs with additional support of Recommendation ITU-T X.805 from MVNO perspective. This supplement also provides the main features of MVNOs and typical threats to MVNOs. Based on the features and threats of MVNOs, this supplement provides the security framework of MVNOs, including security objectives, security requirements, security technologies, and best practices.
X.tigscTechnical implementation guidelines for ITU-T X.805Many organizations in developing countries as well as developed countries may have difficulties in implementing the high-level domains described in Recommendation ITU-T X.805. Recommendation ITU-T X.tigsc is aimed at providing a set of countermeasures to implement the high-level domains. The technical implementation guidelines for security countermeasures can be used to improve organizations' security strength with provision of understandable implementation guidelines of technical countermeasures. A set of countermeasures or solutions described in this Recommendation could assist organizations in managing information security risks and implementing technical domains. The audience of this Recommendation include, but not limited to, those individuals responsible for implementing an organization's information security domains.
X.1051revInformation technology - Security techniques - Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizationsRecommendation ITU-T X.1051 | ISO/IEC 27011 defines guidelines supporting the implementation of information security management in telecommunications organizations. Rec. ITU-T X.1051 (2008) | ISO/IEC 27011 (2008): a) establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in telecommunications organizations based on ISO/IEC 27002; b) provides an implementation baseline of information security management within telecommunications organizations to ensure the confidentiality, integrity and availability of telecommunications facilities and services. This revision of X.1051 reflects the major structure and technical revisions in the second edition (2013) of ISO/IEC 27002.
X.gpimInformation technology - Security techniques - Code of practice for Personally Identifiable Information protectionRecommendation ITU-T X.gpim | ISO/IEC 29151 provides guidelines of management of personal information in the context of telecommunications. It also defines privacy controls and good practices for personal information protection. The objective of this Recommendation | International Standard is to provide a common ground for the management of personal information. The Recommendation | International Standard is applicable to all relevant departments in a telecommunication organization throughout the life cycle of personal information, i.e., from generation to the destruction. The Recommendation | International Standard is also applicable to all types and sizes of telecommunication organizations, which collect, use, and process personally identifiable information as part of information processing.
X.sgsmInformation security management guidelines for small and medium telecommunication organizationsRecommendation ITU-T X.sgsm provides guidelines for establishing and operating information security management for small and medium-sized telecommunication organizations (SMTOs) in the telecommunication industry. It covers some of the necessary security controls from ITU-T X.1051 | ISO/IEC 27011 for information security management in the context of small and medium telecommunication organizations without huge cost and human resources to implement its information security management system.
X.sup-gpimSupplement to ITU-T X.gpim Code of practice for personally identifiable information protection based on ITU-T X.gpim for telecommunications organizationsThe Supplement to X.gpim provides a set of additional controls and implementation guidelines for personally identifiable information (PII) protection, which are not described in Recommendation ITU-T X.gpim | ISO/IEC 29151, but should further be applicable to telecommunications organizations to address the PII protection. It is intended that telecommunications organizations should use the controls and their associated implementation guidance described in this Supplement as well as those described in Rec. ITU-T X.gpim | ISO/IEC 29151 to address the PII protection. The Supplement is also applicable to any telecommunication organizations which collect, use, and transfer personally identifiable information as part of information processing.
X.1500 Amd.8Overview of cybersecurity information exchange - Amendment 7 - Revised structured cybersecurity information exchange techniquesAmendment 8 to Recommendation ITU-T X.1500 (2011) provides a list of structured cybersecurity information techniques that have been created to be continually updated as these techniques evolve, expand, are newly identified or are replaced. The list follows the outline provided in the body of the Recommendation. This amendment reflects the situation of recommended techniques as of September 2015, including bibliographical references.
X.cogentDesign considerations for improved end-user perception of trustworthiness indicatorsDiverse kinds of attacks employ replicated contents from trustworthy service providers, thereby deceiving end-users into believing its false trustworthiness. Recommendation ITU-T X.cogent describes design consideration for improved end-user perception of trustworthiness indicators. The appendix describes representative techniques for measuring end-user perception of such indicators.
X.nessaAccess control models for incidents exchange networksRecommendation ITU-T X.nessa identifies incidents exchange entities for facilitation of implementation of access control policies. Different existing incidents sharing models are studied and existing applicable access control models are identified. For these models a list of appropriate best practices and standards/recommendations are presented.
X.samtnSecurity assessment techniques in telecommunication/ICT networksRecommendation ITU-T X.samtn conveys global security assessment standards and best practices to developers, manufacturers, operators and end users of the telecommunication domain. Both the traditional circuit-switched networks and the packet-based networks are exposed to different threats and attacks - from external as well as internal sources - that target the various parts of the telecommunications/ICT network. Security assessment of the components before deployment in these networks can help operators to enhance the reliability of these networks to a considerable extent.
X.sbbSecurity capability requirements for countering smartphone-based botnetsRecommendation ITU-T X.sbb provides security capability requirements for countering smartphone-based botnets. It studies the challenges brought forward by smartphone-based botnets, and hence their specific threats to and requirements on the operator's network as well as smartphone themselves. The scope of study focuses on threat analysis and requirement enumeration. The purpose is to safeguard operator's infrastructures and smartphones, ensure operator's services and service qualities, and enhance user experience. Detailed technical solutions, other intelligent terminals such as tablet devices are beyond the scope of this Recommendation.
X.simefSession information message exchange format (SIMEF)Recommendation ITU-T X.simef describes the information model for the session information message exchange format (SIMEF) and provides an associated data model specified with XML schema. SIMEF defines a data model representation for sharing the transport layer session log information regarding the centralized network security management and security information exchange system. The specification of any transport protocol is beyond the scope of this Recommendation.
X.1246 (ex X.ticvs)Technologies involved in countering voice spam in telecommunication organizationsVoice communication is a fundamental service provided by telecommunication networks. With the development of voice communication, voice spam has also been increasing with numerous negative effects on end users and network operators. In general, voice spam has content ranging from commercial advertisement to offensive pornographic material, which has various kinds of negative effects on end users and network operators. Voice spam may allure, annoy, bully or even intimidate users as well as network resources. To avoid these negative influences, and to protect user's rights and maintain network stability, network operators may wish to increase their efforts to counter voice spam. The objective of Recommendation ITU-T X.ticvs is to review technical solutions to counter voice spam. This Recommendation gives an overview of voice spam, and summarizes the existing anti-spam technologies which are used by users and telecommunication networks alike, and the collaboration mechanism between them. Additional proposed technical solutions are also recommended based on the technologies and this collaboration mechanism.
X.cspimTechnical requirements for countering instant messaging spam (SPIM)Instant messaging is gaining large popularity and the proliferation of instant messaging spam (SPIM) is becoming a serious problem. The characteristics of instant messaging, such as IP-based, free of charge and wide coverage, cause instant messaging spam (SPIM) to spread widely and out of control. If these problems are not carefully solved, it will have very negative impact on the utilization of instant messaging service itself. Recommendation ITU-T X.cspim identifies characteristics of instant messaging spam (SPIM) and then specifies technical requirements for countering instant messaging spam.
X.gcsfmpdSupplement to ITU-T Rec. X.1231 on guidance of countering spam for mobile phone developersAs the use of mobile phones grows, malicious attackers tend to send spam intentionally to normal users that causes financial problems and privacy issues to the users. This Supplement to Rec. ITU-T X.1231 provides guidance of countering spam for mobile phone developers. In addition, the following contents are described: - Security threats on mobile phones with various aspects - Guidance of countering spam for mobile phone developers.
X.gcspiSupplement to ITU-T X.1242, Guideline for countermeasures against short message service (SMS) phishing incidentsShort message service (SMS) phishing is a fraudulent technique through mobile phones by causing phishing frauds with smartphones, acquiring personal information on the smartphones, or by enabling small amounts of money to be approved and paid while the account holder is not aware of the approval. The purpose of this supplement to Rec. ITU-T X.1242 is to universalize the guideline for countermeasures against SMS phishing incident by defining a security guideline about security technology against SMS phishing incident and method, and specification of report contents.