Committed to connecting the world

ITU-T work programme

Study period:
Study group:
Working party:

Consented between:
Work item:
Base text:
Total found: 86 Page Size:
List viewTabular viewCustomized tab. view
Work itemSubject / TitleSummary
X.gsiisoGuidelines on security of the individual information service for operatorsThis Recommendation addresses the aspects of security of the information service provided by the telecommunication operators. In the transforming from traditional basic network operator to comprehensive information service provider, the operators expand their services to content service and ICT. The new services not only change the operational models, and they also bring new security issues to be resolved. This Recommendation provides guidelines on security of the individual information service for operators. The scope covers the classification of individual information service, the security requirement, the mechanism, and the coordination.
X.mgv6ITU-T X.1037 - Supplement on security management guideline for implementation of IPv6 environment in telecommunications organizationsThis Supplement provides a set of information security management guides for telecommunications organizations to develop and implement IPv6 telecommunication environment. Focusing on network facilities for telecommunications organizations, necessary security controls and implementation guidance for IPv6 implementation as an extension of ITU-T X.1051 are developed.
X.1051revInformation technology - Security techniques - Information security control guidelines based on ISO/IEC 27002 for telecommunications organizationsRec. ITU-T X.1051 | ISO/IEC 27011: a) establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in telecommunications organizations based on ISO/IEC 27002; b) provides an implementation baseline of information security controls within telecommunications organizations to ensure the confidentiality, integrity and availability of telecommunications facilities and services. As a result of implementing this Recommendation | International Standard, telecommunications organizations, both within and between jurisdictions, will: a) be able to assure the confidentiality, integrity and availability of the global telecommunications facilities and services; b) have adopted secure collaborative processes and controls ensuring the lowering of risks in the delivery of telecommunications services; c) be able to redeployed resources to more productive activities; d) have adopted a consistent holistic approach to information security; e) be able to improve personnel awareness and morale, and increase public trust. Objective The objectives of this Recommendation | International Standard are to provide practical guidance specially suited for telecommunications organizations on: a) commonly accepted goals of information security management specifically suited for telecommunications organizations; b) information security management practices to assist in the building of confidence for telecommunications activities.
X.gpimCode of practice for personally identifiable information protectionThe Recommendation would provide a guideline of management of personal information in the context of telecommunications. It also would define privacy controls and good practices for personal information protection. The objective of this Recommendation would be to provide a common ground for the management of personal information. The Recommendation would be applicable to all relevant departments in a telecommunication organization throughout the life cycle of personal information, i.e. from generation to the destruction. The Recommendation would be also applicable to all types and sizes of telecommunication organizations, which collect, use, process personally identifiable information as part of information processing.
X.sgsmInformation security management guidelines for small and medium telecommunication organizationsThis Recommendation provides guidelines for establishing and operating information security management for small and medium-sized telecommunication organizations (SMTOs) in the telecommunication industry. It covers some of necessary security controls from ITU-T X.1051 | ISO/IEC 27011 for information security management in the context of small and medium telecommunication organizations without huge cost and human resources to implement its information security management system.
X.1211 (ex X.eipwa)Capability requirements for preventing web-based attacksWeb-based attacks are attacks in which the attackers compromise the legitimate websites using vulnerabilities, which may result in malicious code to be injected into the websites that in turn can be used to infect a user's computer visiting those websites. Recommendation ITU-T X.1211 provides capability requirements for preventing web-based attacks. It describes the use scenarios to distribute malwares through the web as well as the functional capabilities and functional architecture to prevent web-based attacks.
X.1500 Amd.6Overview of cybersecurity information exchange - Amendment 6 - Revised structured cybersecurity information exchange techniques-
X.ceeCommon event expressionThis Recommendation on common event expression (CEE) standardizes the way computer events are described, logged, and exchanged. By using CEE's common language and syntax, enterprise-wide log management, correlation, aggregation, auditing, and incident handling can be performed more efficiently and produce better results. The primary goal of the effort is to standardize the representation and exchange of logs from electronic systems. CEE breaks the recording and exchanging of logs into three (3) components: profile, log syntax, and log transport.
X.cee.1CEE overviewThis Recommendation provides a high-level overview of common event expression (CEE) along with details on the overall architecture and introduces each of the CEE components including the CEE Profile, the Core CEE Profile, CEE Log Syntax (CLS), CEE Log Transport (CLT), a common vocabulary and taxonomy for event logging, log serialization, log transport, and log requirements definition. The CEE overview is the first in a collection of documents and specifications, whose combination provides the necessary pieces to create the complete CEE event log standard.
X.cee.2CEE profileThis Recommendation defines the method for describing a class of event. This specification is one of a collection of related Recommendations, whose combination provides the necessary pieces to create the complete CEE event log standard.
X.cee.3CEE common log syntax (CLS)One component of the common event expression (CEE) architecture is the CEE common log syntax (CLS). CLS presents a common language for expressing event properties in the form of name-value fields. This Recommendation allows these details to be encoded using one of several formats, such as XML or structured text, which are designed for compatibility with existing event log protocols. Consistent event records representation allows users and products to use the similar terms to describe the similar events in compatible ways. This Recommendation defines the CLS component of the CEE architecture.
X.cee.4CEE common log transport (CLT) requirementsThe CEE common log transport (CLT) requirements define the capabilities for a log transport protocol. Such protocols enable CEE common log syntax (CLS) encoded event records to be shared between parties in a universal, machine-readable manner. The intent of CLT is to provide guidance and requirements for vendors and end users regarding how event records should be reliably and securely shared.
X.csmcAn iterative model for cybersecurity operation using CYBEX techniquesThis Recommendation provides an iterative model for cybersecurity operation using CYBEX and defines an activity model of cybersecurity operations, with which it provides common terminology of the activities. The common terminology aids in avoiding mis-communication among entities and facilitates communication and collaboration among entities.
X.cwssCommon weakness scoring systemThis Recommendation on the common weakness scoring system (CWSS) provides an open framework for communicating the characteristics and impacts of software weaknesses. The goal of CWSS is to enable ICT managers, software security vendors, application vendors and researchers to be able to reason and communicate about the relative importance of different weaknesses, whether in the architecture, design, code, or deployment.
X.cybex-beepUse of BEEP for cybersecurity information exchangeThis Recommendation describes the use of Blocks Extensible Exchange Protocol (BEEP) in for use within Cybersecurity Information Exchange (CYBEX). BEEP is a generic application protocol kernel for connection-oriented, asynchronous interactions described in IETF RFC 3080. At BEEP's core is a framing mechanism that permits simultaneous and independent exchanges of messages between peers. All exchanges occur in the context of a channel - a binding to a well-defined aspect of the application, such as transport security, user authentication, or data exchange. Each channel has an associated "profile" that defines the syntax and semantics of the messages exchanged. This Recommendation provides a technical guidance for developing CYBEX profiles for BEEP.
X.sbbSecurity capability requirements for countering smartphone-based botnetsAlong with the fast development of mobile Internet and the widespread use of smartphones, surveys show the trend that formerly PC-based botnets are replicating to smartphones very quickly. Compared with PCs and servers, smartphones have less processing power, storage space and battery life, however, the adversarial influence of smartphone-based botnets might be more impactful to users, as (1) Many important PIIs are stored on the smartphones; (2) User experience may degrade significantly due to the prevalence and user dependence on smartphones if attacks to them or to the operator's infrastructure occur. The new work item mainly analyses the background and security threats of smartphone-based botnets, and provides security capability requirements.
X.cspimTechnical requirements for countering instant messaging spam (SPIM)Instant messaging is gaining large popularity and the proliferation of instant messaging spam (SPIM) is becoming a serious problem. The characteristics of instant messaging, such as IP-based, free of charge and wide coverage, cause instant messaging spam (SPIM) spread widely and are out of control. If these problems are not carefully solved, it will have very negative impact on the utilization of instant messaging service itself. This Recommendation identifies characteristics of instant messaging spam (SPIM) and then specifies technical requirements for countering instant messaging spam.
X.tfcmmTechnical framework for countering mobile messaging spamMobile messaging spam is proliferating dramatically along with the fast development of mobile messaging services. Unfortunately, no single measure has proved to be the silver bullet against mobile messaging spam. Therefore, it is necessary to establish a practical framework for countering mobile messaging spam. This Recommendation gives an overview of mobile messaging anti-spam works and proposes a technical framework for countering mobile messaging spam. In this framework, entity functions and processing procedures are specified. In addition, this Recommendation provides information sharing mechanisms against mobile messaging spam between entities within anti-spam domain and between anti-spam domains.
X.ticvsTechnologies involved in countering voice spam in telecommunication organizationsVoice communication is the fundamental service provided by telecommunication networks. With the development of voice communication, voice spam has also been proliferating dramatically. In general, voice spam has content ranging from commercial advertisement to offensive pornographic material, which has various kinds of negative effects on end users and network operators. Voice spam tries to allure, annoy, bully or even intimidate users, and waste network resources as well. To avoid negative influences, protect user rights and maintain network stability, network operators should put much more efforts on countering voice spam.
X.msec-7Guidelines on the management of infected terminals in mobile networksThis Recommendation guides mobile operators to manage infected terminals by utilizing technologies in the mobile network to protect both users and mobile operators. This Recommendation describes the features and effects of malicious software in the mobile environment. Based on the network-side technologies, this Recommendation focuses on mitigating the vicious effects caused by the terminals after they are infected. This Recommendation defines and organizes the management measures and corresponding technologies by discovery, governing and sharing.