|Work item||Subject / Title||Summary
|X.TRsuss||Technical Report on the successful use of security standards||This Technical Report on the successful use of security standards is intended to help users, especially those from developing countries, to gain a better understanding of the value of using security-related ITU-T Recommendations in a variety of contexts (e.g. business, commerce, government, industry). It covers the use of security standards in a variety of applications and also introduces readers to the relevance and importance of foundational security standards such as architectural standards, methodology, definitions, and other high-level guidance. The overall focus is to encourage successful and productive use of these standards.
|X.gsiiso||Guidelines on security of the individual information service for operators||Recommendation ITU-T X.gsiiso addresses the aspects of security of the information service provided by the telecommunication operators. In the transforming from traditional basic network operator to comprehensive information service provider, the operators expand their services to content service and ICT. The new services not only change the operational models, and they also bring new security issues to be resolved.
This Recommendation provides guidelines on security of the individual information service for operators. The scope covers the classification of individual information service, the security requirements, the mechanisms, and the coordination.
|X.sdnsec-2||Security requirements and reference architecture for Software-Defined Networking||Software-Defined Networking (SDN) enables the administrators to configure network resources very quickly and to adjust network-wide traffic flow to meet changing needs dynamically. SDN controllers serve as a type of operating system for network. By separating the control plane from the network hardware and running the control plane instead as software, the controller facilitates automated network management, as well as integration and administration of applications and network services. However, there are some challenges for implementing a full-scale carrier SDN. One of the most important challenges is SDN security.
Generally, security threats for SDN are common to other targets and to traditional networking, but the profile of the threats (including their likelihood and impact and hence their overall risk level) changes with the new SDN architecture. With a centralized SDN controller, the impact of a DoS/DDoS attack can be higher than that directed against a single router. Some new functional entities (e.g., SDN controller), protocols (e.g., ONF OpenFlow) and interfaces (e.g, Application-Control interface, Resource-Control interface) according to the framework of SDN [ITU-T Y.3300] will pose new security threats. All these security threats must be understood and secured.
This Recommendation describes use cases to detail new security threats when introducing SDN architecture. This Recommendation identifies security threats for SDN control layer, SDN resource layer, Application-Control interface, and Resource-Control interface according to the framework of SDN [ITU-T Y.3300]. This Recommendation also defines security requirements from above security threats analysis and studies possible security mechanisms for new security threats. After that, security reference architecture for SDN is designed based on above studies on security threats, security requirements and security mechanisms. This security reference architecture can guide the developer to design SDN security functional architecture and implement security functions when developing SDN controller.
|X.sgmvno||ITU-T X.805 - Supplement on Security guideline for mobile virtual network operator (MVNO)||A mobile virtual network operator (MVNO) is a mobile communications services provider that does not own mobile network infrastructure. Due to inadequate security experiences and unsubstantial security fundamentals, it is inevitable that MVNOs have to face serious security threats. This supplement to ITU-T X.805 provides security guidelines for MVNOs with additional support of Recommendation ITU-T X.805 from MVNO perspective. This supplement also provides the main features of MVNOs and typical threats to MVNOs. Based on the features and threats of MVNOs, this supplement provides the security framework of MVNOs, including security objectives, security requirements, security technologies, and best practices.
|X.tigsc||Technical implementation guidelines for ITU-T X.805||Many organizations in developing countries as well as developed countries may have difficulties in implementing the high-level domains described in Recommendation ITU-T X.805. Recommendation ITU-T X.tigsc is aimed at providing a set of countermeasures to implement the high-level domains. The technical implementation guidelines for security countermeasures can be used to improve organizations' security strength with provision of understandable implementation guidelines of technical countermeasures. A set of countermeasures or solutions described in this Recommendation could assist organizations in managing information security risks and implementing technical domains. The audience of this Recommendation include, but not limited to, those individuals responsible for implementing an organization's information security domains.
|X.1051rev||Information technology - Security techniques - Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations||Recommendation ITU-T X.1051 | ISO/IEC 27011 defines guidelines supporting the implementation of information security management in telecommunications organizations.
Rec. ITU-T X.1051 (2008) | ISO/IEC 27011 (2008):
a) establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in telecommunications organizations based on ISO/IEC 27002;
b) provides an implementation baseline of information security management within telecommunications organizations to ensure the confidentiality, integrity and availability of telecommunications facilities and services.
This revision of X.1051 reflects the major structure and technical revisions in the second edition (2013) of ISO/IEC 27002.
|X.gpim||Information technology - Security techniques - Code of practice for Personally Identifiable Information protection||Recommendation ITU-T X.gpim | ISO/IEC 29151 provides guidelines of management of personal information in the context of telecommunications. It also defines privacy controls and good practices for personal information protection. The objective of this Recommendation | International Standard is to provide a common ground for the management of personal information. The Recommendation | International Standard is applicable to all relevant departments in a telecommunication organization throughout the life cycle of personal information, i.e., from generation to the destruction. The Recommendation | International Standard is also applicable to all types and sizes of telecommunication organizations, which collect, use, and process personally identifiable information as part of information processing.
|X.sgsm||Information security management guidelines for small and medium telecommunication organizations||Recommendation ITU-T X.sgsm
(a) establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in small and medium-sized telecommunication organizations based on Rec. ITU-T X.1051| ISO/IEC 27011;
(b) provides an implementation baseline of information security management for small and medium-sized telecommunication organizations to ensure the confidentiality, integrity and availability of telecommunication facilities and services.
The objectives of this Recommendation are to provide practical guidance suited for small and medium-sized telecommunication organizations on commonly-accepted goals of information security management specifically suited for small and medium-sized telecommunication organizations.
As a result of implementing this Recommendation, small and medium-sized telecommunication organizations, both within and between jurisdictions, will
(a) be able to assure the confidentiality, integrity and availability of the specific small and medium-sized telecommunication facilities and services;
(b) have adopted secure collaborative processes and controls ensuring the reducing of risks in the delivery of telecommunication services;
(c) be able to redeploy resources for more productive activities;
(d) have adopted a consistent and holistic approach to information security;
(e) be able to improve personnel awareness and morale, and increase public trust.
|X.sup-gisb||ITU-T X.1054 - Supplement on Best practice for implementation of Rec. ITU-T X.1054 | ISO /IEC 27014 on governance of information security - Case of Burkina Faso||To create value, the information should be governed within the organization so as to have a strategic alignment between the objectives of information security and those of the organization. Governance and management of information security should be conducted in complete synergy. The management should be responsible for the operation of information and reporting (idea of responsibility) to the governing body.
To achieve this, the organization can use standards, recommendations and other frameworks whose implementation will encourage its success.
It is in this spirit that the Recommendation ITU-T X.1054 is implemented to the governance of information security of e-Council of Ministers in Burkina Faso.
This approach aims to be a case of best practice in the implementation of Recommendation ITU-T X.1054. Here it is used as part of a unifying project gathering all members of the Government of Burkina Faso (Presidency, Prime Ministry, General Secretariat of Government and the Council of Ministers, all ministries). However, this ITU-T Recommendation could be applied to any type of organization.
|X.sup-gpim||ITU-T X.gpim - Supplement on Code of practice for personally identifiable information protection based on ITU-T X.gpim for telecommunications organizations||The Supplement to X.gpim provides a set of additional controls and implementation guidelines for personally identifiable information (PII) protection, which are not described in Recommendation ITU-T X.gpim | ISO/IEC 29151, but should further be applicable to telecommunications organizations to address the PII protection.
It is intended that telecommunications organizations should use the controls and their associated implementation guidance described in this Supplement as well as those described in Rec. ITU-T X.gpim | ISO/IEC 29151 to address the PII protection.
The Supplement is also applicable to any telecommunication organizations which collect, use, and transfer personally identifiable information as part of information processing.
|X.1500 Amd.9||Overview of cybersecurity information exchange - Amendment 9 - Revised structured cybersecurity information exchange techniques||Amendment 9 to Recommendation ITU-T X.1500 (2011) provides a list of structured cybersecurity information techniques that have been created to be continually updated as these techniques evolve, expand, are newly identified or are replaced. The list follows the outline provided in the body of the Recommendation. This amendment reflects the situation of recommended techniques as of March 2016, including bibliographical references.
|X.1521 (X.cvss)||Common vulnerability scoring system 3.0||Recommendation ITU-T X.1521 on the common vulnerability scoring system (CVSS) provides an open framework for communicating the characteristics and impacts of information and communication technologies (ICT) vulnerabilities in the commercial or open source software used in communications networks, end user devices, or any of the other types of ICT capable of running software. The goal of the Recommendation is to enable ICT managers, vulnerability bulletin providers, security vendors, application vendors and researchers to speak from a common language of scoring ICT vulnerabilities.
|X.cogent||Design considerations for improved end-user perception of trustworthiness indicators||Diverse kinds of attacks employ replicated contents from trustworthy service providers, thereby deceiving end-users into believing its false trustworthiness. Recommendation ITU-T X.cogent describes design consideration for improved end-user perception of trustworthiness indicators. The appendix describes representative techniques for measuring end-user perception of such indicators.
|X.nessa||Access control models for incidents exchange networks||Recommendation ITU-T X.nessa introduces existing approaches for implementing access control policies for incidents exchange networks. Recommendation introduces variety of well-established access control models, sharing models as well as criteria for evaluating incidents exchange networks performance. Standards-based solutions are considered to facilitate implementation of different access control models within different cybersecurity information sharing models and under diverse trust environments.
|X.samtn||Security assessment techniques in telecommunication/ICT networks||Recommendation ITU-T X.samtn describes global security assessment methodology and best practices for developers, manufacturers, operators and end users of the telecommunication domain. Both the traditional circuit-switched networks and the packet-based networks are exposed to different threats and attacks - from external as well as internal sources - that target the various parts of the telecommunications/ICT network. This Recommendation covers the following:
- Detection of vulnerabilities in telecommunications/ICT network
- Methodology of security assessment in telecommunications/ICT network.
|X.sbb||Security capability requirements for countering smartphone-based botnets||Recommendation ITU-T X.sbb provides security capability requirements for countering smartphone-based botnets. It studies the challenges brought forward by smartphone-based botnets, and hence their specific threats to and requirements on the operator's network as well as smartphone themselves. The scope of study focuses on threat analysis and requirement enumeration. The purpose is to safeguard operator's infrastructures and smartphones, ensure operator's services and service qualities, and enhance user experience. Detailed technical solutions, other intelligent terminals such as tablet devices are beyond the scope of this Recommendation.
|X.simef||Session information message exchange format (SIMEF)||Recommendation ITU-T X.simef describes the information model for the session information message exchange format (SIMEF) and provides an associated data model specified with XML schema. SIMEF defines a data model representation for sharing the transport layer session log information regarding the centralized network security management and security information exchange system. The specification of any transport protocol is beyond the scope of this Recommendation.
|X.1247 (X.tfcmm)||Technical framework for countering mobile messaging spam||Mobile messaging spam is proliferating dramatically along with the fast development of mobile messaging services. Unfortunately, no single measure has proved to be the silver bullet against mobile messaging spam. Therefore, it is necessary to establish a practical framework for countering mobile messaging spam. Recommendation ITU-T X.1247 gives an overview of mobile messaging anti-spam processes, and proposes a technical framework for countering mobile messaging spam. Entity functions and processing procedures are specified in this framework. In addition, this Recommendation provides information sharing mechanisms against mobile messaging spam within the anti-spam domain and among anti-spam domains.
|X.cspim||Technical requirements for countering instant messaging spam (SPIM)||Instant messaging is gaining large popularity and the proliferation of instant messaging spam (SPIM) is becoming a serious problem. The characteristics of instant messaging, such as IP-based, free of charge and wide coverage, cause instant messaging spam (SPIM) to spread widely and out of control. If these problems are not carefully solved, it will have very negative impact on the utilization of instant messaging service itself. Recommendation ITU-T X.cspim identifies characteristics of instant messaging spam (SPIM) and then specifies technical requirements for countering instant messaging spam.
|X.gcsfmpd||ITU-T X.1231 - Supplement on guidance of countering spam for mobile phone developers||As the use of mobile phones grows, malicious attackers tend to send spam intentionally to normal users that causes financial problems and privacy issues to the users. This Supplement to Rec. ITU-T X.1231 provides guidance of countering spam for mobile phone developers.
In addition, the following contents are described:
- Security threats on mobile phones with various aspects
- Guidance of countering spam for mobile phone developers.