Committed to connecting the world

ITU 150

ITU-T work programme

Study period:
Study group:
Working party:

Consented between:
Work item:
Base text:
ITU-T A.1 Justification form for proposed new Recommendations
Total found: 85 Page Size:
List viewTabular viewCustomized tab. view
Work itemSubject / TitleSummary
X.TRSM6edTechnical Report Security in telecommunications and information technology - An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications; 6th editionThis technical report provides a broad introduction to the ICT security work of the ITU-T and, more specifically, it summarizes how the ITU-T is responding to global cybersecurity challenges with Recommendations, guidance documents and outreach initiatives. It is primarily directed towards those who have responsibility for, or an interest in, information and communications security and the related standards, as well as those who simply need to gain a better understanding of ICT security issues.
X.gsiisoGuidelines on security of the individual information service for operatorsRecommendation ITU-T X.gsiiso addresses the aspects of security of the information service provided by the telecommunication operators. In the transforming from traditional basic network operator to comprehensive information service provider, the operators expand their services to content service and ICT. The new services not only change the operational models, and they also bring new security issues to be resolved. This Recommendation provides guidelines on security of the individual information service for operators. The scope covers the classification of individual information service, the security requirement, the mechanism, and the coordination.
X.sgmvnoSupplement to ITU-T X.805 Security guideline for mobile virtual network operator (MVNO)A mobile virtual network operator (MVNO) is a mobile communications services provider that does not own mobile network infrastructure. Due to inadequate security experiences and unsubstantial security fundamentals, it is inevitable that MVNOs have to face serious security threats. This supplement to ITU-T X.805 provides security guideline for MVNOs to additional support of Recommendation ITU-T X.805 from MVNO perspective. This supplement also provides the main features of MVNOs and typical threats to MVNOs. Based on the features and threats of MVNOs, this supplement provides the security framework of MVNOs, including security objectives, security requirements, security technologies, and best practices.
X.tigscTechnical implementation guidelines for ITU-T X.805Many organizations in developing countries as well as developed countries may have difficulties in implementing the high-level domains described in Recommendation ITU-T X.805. Recommendation ITU-T X.tigsc is aimed at providing a set of countermeasures to implement the high-level domains. The technical implementation guideline for security countermeasures can be used to improve organizations' security strength with provision of understandable implementation guideline of technical countermeasures. A set of countermeasures or solutions described in this Recommendation ITU-T X.tigsc could assist organizations in managing information security risks and implementing technical domains. The audience of this Recommendation include, but not limited to, those individuals responsible for implementing an organization's information
X.1051revInformation technology - Security techniques - Information security control guidelines based on ISO/IEC 27002 for telecommunications organizationsRecommendation ITU-T X.1051rev defines guidelines supporting the implementation of information security management in telecommunications organizations. Rec. ITU-T X.1051 (2008) | ISO/IEC 27011 (2008): a) establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in telecommunications organizations based on ISO/IEC 27002; b) provides an implementation baseline of information security management within telecommunications organizations to ensure the confidentiality, integrity and availability of telecommunications facilities and services. This revision of X.1051 reflects the major structure and technical revisions of ISO/IEC 27002:2013.
X.gpimInformation technology - Security techniques - Code of practice for personally identifiable information protectionRecommendation ITU-T X.gpim would provide a guideline of management of personal information in the context of telecommunications. It also would define privacy controls and good practices for personal information protection. The objective of this Recommendation would be to provide a common ground for the management of personal information. The Recommendation would be applicable to all relevant departments in a telecommunication organization throughout the life cycle of personal information, i.e. from generation to the destruction. The Recommendation would be also applicable to all types and sizes of telecommunication organizations, which collect, use, process personally identifiable information as part of information processing. It will be developed in line with work of ISO/IEC JTC 1/SC 27/WG 5 in this area. The specific need for protection of personal information specific to telecommunication organizations will be clearly identified in the course of development of this Recommendation.
X.sgsmInformation security management guidelines for small and medium telecommunication organizationsRecommendation ITU-T X.sgsm provides guidelines for establishing and operating information security management for small and medium-sized telecommunication organizations (SMTOs) in the telecommunication industry. It covers some of necessary security controls from ITU-T X.1051 | ISO/IEC 27011 for information security management in the context of small and medium telecommunication organizations without huge cost and human resources to implement its information security management system.
X.sup-gpimSupplement to ITU-T X.gpim Code of practice for personally identifiable information protection based on ITU-T X.gpim for telecommunications organizationsThe Supplement to X.gpim provides a set of additional controls and implementation guidelines for the PII protection, which are not described in Recommendation ITU-T X.gpim | ISO/IEC 29151, but should further be applicable to telecommunications organizations to address the PII protection. It is intended that telecommunications organizations should use the controls and their associated implementation guidance described in this Supplement as well as those described in Rec. ITU-T X.gpim | ISO/IEC 29151 to address the PII protection. The Supplement is also applicable to any telecommunication organizations which collect, use, and transfer personally identifiable information as part of information processing.
X.1500 Amd.7Overview of cybersecurity information exchange - Amendment 7 - Revised structured cybersecurity information exchange techniquesAmendment 7 to Recommendation ITU-T X.1500 (2011) provides a list of structured cybersecurity information techniques that have been created to be continually updated as these techniques evolve, expand, are newly identified or are replaced. The list follows the outline provided in the body of the Recommendation. This amendment reflects the situation of recommended techniques as of April 2015, including bibliographical references.
X.1525 (ex X.cwss)Common weakness scoring systemRecommendation ITU-T X.1525 on the common weakness scoring system (CWSS) provides an open framework for communicating the characteristics and impacts of information and communication technologies (ICT) weaknesses during development of software capabilities. The goal of this Recommendation is to enable ICT software developers, managers, testers, security vendors and service suppliers, buyers, application vendors and researchers to speak from a common language of scoring ICT weaknesses that could manifest as vulnerabilities when the software is used.
X.ceeCommon event expressionRecommendation ITU-T X.cee on common event expression (CEE) standardizes the way computer events are described, logged, and exchanged. By using CEE's common language and syntax, enterprise-wide log management, correlation, aggregation, auditing, and incident handling can be performed more efficiently and produce better results. The primary goal of the effort is to standardize the representation and exchange of logs from electronic systems. CEE breaks the recording and exchanging of logs into three (3) components: profile, log syntax, and log transport.
X.cee.1CEE overviewRecommendation ITU-T X.cee.1 provides a high-level overview of common event expression (CEE) along with details on the overall architecture and introduces each of the CEE components including the CEE Profile, the Core CEE Profile, CEE Log Syntax (CLS), CEE Log Transport (CLT), a common vocabulary and taxonomy for event logging, log serialization, log transport, and log requirements definition. The CEE overview is the first in a collection of documents and specifications, whose combination provides the necessary pieces to create the complete CEE event log standard.
X.cee.2CEE profileRecommendation ITU-T X.cee.2 defines the method for describing a class of event. This specification is one of a collection of related Recommendations, whose combination provides the necessary pieces to create the complete CEE event log standard.
X.cee.3CEE common log syntax (CLS)One component of the common event expression (CEE) architecture is the CEE common log syntax (CLS). CLS presents a common language for expressing event properties in the form of name-value fields. Recommendation ITU-T X.cee.3 allows these details to be encoded using one of several formats, such as XML or structured text, which are designed for compatibility with existing event log protocols. Consistent event records representation allows users and products to use the similar terms to describe the similar events in compatible ways. This Recommendation defines the CLS component of the CEE architecture.
X.cee.4CEE common log transport (CLT) requirementsThe CEE common log transport (CLT) requirements define the capabilities for a log transport protocol. Such protocols enable CEE common log syntax (CLS) encoded event records to be shared between parties in a universal, machine-readable manner. The intent of CLT is to provide guidance and requirements for vendors and end users regarding how event records should be reliably and securely shared.
X.cogentDesign considerations for improved end-user perception of trustworthiness indicatorsDiverse kinds of attacks employ replicated contents from trustworthy service providers, thereby deceiving end-users into believing its false trustworthiness. Recommendation ITU-T X.cogent describes design consideration for improved end-user perception of trustworthiness indicators. The appendix describes representative techniques for measuring end-user perception of such indicators.
X.csmcAn iterative model for cybersecurity operation using CYBEX techniquesRecommendation ITU-T X.csmc provides an iterative model for cybersecurity operation using CYBEX and defines an activity model of cybersecurity operations, with which it provides common terminology of the activities. The common terminology aids in avoiding mis-communication among entities and facilitates communication and collaboration among entities.
X.sbbSecurity capability requirements for countering smartphone-based botnetsARecommendation ITU-T X.sbb is to provide security capability requirements for countering smartphone-based botnets. The intent of the work item is to study the challenges brought forward by smartphone-based botnets, and hence their specific threats to and requirements on the operator's network as well as smartphone themselves. The scope of study will focus on threat analysis and requirement enumeration. The purpose is to safeguard operator's infrastructures and smartphones, ensure operator's services and service qualities, and enhance user experience. Detailed technical solutions, other intelligent terminals such as tablet devices are beyond the scope of this work item.
X.simefSession information message exchange format (SIMEF)Recommendation ITU-T X.simef describes the information model for the session information message exchange format (SIMEF) and provides an associated data model specified with XML schema. SIMEF defines a data model representation for sharing the transport layer session log information regarding the centralized network security management and security information exchange system. The specification of any transport protocol is beyond the scope of this Recommendation.
X.cspimTechnical requirements for countering instant messaging spam (SPIM)Instant messaging is gaining large popularity and the proliferation of instant messaging spam (SPIM) is becoming a serious problem. The characteristics of instant messaging, such as IP-based, free of charge and wide coverage, cause instant messaging spam (SPIM) spread widely and are out of control. If these problems are not carefully solved, it will have very negative impact on the utilization of instant messaging service itself. This Recommendation identifies characteristics of instant messaging spam (SPIM) and then specifies technical requirements for countering instant messaging spam.