| Work item | Question | Equiv. Num. | Status | Timing | Approval process | Version | Liaison relationship | Subject / Title | Priority |
| X.1221 (ex X.MVSC) | Q4/17 | | Determined 2026-06-10 | 2027-04 | TAP | New | - | Minimal viable security controls for enterprise-ready applications (MVSC) | Medium |
| X.1239 (ex X.sf-dtea) | Q4/17 | | Determined 2026-06-10 | 2026-06 | TAP | New | - | Security framework for detecting targeted email attacks | Medium |
| X.2106 (ex X.ssc-sa) | Q4/17 | | Determined 2026-06-10 | 2026-06 | TAP | New | ISO/IEC JTC 1/SC 27 WG4 | Guidelines for software supply chain security audit | Medium |
| X.asap | Q4/17 | | Under study | 2028-12 | TAP | New | - | Technical framework and functional requirements for anti-fraud situational awareness platform in telecommunication networks | Medium |
| X.CSSP | Q4/17 | | Under study | 2028-12 | TAP | New | - | Reference framework and application system for cybersecurity simulation platform | Medium |
| X.gcspcc | Q4/17 | | Under study | 2027-09 | TAP | New | - | Guidelines of developing of cybersecurity simulation platform based on cloud computing | Medium |
| X.gpmr | Q4/17 | | Under study | 2027-09 | AAP | New | - | Guidelines and security measures for prevention and mitigation of ransomware | - |
| X.icd-schemas (ex X.ics-schemas) | Q4/17 | | Under study | 2027-09 | TAP | New | OASIS CTI TC; OASIS OpenC2 TC | Vendor agnostic security data schemas for integrated cyber defence solutions | Low |
| X.rcdmu | Q4/17 | | Under study | 2028-Q2 | TAP | New | ISO/IEC JTC1 SC27; IETF; SG13; ETSI; OASIS CTI TC; ICANN | Requirements for collection and detection of malicious URLs in cyber threat analysis | Medium |
| X.sc-sscti | Q4/17 | | Under study | 2027-01 | TAP | New | ISO/IEC JTC1 SC27 WG4 and WG5 | Guidelines on Security Capabilities for Software Supply Chain in the Telecommunications Industry | Medium |
| X.SecaaS-Req | Q4/17 | | Under study | 2027-12 | AAP | New | - | Security requirements in the domain of security as a service | Medium |
| X.sg-cmp | Q4/17 | | Under study | 2028-10 | TAP | New | - | Security guidelines for countering malicious use of proxies in IP spoofing | Medium |
| X.sg-ressso | Q4/17 | | Under study | 2027-09 | AAP | New | - | Security guidelines for reporting email security status to security operations | Medium |
| X.sim-AI | Q4/17 | | Under study | 2027-12 | TAP | New | ISO/IEC JTC 1/SC27 | Guidelines for security incident management of generative artificial intelligence services | Medium |
| X.tg-cmc | Q4/17 | | Under study | 2028-10 | AAP | New | - | Technologies and guidelines to counter malicious API crawlers | Medium |
| X.uspam | Q4/17 | | Under study | 2028-06 | AAP | New | - | Security framework for user-intent-based storage protection against malware attacks | Medium |
| XSTP.epoch | Q4/17 | | Under study | 2026-06 | Agreement | New | FIRST, IETF, ISO/IEC JTC 1 SC27, ETSI TC CYBER, IEEE, National timing authorities (where appropriate) | Technical Paper on Global Coordination Requirements for 2038-class rollover events (including but not limited to 2036, 2038, 2106) | Medium |
| XSTR.da-AIcsp | Q4/17 | | Under study | 2026-09 | Agreement | New | - | Development and analysis of an AI-Based cybersecurity simulation platform | Medium |
| XSTR.e2ecis (ex XSTR.cfscgap) | Q4/17 | | Under study | 2027-12 | Agreement | New | IETF TLS | Impact of End-to-End Encryption on Privacy and Centralization | Medium |
| XSTR.OTT-misuse | Q4/17 | | Under study | 2026-06 | Agreement | New | ITU-T SG2, ITU-T SG11, GSMA, IETF | Technical Report: Security framework for OTT messaging misuse mitigation | Medium |