March 2026: New Security Standards Enhance RFID in Information Technology

Security for RFID deployments in the Information Technology and Office Equipment sector is experiencing a significant boost with the release of five crucial ISO/IEC standards in March 2026. These updates, covering new cryptographic suites and conformance test methods, aim to tackle evolving cybersecurity threats and enhance data integrity across automatic identification systems. Spanning both mandatory functions and advanced encryption protocols, the standards provide a comprehensive toolkit for engineers, systems architects, and compliance officers managing RFID technology.

Overview / Introduction

The Information Technology and Office Equipment industry relies heavily on secure, reliable data exchange, particularly as RFID (Radio Frequency Identification) becomes foundational for asset management, logistics, authentication, and access control. International standards play a pivotal role in guaranteeing not only interoperability, but also resilience against security breaches and unauthorized access.

March 2026 brings forward five key standards focused on cryptographic methods, test compliance, and security protocols for RFID technologies:

• ISO/IEC 19823-21:2026 (SIMON conformance test methods)
• ISO/IEC 19823-22:2026 (SPECK conformance test methods)
• ISO/IEC 29167-10:2026 (AES-128 security services)
• ISO/IEC 29167-13:2026 (Grain-128A security services)
• ISO/IEC 29167-21:2026 (SIMON security services)

This news article dives into the practical requirements, technical changes, and strategic impact of these international publications.

Detailed Standards Coverage

ISO/IEC 19823-21:2026 - Conformance Test Methods: Crypto Suite SIMON

Information technology — Conformance test methods for security service crypto suites — Part 21: Crypto suite SIMON

This standard introduces rigorous test methods for evaluating the implementation of the SIMON cryptographic suite, as defined in ISO/IEC 29167-21. Its primary focus lies in verifying that RFID Tags and Interrogators operating under the ISO/IEC 18000 series comply with all mandatory functions of the SIMON algorithm.

Scope and Requirements:

• Applicable to RFID devices leveraging SIMON-based security for air interface communications.
• Enumerates mandatory conformance tests for Tag authentication, Interrogator authentication, mutual authentication, and secure communication.
• Specifies whether tests are to be performed "by design" (technical analysis) or "by demonstration" (lab verification), aligning with ISO/IEC 17025.

Target Audience:

• RFID tag/interrogator manufacturers,
• Certification labs,
• Quality and compliance professionals.

Practical Implications:

• Ensures manufacturers’ products conform to state-of-the-art cryptographic implementations.
• Facilitates accurate, repeatable lab tests, which are crucial for global interoperability.

Key highlights:

• Updates test items reflecting changes in the over-the-air RFID protocol
• Covers all mandatory and various optional cryptographic features
• Harmonizes with broader conformance testing in the ISO/IEC 19823 and 18047 series

Access the full standard:View ISO/IEC 19823-21:2026 on iTeh Standards

ISO/IEC 19823-22:2026 - Conformance Test Methods: Crypto Suite SPECK

Information technology — Conformance test methods for security service crypto suites — Part 22: Crypto suite SPECK

ISO/IEC 19823-22:2026 delivers conformance test methods tailored for the SPECK cryptographic suite (ISO/IEC 29167-22) utilized in RFID Tags and Interrogators. It ensures that RFID devices meet the required SPECK algorithm functions, crucial for secure, resilient communications.

Scope and Requirements:

• Outlines laboratory and design-based conformance procedures specific to SPECK implementations.
• Encompasses Tag and Interrogator authentication, mutual authentication, and secure messaging.
• Requires testing with the Authenticate and SecureComm commands as per ISO/IEC 18000-63.

Target Audience:

• RFID device suppliers,
• Security evaluators,
• System integrators.

Practical Implications:

• Provides confidence for buyers and users regarding the integrity of RFID security features.
• Supports international certification and streamlines the compliance process.

Key highlights:

• Incorporates the latest protocol adjustments for over-the-air communication
• Mandates robust documentation and reporting for audit purposes
• Integrates seamlessly with the conformance ecosystem in the ISO/IEC 19823 family

Access the full standard:View ISO/IEC 19823-22:2026 on iTeh Standards

ISO/IEC 29167-10:2026 - AES-128 Security Services for RFID

Information technology — Automatic identification and data capture techniques — Part 10: Crypto suite AES-128 security services for air interface communications

This updated part of the ISO/IEC 29167 series prescribes robust AES-128 encryption for secure RFID air interface communications, protecting against eavesdropping, cloning, and unauthorized access.

Scope and Requirements:

• Specifies use of Advanced Encryption Standard (AES) with a fixed 128-bit key size (AES-128)
• Details mechanisms for Tag and Interrogator authentication, authenticated/encrypted memory access, and mutual authentication
• Allows devices to support full or selected subsets of available options, fostering flexible deployments

Target Audience:

• IT security architects,
• RFID infrastructure planners,
• Product managers in sectors such as supply chain, retail, or healthcare.

Practical Implications:

• Guarantees the integrity of data exchanges between RFID tags and readers/interrogators
• Supports secure writing to and reading from the RFID tag’s protected memory regions
• Enables mutual authentication for heightened security

Key highlights:

• Fully updated error handling and protocol clauses aligned with the latest RFID standards
• Includes implementation examples, test vectors, and state mapping diagrams
• Facilitates global adoption of standardized, government-grade encryption on RFID devices

Access the full standard:View ISO/IEC 29167-10:2026 on iTeh Standards

ISO/IEC 29167-13:2026 - Grain-128A Security Suite for RFID

Information technology — Automatic identification and data capture techniques — Part 13: Crypto suite Grain-128A security services for air interface communications

This international standard outlines security services using the lightweight stream cipher Grain-128A for RFID tags and readers, designed for constrained hardware environments requiring efficient, low-power encryption.

Scope and Requirements:

• Enables a range of authentication schemes, including Tag-only, Interrogator-only, and mutual authentication
• Applicable to RFID solutions in logistics, industrial automation, and retail environments
• Supports deployment flexibility—manufacturers can implement only the necessary security services per their use case

Target Audience:

• Manufacturers of RFID chips/modules,
• Solution integrators focusing on lightweight cryptography,
• Procurement specialists seeking assured secure supply chains.

Practical Implications:

• Delivers robust security in resource-constrained hardware, preserving fast response times
• Promotes streamlined regulatory compliance, thanks to aligned error handling and command protocols

Key highlights:

• Strengthened cipher components to resist known cryptanalysis attacks
• Flexible implementation to match device and application requirements
• Fully rewritten Annexes for modern protocol support and error management

Access the full standard:View ISO/IEC 29167-13:2026 on iTeh Standards

ISO/IEC 29167-21:2026 - SIMON Crypto Suite Security for RFID

Information technology — Automatic identification and data capture techniques — Part 21: Crypto suite SIMON security services for air interface communications

This standard delivers detailed specifications for the SIMON lightweight block cipher, supporting several block/key length pairings to cater to different security-performance needs within RFID-based identification systems.

Scope and Requirements:

• Specifies symmetric block cipher operations, selectable at deployment (supported lengths: 64/96, 96/96, 64/128, 128/128, 128/256 bits)
• Offers authentication and secure messaging for RFID Tag and Interrogator communication
• Recommends adoption for all organizations requiring both high security and cost-effective performance

Target Audience:

• Designers of secure IoT and RFID systems,
• Standards and regulatory compliance officers,
• Device firmware/software developers.

Practical Implications:

• Empowers organizations to tune security for each deployment, from supply chain tracking to secure access
• Backed by normative error handling, state diagrams, and crypto protocols for straightforward integration

Key highlights:

• Upgraded protocol-specific information to reflect the latest over-the-air standards
• Multiple block/key size options for flexible deployments
• Rigorous compatibility with global cryptographic security frameworks

Access the full standard:View ISO/IEC 29167-21:2026 on iTeh Standards

Industry Impact & Compliance

Business Impact

These new standards enhance the robustness of RFID deployments by imposing internationally recognized security requirements. Organizations deploying or manufacturing RFID-based hardware and systems will benefit from:

• Improved resistance to unauthorized access, eavesdropping, and cloning
• Standardized processes for authentication and encrypted communication
• Greater customer and regulatory trust through compliance with globally respected benchmarks

Compliance Considerations

To maintain market access and meet contractual requirements, manufacturers and service providers must:

1. Review and understand the mandatory and optional functions addressed by each standard
2. Update their security policies and RFID implementations, ensuring testability and documentation
3. Leverage accredited laboratories for conformance testing, as per ISO/IEC 17025 and related requirements
4. Monitor compliance timelines, as new or revised standards may become mandatory in procurement specifications or regulatory frameworks

Benefits of prompt adoption:

• Ability to access international markets with assured product compliance
• Reduced risk of costly security breaches or penalties for non-compliance
• Streamlined certification and audit cycles

Risks of non-compliance:

• Loss of business due to failed tenders, audits, or certifications
• Increased vulnerability to targeted attacks
• Reputational harm resulting from non-standard security implementations

Technical Insights

Common Requirements Across the Standards

• Emphasis on symmetric block ciphers and lightweight stream ciphers for efficient, scalable security
• Support for both "by design" (documentation and analysis) and "by demonstration" (practical lab testing) verification methods
• Parameterization of block/key sizes and cipher/communication options, allowing scale to multiple application needs
• Compatibility with broader conformance and performance assessment families, including ISO/IEC 18047 and 18046

Implementation Best Practices

Engineers and compliance managers should:

• Clearly document which cryptographic services are implemented and supported on each device
• Maintain comprehensive test plans and records to facilitate rapid, low-friction audits
• Analyze protocol error handling with the assistance of the normative annexes in each standard
• Choose cipher suites (e.g., AES-128, Grain-128A, SIMON, SPECK) based on a careful risk assessment—balancing security, hardware cost, and performance needs

Testing and Certification

• Utilize accredited labs that follow ISO/IEC 17025 for all mandatory and selected optional conformance tests
• Integrate test vectors and reference implementations provided in the standards for validation
• Monitor updates in these and related standards to keep all solutions current with the latest security threats and technological advancements

Conclusion / Next Steps

March 2026 marks a pivotal month for Information Technology professionals working with RFID and automatic identification. With these five new ISO/IEC standards, organizations are equipped to deliver security, reliability, and compliance at scale—across industries as diverse as manufacturing, retail, healthcare, and logistics.

Key takeaways:

• The standards cover a wide array of RFID security functions, from authentication to encrypted communication, tailored to various risk environments.
• Successful adoption requires collaboration between product development, compliance, and testing teams.
• Regular review, testing, and documentation are essential to meet both customer expectations and legal requirements.

Recommendation: Review the full text of each standard (available via iTeh Standards) and consult with your compliance and engineering teams to plan for swift, effective implementation. Staying at the forefront of RFID security not only protects your organization’s data and reputation, but also ensures continued competitiveness in a rapidly evolving digital marketplace.