iTeh Standards logo
EURUSD
Your shopping cart is empty.

35.030 - IT Security

ICS 35.030 Details

IT Security

Sécurité des technologies de l’information

Informacijska varnost

General Information

Parent
35 - INFORMATION TECHNOLOGY

e-Library Subscription

Create subscription and get permanent access to documents within 35.030 - IT Security

Type
Monthly Subscription
for
seat
×
$ 249.45
$ 249.45

Currently subscription includes documents marked with .We are working on making all documents available within the subscription.

Standardization Organization
Technical Committee
Directive
Mandate
50
ISO
ISO/IEC 29192-1:2012/Amd 1:2025(Amendment)
Information technology — Security techniques — Lightweight cryptography — Part 1: General — Amendment 1
  • Standard
    2 pages
    English language
    sale 15% off
ISO
ISO/IEC 27566-1:2025(Main)
Information security, cybersecurity and privacy protection — Age assurance systems — Part 1: Framework

This document establishes a framework for age assurance systems and describes their core characteristics, including privacy and security, for enabling age-related eligibility decisions.

  • Standard
    29 pages
    English language
    sale 15% off
CEN
EN ISO/IEC 27019:2025(Main)
Information security, cybersecurity and privacy protection - Information security controls for the energy utility industry (ISO/IEC 27019:2024)
SIST EN ISO/IEC 27019:2026

This document provides information security controls for the energy utility industry, based on ISO/IEC 27002:2022, for controlling and monitoring the production or generation, transmission, storage and distribution of electric power, gas, oil and heat, and for the control of associated supporting processes.

  • Draft
    47 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 19896-1:2025(Main)
Information security, cybersecurity and privacy protection - Requirements for the competence of IT security conformance assessment body personnel - Part 1: Overview and concepts (ISO/IEC 19896-1:2025)
SIST EN ISO/IEC 19896-1:2026

This document establishes an organized set of concepts and relationships to understand the competency requirements for information security conformance-testing and evaluation specialists, thereby establishing a basis for shared understanding of the concepts and principles central to the ISO/IEC 19896 series across its user communities.

  • Draft
    16 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TR 18241:2025(Main)
Privacy management in products and services - Biometric access control products and services
SIST-TP CEN/TR 18241:2026

This document contains recommendations on how to integrate the principle of ‘data protection and privacy by design’
during the entire lifecycle of biometric access-control products and services, in order to achieve ‘data protection and
privacy by default’.
Biometric facial recognition for access control is covered by this document. Biometric facial recognition for surveillance is
covered by CEN/CLC/JTC 13 TR ‘Video surveillance’.
This document specifies recommendations for the management of data protection and privacy by design in biometricaccess-
control products and services. This document extends ISO/IEC 27552. This document applies to aspects of data
protection and privacy by design. This document is not applicable to non-biometric aspects of access control, or to aspects
not relating to data protection or privacy.

  • Draft
    12 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 19896-3:2025(Main)
Information security, cybersecurity and privacy protection - Requirements for the competence of IT security conformance assessment body personnel - Part 3: Knowledge and skills requirements for evaluators and reviewers according to the ISO/IEC 15408 series and ISO/IEC 18045 (ISO/IEC 19896-3:2025)
SIST EN ISO/IEC 19896-3:2026

This document provides the specialized requirements for individuals to demonstrate competence in performing IT product security evaluations and reviews according to the ISO/IEC 15408 series and ISO/IEC 18045.
NOTE            It is possible that evaluators and testers belong to bodies operating under ISO/IEC 17025 and reviewers belong to bodies operating under ISO/IEC 17065.

  • Draft
    49 pages
    English language
    sale 10% off
    e-Library read for
    1 day
ISO
ISO/IEC 19896-3:2025(Main)
Information security, cybersecurity and privacy protection — Requirements for the competence of IT security conformance assessment body personnel — Part 3: Knowledge and skills requirements for evaluators and reviewers according to the ISO/IEC 15408 series and ISO/IEC 18045

This document provides the specialized requirements for individuals to demonstrate competence in performing IT product security evaluations and reviews according to the ISO/IEC 15408 series and ISO/IEC 18045. NOTE It is possible that evaluators and testers belong to bodies operating under ISO/IEC 17025 and reviewers belong to bodies operating under ISO/IEC 17065.

  • Standard
    46 pages
    English language
    sale 15% off
  • Standard
    48 pages
    French language
    sale 15% off
ISO
ISO/IEC 19896-1:2025(Main)
Information security, cybersecurity and privacy protection — Requirements for the competence of IT security conformance assessment body personnel — Part 1: Overview and concepts

This document establishes an organized set of concepts and relationships to understand the competency requirements for information security conformance-testing and evaluation specialists, thereby establishing a basis for shared understanding of the concepts and principles central to the ISO/IEC 19896 series across its user communities.

  • Standard
    12 pages
    English language
    sale 15% off
  • Standard
    13 pages
    French language
    sale 15% off
SIST
SIST EN ISO/IEC 27701:2025(Main)
Information security, cybersecurity and privacy protection - Privacy information management systems - Requirements and guidance (ISO/IEC 27701:2025)
EN ISO/IEC 27701:2025

This document specifies requirements for establishing, implementing, maintaining and continually improving a privacy information management system (PIMS).
Guidance is also provided to assist in the implementation of the requirements in this document.
This document is intended for personally identifiable information (PII) controllers and PII processors holding responsibility and accountability for PII processing.
This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations.

  • Standard
    73 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO/IEC 27706:2025(Main)
Information security, cybersecurity and privacy protection - Requirements for bodies providing audit and certification of privacy information management systems (ISO/IEC 27706:2025)
EN ISO/IEC 27706:2025

This document specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701, in addition to the requirements contained within ISO/IEC 17021-1.
The requirements contained in this document are demonstrated in terms of competence and reliability by bodies providing PIMS certification. The guidance contained in this document provides additional interpretation of these requirements for bodies providing PIMS certification.
NOTE       This document can be used as a criteria document for accreditation, peer assessment or other audit processes.

  • Standard
    33 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 27701:2025(Main)
Information security, cybersecurity and privacy protection - Privacy information management systems - Requirements and guidance (ISO/IEC 27701:2025)
SIST EN ISO/IEC 27701:2025

This document specifies requirements for establishing, implementing, maintaining and continually improving a privacy information management system (PIMS).
Guidance is also provided to assist in the implementation of the requirements in this document.
This document is intended for personally identifiable information (PII) controllers and PII processors holding responsibility and accountability for PII processing.
This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations.

  • Standard
    73 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 27706:2025(Main)
Information security, cybersecurity and privacy protection - Requirements for bodies providing audit and certification of privacy information management systems (ISO/IEC 27706:2025)
SIST EN ISO/IEC 27706:2025

This document specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701, in addition to the requirements contained within ISO/IEC 17021-1.
The requirements contained in this document are demonstrated in terms of competence and reliability by bodies providing PIMS certification. The guidance contained in this document provides additional interpretation of these requirements for bodies providing PIMS certification.
NOTE       This document can be used as a criteria document for accreditation, peer assessment or other audit processes.

  • Standard
    33 pages
    English language
    sale 10% off
    e-Library read for
    1 day
ISO
ISO/IEC 27404:2025(Main)
Cybersecurity — IoT security and privacy — Cybersecurity labelling framework for consumer IoT

This document defines a cybersecurity labelling framework for the development and implementation of cybersecurity labelling programmes for consumer Internet of things (IoT) products. It provides requirements and guidance on the following topics: — risks and threats associated with consumer IoT products; — stakeholders, roles and responsibilities; — relevant standards and guidance documents; — conformity assessment; — labelling issuance and maintenance; — mutual recognition. This document is limited to consumer IoT products, such as: — IoT gateways, base stations and hubs to which multiple devices connect; smart cameras, televisions, and speakers; — wearable devices; — connected smoke detectors, door locks and window sensors; — connected home automation and alarm systems; — connected appliances, such as washing machines and fridges; — smart home assistants; and — connected children’s toys and baby monitors. Products that are not intended for consumer use are excluded from this document. Examples of excluded devices are those that are primarily intended for manufacturing, healthcare and other industrial purposes. This document is applicable to consumers, developers, issuing bodies of cybersecurity labels and conformity assessment bodies.

  • Standard
    63 pages
    English language
    sale 15% off
ISO
ISO/IEC 27706:2025(Main)
Information security, cybersecurity and privacy protection — Requirements for bodies providing audit and certification of privacy information management systems

This document specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701, in addition to the requirements contained within ISO/IEC 17021-1. The requirements contained in this document are demonstrated in terms of competence and reliability by bodies providing PIMS certification. The guidance contained in this document provides additional interpretation of these requirements for bodies providing PIMS certification. NOTE This document can be used as a criteria document for accreditation, peer assessment or other audit processes.

  • Standard
    24 pages
    English language
    sale 15% off
  • Standard
    25 pages
    French language
    sale 15% off
ISO
ISO/IEC 27701:2025(Main)
Information security, cybersecurity and privacy protection — Privacy information management systems — Requirements and guidance

This document specifies requirements for establishing, implementing, maintaining and continually improving a privacy information management system (PIMS). Guidance is also provided to assist in the implementation of the requirements in this document. This document is intended for personally identifiable information (PII) controllers and PII processors holding responsibility and accountability for PII processing. This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations.

  • Standard
    64 pages
    English language
    sale 15% off
  • Standard
    71 pages
    French language
    sale 15% off
ISO
IEC/TS 81001-2-2:2025(Main)
Health software and health IT systems safety, effectiveness and security — Part 2-2: Guidance for the implementation, disclosure and communication of security needs, risks and controls

This document presents an informative set of common, high-level security-related capabilities and additional considerations to be used across the life cycle of health software and health IT systems, for the information exchange between the health software manufacturers (including medical device manufacturers), healthcare delivery organizations (HDOs) and other stakeholders. It is applicable to health software running on any platform and in any environment such as cloud, on premise or hybrid. While important security topics, the following are outside the scope of this document: a) the security policies of the HDO, b) the product and services security policies of the manufacturer, c) determinations of risk tolerance by the HDO or manufacturer, and d) clinical studies where there is a need to secure personal data. As security risks can be caused by any product on health IT systems and health IT Infrastructure, considerations in this document can be applied for other products that are not health software. IEC TS 81001-2-2:2025 withdraws and replaces: – IEC TR 80001-2-2, Application of risk management for IT-networks incorporating medical devices – Part 2-2: Guidance for the communication of medical device security needs, risks and controls – IEC TR 80001-2-8, Application of risk management for IT-networks incorporating medical devices – Part 2-8: Application guidance – Guidance on standards for establishing the security capabilities identified in IEC TR 80001-2-2 This document includes the following significant changes: a) Combines and updates the contents of IEC TR 80001-2-2 and IEC TR 80001-2-8; b) Extends the scope to health software instead to only medical device software; c) Aligns contents and definitions to ISO 81001-1:2021 and the updated IEC 80001-1; d) Removed the Configuration of Security Features (CNFS) capability, as any configurable security capability shall be clearly communicated. e) Provide security control mappings to several new standards, e.g. IEC TR 60601-4-5, IEC 62443-4-2, ISO/IEEE 11073-40102 and the recent versions of previous standards, e.g. ISO/IEC 27002 and NIST 800-53 version 5.

  • Technical specification
    96 pages
    English language
    sale 15% off
ISO
ISO/IEC 19823-11:2025(Main)
Information technology — Conformance test methods for security service crypto suites — Part 11: Crypto suite PRESENT-80

This document specifies methods for determining conformance to the security crypto suite defined in ISO/IEC 29167-11. This document contains conformance tests for all mandatory functions. Unless otherwise specified, the tests in this document are intended to be applied exclusively to RFID tags and interrogators defined in the ISO/IEC 18000 series using ISO/IEC 29167-11.

  • Standard
    10 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 27564:2025(Main)
Privacy protection — Guidance on the use of models for privacy engineering

This document provides guidance on how to use modelling in privacy engineering. It describes categories of models that can be used, the use of modelling to support engineering, and the relationships with other references, including International Standards on privacy engineering and on modelling. It provides high-level use cases describing how models are used.

  • Technical specification
    32 pages
    English language
    sale 15% off
ISO
ISO/IEC 24760-2:2025(Main)
Information security, cybersecurity and privacy protection — A framework for identity management — Part 2: Reference architecture and requirements

This document: — provides guidelines for the implementation of systems for the management of identity information; — specifies requirements for the implementation and operation of a framework for identity management; — is applicable to any information system where information relating to identity is processed or stored; — is considered to be a horizontal document for the following reasons: ¾ it applies concepts such as distinguishing the term “identity” from the term “identifier” on the implementation of systems for the management of identity information and on the requirements for the implementation and operation of a framework for identity management, ¾ it provides an important contribution to assess identity management systems with regard to their privacy-friendliness and their ability to assure the relevant attributes of an identity, and consequently it provides a foundation and a common understanding for any other standard addressing identity, identity information, and identity management.

  • Standard
    46 pages
    English language
    sale 15% off
ISO
ISO/IEC 24760-1:2025(Main)
Information security, cybersecurity and privacy protection — A framework for identity management — Part 1: Core concepts and terminology

This document: — defines terms for identity management and specifies core concepts of identity and identity management, and their relationships; — is applicable to any information system where information relating to identity is processed or stored; — is considered to be a horizontal document for the following reasons: ¾ it applies concepts such as distinguishing the term “identity” from the term “identifier” on the implementation of systems for the management of identity information and on the requirements for the implementation and operation of a framework for identity management, ¾ it provides an important contribution to assess identity management systems with regard to their privacy-friendliness and their ability to assure the relevant attributes of an identity, and consequently it provides a foundation and a common understanding for any other standard addressing identity, identity information, and identity management.

  • Standard
    23 pages
    English language
    sale 15% off
ISO
ISO/IEC 24760-3:2025(Main)
Information security, cybersecurity and privacy protection — A framework for identity management — Part 3: Practice

This document: — provides requirements and guidance for the management of identity information and for ensuring that an identity management system conforms to ISO/IEC 24760-1 and ISO/IEC 24760-2; — is applicable to any information system where information relating to identity is processed or stored; — is considered to be a horizontal document for the following reasons: — it applies concepts such as distinguishing the term “identity” from the term “identifier” on the implementation of systems for the management of identity information and on the requirements for the implementation and operation of a framework for identity management, — it provides an important contribution to assess identity management systems with regard to their privacy-friendliness and their ability to assure the relevant attributes of an identity, and consequently it provides a foundation and a common understanding for any other standard addressing identity, identity information, and identity management.

  • Standard
    31 pages
    English language
    sale 15% off
ISO
ISO/IEC 27018:2025(Main)
Information security, cybersecurity and privacy protection — Guidelines for protection of personally identifiable information (PII) in public clouds acting as PII processors

This document establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect personally identifiable information (PII) in line with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. In particular, this document specifies guidelines based on ISO/IEC 27002:2022, taking into consideration the regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services. This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations. The guidelines in this document can also be relevant to organizations acting as PII controllers.

  • Standard
    35 pages
    English language
    sale 15% off
ISO
ISO/IEC 20059:2025(Main)
Information technology — Methodologies to evaluate the resistance of biometric systems to morphing attacks

This document establishes a methodology to evaluate the resistance of BSs to morphing attacks, including multiple identity attacks. The document is limited to image-based morphing attacks. The term "image-based" includes modalities such as face, iris and finger image data. The document establishes: — a definition of biometric sample modifications and manipulation with a specific focus on manipulations that constitute a multiple identity attack. This can be, for instance, an enrolment attack with face image morphing; — a methodology to measure the morphing attack potential of a morphing method. The document also describes how morphing algorithms can be used for system evaluation.

  • Standard
    16 pages
    English language
    sale 15% off
SIST
SIST EN 319 421 V1.3.1:2025(Main)
Electronic Signatures and Trust Infrastructures (ESI) - Policy and Security Requirements for Trust Service Providers issuing Time-Stamps
ETSI EN 319 421 V1.3.1 (2025-07)

The present document specifies policy and security requirements relating to the operation and management practices of TSPs issuing time-stamps. These policy requirements are applicable to TSPs issuing time-stamps. Such time-stamps can be used in support of digital signatures or for any application requiring to prove that a datum existed before a particular time. The present document can be used by independent bodies as the basis for confirming that a TSP can be trusted for issuing time-stamps. The present document does not specify protocols used to access the TSUs.
NOTE 1: A time-stamping protocol is defined in IETF RFC 3161 [i.2] including optional update in IETF RFC 5816 [i.3] and profiled in ETSI EN 319 422 [5].
The present document does not specify how the requirements identified can be assessed by an independent party, including requirements for information to be made available to such independent assessors, or requirements on such assessors.
NOTE 2: See ETSI EN 319 403-1 [i.9] for guidance on assessment of TSP's processes and services.
NOTE 3: The present document references ETSI EN 319 401 [4] for general policy requirements common to all classes of TSP's services.

  • Standard
    33 pages
    English language
    sale 15% off
  • Standard
    34 pages
    English language
    sale 15% off
  • Standard
    34 pages
    English language
    sale 15% off
  • Standard
    34 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 319 142-2 V1.2.1:2025(Main)
Electronic Signatures and Trust Infrastructures (ESI) - PAdES digital signatures - Part 2: Additional PAdES signatures profiles
ETSI EN 319 142-2 V1.2.1 (2025-07)

The present document defines multiple profiles for PAdES digital signatures which are digital signatures embedded within a PDF file.
The present document contains a profile for the use of PDF signatures, as described in ISO 32000-2 [1] and based on CMS digital signatures [i.6], that enables greater interoperability for PDF signatures by providing additional restrictions beyond those of ISO 32000-2 [1]. This first profile is not related to ETSI EN 319 142-1 [4].
The present document also contains a second set of profiles that extend the scope of the profile in ETSI EN 319 142-1 [4], while keeping some features that enhance interoperability of PAdES signatures. These profiles define three levels of PAdES extended signatures addressing incremental requirements to maintain the validity of the
signatures over the long term, in a way that a certain level always addresses all the requirements addressed at levels that are below it. These PAdES extended signatures offer a higher degree of optionality than the PAdES baseline signatures specified in ETSI EN 319 142-1 [4]. The present document also defines a third profile for usage of an arbitrary XML document signed with XAdES signatures that is embedded within a PDF file. The profiles defined in the present document provide equivalent requirements to profiles found in ETSI TS 102 778 [i.10]. Procedures for creation, augmentation, and validation of PAdES digital signatures are out of scope and specified in ETSI EN 319 102-1 [i.11]. Guidance on creation, augmentation and validation of PAdES digital signatures including the usage of the different attributes is provided in ETSI TR 119 100 [i.9]. The present document does not repeat the base requirements of the referenced standards, but instead aims to maximize interoperability of digital signatures in various business areas.

  • Standard
    32 pages
    English language
    sale 15% off
  • Standard
    32 pages
    English language
    sale 15% off
  • Standard
    32 pages
    English language
    sale 10% off
    e-Library read for
    1 day
ISO
ISO/IEC 27553-2:2025(Main)
Information security, cybersecurity and privacy protection — Security and privacy requirements for authentication using biometrics on mobile devices — Part 2: Remote modes

This document provides high-level security and privacy requirements for authentication using biometrics on mobile devices, in particular, for functional components, communication, storage and remote processing. This document is applicable to remote modes, i.e. the cases where: — the biometric sample is captured through mobile devices, and — the biometric data or derived biometric data are transmitted between the mobile devices and the remote services in either or both directions. The following are out of scope of this document: — the cases where the biometric data or derived biometric data never leave the mobile devices (i.e. local modes), — the preliminary steps for biometric enrolment before authentication procedure, and — the use of biometric identification as part of the authentication.

  • Standard
    39 pages
    English language
    sale 15% off
ISO
ISO/TS 24574:2025(Main)
Document management applications — Specification for a digital safe

This document specifies the minimum functional requirements of digital safe software in order to ensure the integrity, confidentiality and availability of the digital objects it stores. This document does not address system environments for the operation of the digital safe, such as physical security (fire extinguishing systems, armoured doors, presence detectors, etc.), power supply security (generators and transformers) or telecommunication lines.

  • Technical specification
    21 pages
    English language
    sale 15% off
ISO
ISO/IEC 19792:2025(Main)
Information security, cybersecurity and privacy protection — General principles, requirements and guidance for security evaluation of biometric systems

This document specifies general principles, requirements and guidance for a security evaluation of a biometric system. This document provides an overview of the main biometric-specific aspects, i.e. recognition performance, presentation attack detection and privacy, and specifies principles to consider for the security evaluation of a biometric system. This document does not address the non-biometric aspects which can form part of the overall security evaluation of a system using biometric technology (e.g. requirements on databases or communication channels).

  • Standard
    25 pages
    English language
    sale 15% off
ISO
ISO/IEC 25389:2025(Main)
Information technology — The safe framework

This document provides a framework of recommendations for organizations that offer a public-facing digital product or service for which they conduct trust and safety operations to control or manage content- and conduct-related risks. This document also includes recommendations for assessing the implementation of practices for addressing content- and conduct-related risks.

  • Standard
    26 pages
    English language
    sale 15% off
SIST
SIST EN 319 412-1 V1.6.1:2025(Main)
Electronic Signatures and Trust Infrastructures (ESI) - Certificate Profiles - Part 1: Overview and common data structures
ETSI EN 319 412-1 V1.6.1 (2025-06)

The present document provides an overview of the Recommendation ITU-T X.509 | ISO/IEC 9594-8 [i.3] based
certificate profiles and the statements for EU Qualified Certificates specified in other parts of ETSI EN 319 412 ([i.4] to
[i.7]). It specifies common data structures that are referenced from other parts of ETSI EN 319 412 ([i.4] to [i.7]).
The profiles specified in this multi-part deliverable aim to support both Regulation (EU) No 910/2014 [i.9] and the use
of certificates in a wider international context. Within the European context, it aims to support both EU Qualified
Certificates and other forms of certificate.

  • Standard
    17 pages
    English language
    sale 15% off
  • Standard
    17 pages
    English language
    sale 15% off
  • Standard
    17 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 319 412-4 V1.4.1:2025(Main)
Electronic Signatures and Trust Infrastructures (ESI) - Certificate Profiles - Part 4: Certificate profile for web site certificates
ETSI EN 319 412-4 V1.4.1 (2025-06)

The present document specifies a certificate profile for web site certificates that are accessed by the TLS protocol [i.1].
The profile defined in the present document builds on the CA/Browser Forum Baseline requirements [2], Extended
validation guidelines [3] and other parts of the present multi-part deliverable.
The present document focuses on requirements on certificate content. Requirements on decoding and processing rules
are limited to aspects required to process certificate content defined in the present document. Further processing
requirements are only specified for cases where it adds information that is necessary for the sake of interoperability.
This profile can be used for legal and natural persons. For certificates issued to legal persons, the profile builds on the
CA/Browser Forum EV Profile [3] or baseline requirements [2]. For certificates issued to natural persons, the profile
builds only on CA/Browser Forum baseline requirements [2].

  • Standard
    12 pages
    English language
    sale 15% off
  • Standard
    12 pages
    English language
    sale 15% off
  • Standard
    12 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 319 412-2 V2.4.1:2025(Main)
Electronic Signatures and Trust Infrastructures (ESI) - Certificate Profiles - Part 2: Certificate profile for certificates issued to natural persons
ETSI EN 319 412-2 V2.4.1 (2025-06)

The present document specifies requirements on the content of certificates issued to natural persons. This profile builds
on IETF RFC 5280 [1] for generic profiling of Recommendation ITU-T X.509 | ISO/IEC 9594-8 [i.3].
This profile supports the requirements of EU Qualified Certificates as specified in the Regulation (EU)
No 910/2014 [i.5] as well as other forms of certificate. The scope of the present document is primary limited to
facilitate interoperable processing and display of certificate information. This profile therefore excludes support for
some certificate information content options, which can be perfectly valid in a local context but which are not regarded
as relevant or suitable for use in widely deployed applications.
The present document focuses on requirements on certificate content. Requirements on decoding and processing rules
are limited to aspects required to process certificate content defined in the present document. Further processing
requirements are only specified for cases where it adds information that is necessary for the sake of interoperability.
Certain applications or protocols impose specific requirements on certificate content. The present document is based on
the assumption that these requirements are adequately defined by the respective application or protocol. It is therefore
outside the scope of the present document to specify such application or protocol specific certificate content

  • Standard
    16 pages
    English language
    sale 15% off
  • Standard
    16 pages
    English language
    sale 15% off
  • Standard
    16 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 319 412-5 V2.5.1:2025(Main)
Electronic Signatures and Trust Infrastructures (ESI) - Certificate Profiles - Part 5: QCStatements
ETSI EN 319 412-5 V2.5.1 (2025-06)

The present document defines specific QCStatement for the qcStatements extension as defined in IETF RFC 3739 [2],
clause 3.2.6, including requirements for their use in EU qualified certificates. Some of these QCStatements can be used
for other forms of certificate.
The QCStatements defined in the present document can be used in combination with any certificate profile, either
defined in ETSI EN 319 412-2 [i.2], ETSI EN 319 412-3 [i.5] and ETSI EN 319 412-4 [i.6], or defined elsewhere.
The QCStatements defined in clause 4.3 can be applied to regulatory environments outside the EU. Other requirements
specified in clause 4 are specific to Regulation (EU) No 910/2014 [i.8] but may be adapted for other regulatory
environments.

  • Standard
    21 pages
    English language
    sale 15% off
  • Standard
    21 pages
    English language
    sale 15% off
  • Standard
    21 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/CLC/TS 18072:2025(Main)
Requirements for Conformity Assessment Bodies certifying Cloud Services
CEN/CLC/TS 18072:2025

This TS provides requirements and ISO/IEC 17065 interpretations for Conformity Assessment Bodies (CABs) assessing Cloud Services
This TS is intended to be used by the National Accreditation Bodies (NABs), as well as CABs.

  • Technical specification
    45 pages
    English language
    sale 10% off
    e-Library read for
    1 day
ISO
ISO/IEC 18014-1:2008/Amd 1:2025(Amendment)
Information technology — Security techniques — Time-stamping services — Part 1: Framework — Amendment 1
  • Standard
    2 pages
    English language
    sale 15% off
SIST
SIST EN 319 411-2 V2.6.1:2025(Main)
Electronic Signatures and Trust Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates - Part 2: Requirements for trust service providers issuing EU qualified certificates
ETSI EN 319 411-2 V2.6.1 (2025-06)

The present document specifies policy and security requirements for the issuance, maintenance and life-cycle
management of EU qualified certificates as defined in Regulation (EU) No 910/2014 [i.1]. These policy and security
requirements support reference certificate policies for the issuance, maintenance and life-cycle management of EU
qualified certificates issued to natural persons (including natural persons associated with a legal person or a website)
and to legal persons (including legal persons associated with a website), respectively.
The present document does not specify how the requirements identified can be assessed by an independent party,
including requirements for information to be made available to such independent assessors, or requirements on such
assessors.
NOTE: See ETSI EN 319 403 [i.6] for guidance on assessment of TSP's processes and services. The present
document references ETSI EN 319 411-1 [2] for general requirements on TSP issuing certificates.

  • Standard
    32 pages
    English language
    sale 15% off
  • Standard
    33 pages
    English language
    sale 15% off
  • Standard
    33 pages
    English language
    sale 15% off
  • Standard
    33 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    33 pages
    English language
    sale 10% off
    e-Library read for
    1 day
ISO
ISO/IEC TS 20540:2025(Main)
Information security, cybersecurity and privacy protection — Testing cryptographic modules in their field

This document provides recommendations, requirements and checklists which can be used to support the specification and field testing of cryptographic modules in their field within an organization’s security system. The cryptographic modules have an overall security rating commensurate with the four security levels defined in ISO/IEC 19790:2025, to provide for: — a wide spectrum of data sensitivity (e.g. low-value administrative data, million-dollar funds transfers, life-protecting data, personal identity information, and sensitive information used by government), and — a diversity of application environments (e.g. a guarded facility, an office, removable media, and a completely unprotected location). This document is limited to the security related to the cryptographic module. It does not include assessing the security of the field or application environment. It does not define techniques for the identification, assessment and acceptance of the organization’s operational risk. This document applies to the field testers who perform the field testing for the cryptographic modules in their field and the authorizing officials of cryptographic modules.

  • Technical specification
    44 pages
    English language
    sale 15% off
SIST
SIST EN ISO 22739:2025(Main)
Blockchain and distributed ledger technologies - Vocabulary (ISO 22739:2024)
EN ISO 22739:2025

This document defines fundamental terminology for blockchain and distributed ledger technologies.

  • Standard
    22 pages
    English language
    sale 10% off
    e-Library read for
    1 day
ISO
ISO/IEC 27031:2025(Main)
Cybersecurity — Information and communication technology readiness for business continuity

This document describes the concepts and principles of information and communication technology (ICT) readiness for business continuity (IRBC). It provides a framework of methods and processes to identify and specify aspects for improving an organization's ICT readiness to ensure business continuity. This document serves the following business continuity objectives for ICT: — minimum business continuity objective (MBCO), — recovery point objective (RPO), — recovery time objective (RTO) as part of the ICT business continuity planning. This document is applicable to all types and sizes of organizations. This document describes how ICT departments plan and prepare to contribute to the resilience objectives of the organization.

  • Standard
    33 pages
    English language
    sale 15% off
  • Standard
    35 pages
    French language
    sale 15% off
  • Standard
    35 pages
    French language
    sale 15% off
CEN
EN ISO 22739:2025(Main)
Blockchain and distributed ledger technologies - Vocabulary (ISO 22739:2024)
SIST EN ISO 22739:2025

This document defines fundamental terminology for blockchain and distributed ledger technologies.

  • Standard
    22 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 18037:2025(Main)
Guidelines on a sectoral cybersecurity assessment
EN 18037:2025

This document contains guidelines to be used in the process of drafting requirements of cybersecurity certification schemes for sectoral ICT services and systems. It includes all steps necessary to define, implement and maintain such requirements.

  • Standard
    65 pages
    English language
    sale 10% off
    e-Library read for
    1 day
ISO
ISO/IEC 11770-3:2021/Amd 1:2025(Amendment)
Information security — Key management — Part 3: Mechanisms using asymmetric techniques — Amendment 1: TFNS identity-based key agreement
  • Standard
    2 pages
    English language
    sale 15% off
CEN
CEN/CLC/TS 18072:2025(Main)
Requirements for Conformity Assessment Bodies certifying Cloud Services
SIST-TS CEN/CLC/TS 18072:2025

This TS provides requirements and ISO/IEC 17065 interpretations for Conformity Assessment Bodies (CABs) assessing Cloud Services
This TS is intended to be used by the National Accreditation Bodies (NABs), as well as CABs.

  • Technical specification
    45 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 319 411-1 V1.5.1:2025(Main)
Electronic Signatures and Trust Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates - Part 1: General requirements
ETSI EN 319 411-1 V1.5.1 (2025-04)

REN/ESI-0019411-1v151

  • Standard
    60 pages
    English language
    sale 15% off
  • Standard
    60 pages
    English language
    sale 15% off
  • Standard
    60 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO/IEC 27555:2025(Main)
Information security, cybersecurity and privacy protection - Guidelines on personally identifiable information deletion (ISO/IEC 27555:2021)
EN ISO/IEC 27555:2025

This document contains guidelines for developing and establishing policies and procedures for deletion of personally identifiable information (PII) in organizations by specifying:
—    a harmonized terminology for PII deletion;
—    an approach for defining deletion rules in an efficient way;
—    a description of required documentation;
—    a broad definition of roles, responsibilities and processes.
This document is intended to be used by organizations where PII is stored or processed.
This document does not address:
—    specific legal provision, as given by national law or specified in contracts;
—    specific deletion rules for particular clusters of PII that are defined by PII controllers for processing PII;
—    deletion mechanisms;
—    reliability, security and suitability of deletion mechanisms;
—    specific techniques for de-identification of data.

  • Standard
    34 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 18037:2025(Main)
Guidelines on a sectoral cybersecurity assessment
SIST EN 18037:2025

This document contains guidelines to be used in the process of drafting requirements of cybersecurity certification schemes for sectoral ICT services and systems. It includes all steps necessary to define, implement and maintain such requirements.

  • Standard
    65 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 27555:2025(Main)
Information security, cybersecurity and privacy protection - Guidelines on personally identifiable information deletion (ISO/IEC 27555:2021)
SIST EN ISO/IEC 27555:2025

This document contains guidelines for developing and establishing policies and procedures for deletion of personally identifiable information (PII) in organizations by specifying:
—    a harmonized terminology for PII deletion;
—    an approach for defining deletion rules in an efficient way;
—    a description of required documentation;
—    a broad definition of roles, responsibilities and processes.
This document is intended to be used by organizations where PII is stored or processed.
This document does not address:
—    specific legal provision, as given by national law or specified in contracts;
—    specific deletion rules for particular clusters of PII that are defined by PII controllers for processing PII;
—    deletion mechanisms;
—    reliability, security and suitability of deletion mechanisms;
—    specific techniques for de-identification of data.

  • Standard
    34 pages
    English language
    sale 10% off
    e-Library read for
    1 day
ISO
ISO/IEC 19790:2025(Main)
Information security, cybersecurity and privacy protection — Security requirements for cryptographic modules

This document specifies the security requirements for a cryptographic module utilized within a security system protecting sensitive information in Information and Communication Technologies (ICT). It defines four security levels for cryptographic modules to provide for a wide spectrum of data sensitivity and a diversity of application environments. This document specifies up to four security levels for each of the 11 requirement areas with each security level increasing security over the preceding level.

  • Standard
    80 pages
    English language
    sale 15% off
  • Standard
    85 pages
    French language
    sale 15% off
ISO
ISO/IEC 24759:2025(Main)
Information security, cybersecurity and privacy protection — Test requirements for cryptographic modules

This document specifies the methods to be used by testing laboratories to test whether the cryptographic module conforms to the requirements specified in ISO/IEC 19790:2025. The methods are developed to provide a high degree of objectivity during the testing process and to ensure consistency across the testing laboratories. This document also specifies the information that vendors are required to provide testing laboratories as supporting evidence to demonstrate their cryptographic modules’ conformity to the requirements specified in ISO/IEC 19790:2025. Vendors can also use this document to verify whether their cryptographic modules satisfy the requirements specified in ISO/IEC 19790:2025 before applying to a testing laboratory for testing.

  • Standard
    182 pages
    English language
    sale 15% off
ISO
ISO/IEC 20153:2025(Main)
Information technology — OASIS Common Security Advisory Framework (CSAF) v2.0 Specification
  • Standard
    115 pages
    English language
    sale 15% off
50