iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

FprCEN/CLC ISO/IEC/TS 23532-2

(Main)

Information security, cybersecurity and privacy protection - Requirements for the competence of IT security testing and evaluation laboratories - Part 2: Testing for ISO/IEC 19790 (ISO/IEC/TS 23532-2:2021)

Information security, cybersecurity and privacy protection - Requirements for the competence of IT security testing and evaluation laboratories - Part 2: Testing for ISO/IEC 19790 (ISO/IEC/TS 23532-2:2021)

This document complements and supplements the procedures and general requirements found in ISO/IEC 17025:2017 for laboratories performing testing based on ISO/IEC 19790 and ISO/IEC 24759.

Informationssicherheit, Cybersicherheit und Schutz der Privatsphäre - Anforderungen an die Kompetenz von Prüf- und Evaluierungsstellen für IT-Sicherheit - Teil 2: Prüfung für ISO/IEC 19790 (ISO/IEC/TS 23532-2:2021)

Sécurité de l'information, cybersécurité et protection de la vie privée - Exigences relatives aux compétences des laboratoires d'essais et d'évaluation de la sécurité TI - Partie 2: Essais pour l'ISO/IEC 19790 (ISO/IEC/TS 23532-2:2021)

Informacijska varnost, kibernetska varnost in varovanje zasebnosti - Zahteve za usposobljenost laboratorijev za testiranje in ocenjevanje varnosti IT - 1. del: Preskušanje po ISO/IEC 19790 (ISO/IEC/TS 23532-2:2021)

General Information

Status
Not Published
Publication Date
09-Oct-2024
ICS
35.030 - IT Security
Technical Committee
CEN/CLC/TC 13 - Cybersecurity and Data Protection
Current Stage
5060 - Closure of Vote - Formal Approval
Start Date
15-Aug-2024
Due Date
24-Sep-2025
Completion Date
15-Aug-2024
Ref Project
kSIST-TS FprCEN/CLC ISO/IEC/TS 23532-2:2024 - Information security, cybersecurity and privacy protection - Requirements for the competence of IT security testing and evaluation laboratories - Part 2: Testing for ISO/IEC 19790 (ISO/IEC/TS 23532-2:2021)

Buy Standard

kTS FprCEN/CLC ISO/IEC/TS 23532-2:2024 - BARVEkTS FprCEN/CLC ISO/IEC/TS 23532-2:2024 - BARVE
PreviousNext
Draft
kTS FprCEN/CLC ISO/IEC/TS 23532-2:2024 - BARVE
English language
32 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
kSIST-TS FprCEN/CLC ISO/IEC/TS 23532-
2:2024
01-julij-2024
Informacijska varnost, kibernetska varnost in varovanje zasebnosti - Zahteve za
usposobljenost laboratorijev za testiranje in ocenjevanje varnosti IT - 1. del:
Preskušanje po ISO/IEC 19790 (ISO/IEC/TS 23532-2:2021)
Information security, cybersecurity and privacy protection - Requirements for the
competence of IT security testing and evaluation laboratories - Part 2: Testing for
ISO/IEC 19790 (ISO/IEC/TS 23532-2:2021)
Sécurité de l'information, cybersécurité et protection de la vie privée - Exigences
relatives aux compétences des laboratoires d'essais et d'évaluation de la sécurité TI -
Partie 2: Essais pour l'ISO/IEC 19790 (ISO/IEC/TS 23532-2:2021)
Ta slovenski standard je istoveten z: FprCEN/CLC ISO/IEC/TS 23532-2
ICS:
35.030 Informacijska varnost IT Security
kSIST-TS FprCEN/CLC ISO/IEC/TS en,fr,de
23532-2:2024
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

TECHNICAL ISO/IEC TS
SPECIFICATION 23532-2
First edition
2021-11
Information security, cybersecurity
and privacy protection —
Requirements for the competence
of IT security testing and evaluation
laboratories —
Part 2:
Testing for ISO/IEC 19790
Sécurité de l'information, cybersécurité et protection de la vie
privée — Exigences relatives aux compétences des laboratoires
d'essais et d'évaluation de la sécurité TI —
Partie 2: Essais pour l'ISO/IEC 19790
Reference number
ISO/IEC TS 23532-2:2021(E)
© ISO/IEC 2021
ISO/IEC TS 23532-2:2021(E)
© ISO/IEC 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
© ISO/IEC 2021 – All rights reserved

ISO/IEC TS 23532-2:2021(E)
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 General Requirements . 2
4.1 Impartiality . 2
4.2 Confidentiality . 3
5 Structural requirements .3
6 Resource requirements .4
6.1 General . 4
6.2 Personnel . 4
6.3 Facilities and environmental conditions . 6
6.4 Equipment . 8
6.5 Metrological traceability . 11
6.6 Externally provided products and services .12
7 Process requirements .12
7.1 Review of requests, tenders and contracts .12
7.2 Selection, verification and validation of methods . 13
7.2.1 Selection and verification of methods . 13
7.2.2 Validation of methods . 14
7.3 Sampling . 15
7.4 Handling of test or calibration items . 15
7.5 Technical records . 16
7.6 Evaluation of measurement of uncertainty . 16
7.7 Ensuring the validity of results . 17
7.8 Reporting of results . 17
7.8.1 General . 17
7.8.2 Common requirements for reports (test, calibration or sampling) . 17
7.8.3 Specific requirements for test reports . 18
7.8.4 Specific requirements for calibration certificates . 18
7.8.5 Reporting sampling – specific requirements . 18
7.8.6 Reporting statements of conformity . 18
7.8.7 Reporting opinions and interpretations . 19
7.8.8 Amendments to reports . 19
7.9 Complaints. 19
7.10 Nonconforming work . 19
7.11 Control of data information management . 20
8 Management system requirements .20
8.1 Options. 20
8.1.1 General .20
8.1.2 Option A . 20
8.1.3 Option B . 20
8.2 Management system documentation (option A) . 20
8.3 Control of management system documents (option A) . 21
8.4 Control of records (option A) . 21
8.5 Actions to address risks and opportunities (option A) . 22
8.6 Improvement (option A) . 22
8.7 Corrective actions (option A) . 22
8.8 Internal audits (option A). 22
8.9 Management reviews (option A) . 22
iii
© ISO/IEC 2021 – All rights reserved

ISO/IEC TS 23532-2:2021(E)
Annex A (informative) Metrological traceability .23
Annex B (informative) Management system options .24
Annex C (informative) Standards relation in cryptographic module testing .25
Bibliography .26
iv
© ISO/IEC 2021 – All rights reserved

ISO/IEC TS 23532-2:2021(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance
are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria
needed for the different types of document should be noted. This document was drafted in
accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or
www.iec.ch/members_experts/refdocs).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents) or the IEC
list of patent declarations received (see https://patents.iec.ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as infor
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
EN 18031-1:2024(Main)
Common security requirements for radio equipment - Part 1: Internet connected radio equipment
kSIST FprEN 18031-1:2024

This document specifies common security requirements for internet-connected radio equipment. This document provides technical specifications for radio equipment, which concerns electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment.

  • Draft
    123 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 18031-2:2024(Main)
Common security requirements for radio equipment - Part 2: radio equipment processing data, namely Internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment
kSIST FprEN 18031-2:2024

Common security requirements for radio equipment processing personal data or traffic data or location data being either internet connected radio equipment, radio equipment designed or intended exclusively for childcare; toys and wearable radio equipment. The standard provides technical specifications for radio equipment processing personal data, traffic data or location data, which concerns electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment, childcare, toys or wearable radio equipment.
The scope does not apply to 5G network equipment used by providers of public electronic communications networks and publicly available electronic communications services within the meaning of in Directive (EU) 2018/1972 of the European Parliament and of the Council as defined in that Regulation.

  • Draft
    156 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 18031-3:2024(Main)
Common security requirements for radio equipment - Part 3: Internet connected radio equipment processing virtual money or monetary value
kSIST FprEN 18031-3:2024

Common security requirements for internet connected radio equipment that equipment enables the holder or user to transfer money, monetary value or virtual currency. This document provides technical specifications for radio equipment processing virtual money or monetary value, which apply to electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment.

  • Draft
    127 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 27005:2024(Main)
Information security, cybersecurity and privacy protection - Guidance on managing information security risks (ISO/IEC 27005:2022)
oSIST prEN ISO/IEC 27005:2024

This document provides guidance to assist organizations to:
—    fulfil the requirements of ISO/IEC 27001 concerning actions to address information security risks;
—    perform information security risk management activities, specifically information security risk assessment and treatment.
This document is applicable to all organizations, regardless of type, size or sector.

  • Draft
    68 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    68 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 18026:2024(Main)
Three-level approach for a set of cybersecurity requirements for cloud services
SIST-TS CEN/CLC/TS 18026:2024

This Technical Specification (TS) provides a set of cybersecurity requirements for cloud services.
This TS is applicable to organizations providing cloud services and their subservice organizations

  • Technical specification
    180 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 27006-1:2024(Main)
Information security, cybersecurity and privacy protection - Requirements for bodies providing audit and certification of information security management systems - Part 1: General (ISO/IEC 27006-1:2024)
SIST EN ISO/IEC 27006-1:2024

This document specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021-1.
The requirements contained in this document are demonstrated in terms of competence and reliability by bodies providing ISMS certification. The guidance contained in this document provides additional interpretation of these requirements for bodies providing ISMS certification.
NOTE       This document can be used as a criteria document for accreditation, peer assessment or other audit processes.

  • Standard
    56 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 15408-3:2023(Main)
Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 3: Security assurance components (ISO/IEC 15408-3:2022)
SIST EN ISO/IEC 15408-3:2024

This document defines the assurance requirements of the ISO/IEC 15408 series. It includes the individual assurance components from which the evaluation assurance levels and other packages contained in ISO/IEC 15408-5 are composed, and the criteria for evaluation of Protection Profiles (PPs),  PP-Configurations, PP-Modules, and Security Targets (STs).

  • Standard
    204 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 15408-5:2023(Main)
Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 5: Pre-defined packages of security requirements (ISO/IEC 15408-5:2022)
SIST EN ISO/IEC 15408-5:2024

This document provides packages of security assurance and security functional requirements that have been identified as useful in support of common usage by stakeholders.
EXAMPLE Examples of provided packages include the evaluation assurance levels (EAL) and the composed assurance packages (CAPs).

  • Standard
    37 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 15408-1:2023(Main)
Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 1: Introduction and general model (ISO/IEC 15408-1:2022)
SIST EN ISO/IEC 15408-1:2024

This document establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of the standard which in its entirety is meant to be used as the basis for evaluation of security properties of IT products.
This document provides an overview of all parts of the ISO/IEC 15408 series. It describes the various parts of the ISO/IEC 15408 series; defines the terms and abbreviations to be used in all parts of the standard; establishes the core concept of a Target of Evaluation (TOE); describes the evaluation context and describes the audience to which the evaluation criteria is addressed. An introduction to the basic security concepts necessary for evaluation of IT products is given.
This document introduces:
—    the key concepts of Protection Profiles (PP), PP-Modules, PP-Configurations, packages, Security Targets (ST), and conformance types;
—    a description of the organization of security components throughout the model;
—    the various operations by which the functional and assurance components given in ISO/IEC 15408‑2 and ISO/IEC 15408‑3 can be tailored through the use of permitted operations;
—    general information about the evaluation methods given in ISO/IEC 18045;
—    guidance for the application of ISO/IEC 15408‑4 in order to develop evaluation methods (EM) and evaluation activities (EA) derived from ISO/IEC 18045;
—    general information about the pre-defined Evaluation Assurance Levels (EALs) defined in ISO/IEC 15408‑5;
—    information in regard to the scope of evaluation schemes.

  • Standard
    154 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 15408-2:2023(Main)
Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 2: Security functional components (ISO/IEC 15408-2:2022)
SIST EN ISO/IEC 15408-2:2024

This document defines the required structure and content of security functional components for the purpose of security evaluation. It includes a catalogue of functional components that will meet the common security functionality requirements of many IT products.

  • Standard
    293 pages
    English language
    sale 10% off
    e-Library read for
    1 day