iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

prEN ISO 17574

(Main)

Electronic fee collection - Guidelines for security protection profiles (ISO/DIS 17574:2025)

Electronic fee collection - Guidelines for security protection profiles (ISO/DIS 17574:2025)

ISO/TS 17574:2017 provides guidelines for preparation and evaluation of security requirements specifications, referred to as Protection Profiles (PP) in ISO/IEC 15408 (all parts) and in ISO/IEC TR 15446.
By Protection Profile (PP), it means a set of security requirements for a category of products or systems that meet specific needs. A typical example would be a PP for On-Board Equipment (OBE) to be used in an EFC system. However, the guidelines in this document are superseded if a Protection Profile already exists for the subsystem in consideration.

:Elektronische Gebührenerhebung - Leitfaden für Sicherheitsprofile (ISO/DIS 17574:2025)

Perception de télépéage - Lignes directrices concernant les profils de protection de la sécurité (ISO/DIS 17574:2025)

Elektronsko pobiranje pristojbin - Smernice za zaščito varnostnih profilov EFC (ISO/DIS 17574:2025)

General Information

Status
Not Published
Publication Date
14-Feb-2027
ICS
03.220.20 - Road transport
35.240.60 - IT applications in transport
Technical Committee
CEN/TC 278 - Road transport and traffic telematics
Drafting Committee
CEN/TC 278/WG 1 - Electronic fee collection and access control (EFC)
Current Stage
4020 - Submission to enquiry - Enquiry
Start Date
17-Jul-2025
Completion Date
17-Jul-2025
Ref Project
oSIST prEN ISO 17574:2025 - Electronic fee collection - Guidelines for security protection profiles (ISO/DIS 17574:2025)

Relations

Revises
CEN ISO/TS 17574:2017 - Electronic fee collection - Guidelines for security protection profiles (ISO/TS 17574:2017)
Effective Date
15-Nov-2023

Buy Standard

prEN ISO 17574:2025prEN ISO 17574:2025
PreviousNext
Draft
prEN ISO 17574:2025
English language
54 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-september-2025
Elektronsko pobiranje pristojbin - Smernice za zaščito varnostnih profilov EFC
(ISO/DIS 17574:2025)
Electronic fee collection - Guidelines for security protection profiles (ISO/DIS
17574:2025)
Elektronische Gebührenerhebung - Leitfaden für Sicherheitsprofile (ISO/DIS
17574:2025)
Perception de télépéage - Lignes directrices concernant les profils de protection de la
sécurité (ISO/DIS 17574:2025)
Ta slovenski standard je istoveten z: prEN ISO 17574
ICS:
03.220.20 Cestni transport Road transport
35.240.60 Uporabniške rešitve IT v IT applications in transport
prometu
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

DRAFT
International
Standard
ISO/DIS 17574
ISO/TC 204
Electronic fee collection —
Secretariat: ANSI
Guidelines for security protection
Voting begins on:
profiles
2025-07-18
Perception de télépéage — Lignes directrices concernant les
Voting terminates on:
profils de protection de la sécurité
2025-10-10
ICS: 35.240.60; 03.220.20
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENTS AND APPROVAL. IT
IS THEREFORE SUBJECT TO CHANGE
AND MAY NOT BE REFERRED TO AS AN
INTERNATIONAL STANDARD UNTIL
PUBLISHED AS SUCH.
This document is circulated as received from the committee secretariat.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
ISO/CEN PARALLEL PROCESSING
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS.
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION.
Reference number
ISO/DIS 17574:2025(en)
DRAFT
ISO/DIS 17574:2025(en)
International
Standard
ISO/DIS 17574
ISO/TC 204
Electronic fee collection —
Secretariat: ANSI
Guidelines for security protection
Voting begins on:
profiles
Perception de télépéage — Lignes directrices concernant les
Voting terminates on:
profils de protection de la sécurité
ICS: 35.240.60; 03.220.20
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENTS AND APPROVAL. IT
IS THEREFORE SUBJECT TO CHANGE
AND MAY NOT BE REFERRED TO AS AN
INTERNATIONAL STANDARD UNTIL
PUBLISHED AS SUCH.
This document is circulated as received from the committee secretariat.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
© ISO 2025
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
STANDARDS MAY ON OCCASION HAVE TO
ISO/CEN PARALLEL PROCESSING
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
BE CONSIDERED IN THE LIGHT OF THEIR
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
or ISO’s member body in the country of the requester.
NATIONAL REGULATIONS.
ISO copyright office
RECIPIENTS OF THIS DRAFT ARE INVITED
CP 401 • Ch. de Blandonnet 8
TO SUBMIT, WITH THEIR COMMENTS,
CH-1214 Vernier, Geneva
NOTIFICATION OF ANY RELEVANT PATENT
Phone: +41 22 749 01 11
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION.
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland Reference number
ISO/DIS 17574:2025(en)
ii
ISO/DIS 17574:2025(en)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Abbreviated terms . 2
5 EFC security architecture and protection profile processes . 3
5.1 General .3
5.2 EFC security architecture . .3
5.3 Protection profile preparatory steps .4
5.4 Relationship between actors .5
6 Outlines of Protection Profile . 7
6.1 Structure .7
6.2 Context .8
Annex A (informative) Procedures for preparing documents . 9
Annex B (informative) Example of threat analysis evaluation method .42
Annex C (informative) Relevant security standards in the context of the EFC . 47
Annex D (informative) Common Criteria Recognition Arrangement (CCRA) .48
Bibliography .49

iii
ISO/DIS 17574:2025(en)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types
of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent
rights identified during the development of the document will be in the Introduction and/or on the ISO list of
patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.
The committee responsible for this document is ISO/TC 204, Intelligent transport systems.
This first edition cancels and replaces the third edition of ISO/TS 17574, which has been technically revised.
The main changes are as follows:
— Clause 3 has been updated and ISO 17573-2 has been made the primary source for terms and definitions,
— requirements updated as to reflect the latest version of the ISO/IEC 15408 series.

iv
ISO/DIS 17574:2025(en)
Introduction
Electronic fee collection (EFC) systems are subject to several ways of fraud both by users and operators but
also from people outside the system. These security threats have to be met by different types of security
measures including specified security requirements.
It is recommended that EFC operators use the guidelines provided by this document to prepare their own
EFC protection profile (PP), as security requirements should be described from the operator's point of view.
It should be noted that the guidelines provided in this document are intended to be read in conjunction with
the underlying international standards ISO/IEC 15408 (all parts). Most of the content of this document is an
example shown in Annex A on how to prepare the security requirements for EFC equipment, in this case, a
DSRC-based OBE with an integrated circuit(s) card (ICC) loaded with crucial data needed for the EFC. The
example refers to a Japanese national EFC system and should only be regarded as an example.
After an EFC/PP is prepared, it can be internationally registered by the organization that prepared the EFC/
PP so that other operators or countries that want to develop their EFC system security services can refer to
an already registered EFC/PP.
This EFC-related document on security service framework and EFC/PP is based on ISO/IEC 15408 (all parts).
ISO/IEC 15408 (all parts) includes a set of requirements for the security functions and assurance of IT-
relevant products and systems. Operators, organizations or authorities defining their own EFC/PP can use
these requirements. This will be similar to the different PPs registered by several financial institutions, e.g.
for payment instruments like IC cards (ICCs).
The products and systems that were developed in accordance with ISO/IEC 15408 (all parts) can be publicly
assured by the authentication of the government or designated private evaluation agencies.

v
DRAFT International Standard ISO/DIS 17574:2025(en)
Electronic fee collection — Guidelines for security protection
profiles
1 Scope
This document provides guidelines for preparation and evaluation of security requirements specifications,
referred to as Protection Profiles (PP) in ISO/IEC 15408 (all parts) and in ISO/IEC TR 15446.
By Protection Profile (PP), it means a set of security requirements for a category of products or systems that
meet specific needs. A typical example would be a PP for on-board equipment (OBE) to be used in an EFC
system. However, the guidelines in this document are superseded if a Protection Profile already exists for
the subsystem in consideration.
The target of evaluation (TOE) for EFC is limited to EFC specific roles and interfaces as shown in Figure 1.
Since the existing financial security standards and criteria are applicable to other external roles and
interfaces, they are assumed to be outside the scope of TOE for EFC.
Figure 1 — Scope of TOE for EFC
The security evaluation is performed by assessing the security-related properties of roles, entities and
interfaces defined in security targets (STs), as opposed to assessing complete processes which often are
distributed over more entities and interfaces than those covered by the TOE of this document.
NOTE Assessing security issues for complete processes is a complimentary approach, which may well be
beneficial to apply when evaluating the security of a system.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.

ISO/DIS 17574:2025(en)
ISO/IEC 15408-1, Information security — cybersecurity and privacy protection — Evaluation criteria for IT
security — Part 1: Introduction and general model
ISO/IEC 15408-2, Information security — cybersecurity and privacy protection — Evaluation criteria for IT
security — Part 2: Sec
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
EN ISO 13140:2025(Main)
Electronic fee collection - Evaluation of on-board and roadside equipment for conformity to ISO 13141 (ISO 13140:2025)
oSIST prEN ISO 13140:2025

This document specifies the test suite structure (TSS) and test purposes (TP) to evaluate the conformity of on-board equipment (OBE) and roadside equipment (RSE) to ISO 13141.
It provides a basis for conformance tests for dedicated short-range communication (DSRC) equipment to support interoperability between different equipment supplied by different manufacturers.
ISO 13141 specifies requirements for the localization augmentation communication (LAC) interface level, but not for the OBE or RSE internal functional behaviour. Consequently, tests regarding OBE and RSE functional behaviour remain outside the scope of this document.

  • Draft
    43 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 17419:2025(Main)
Intelligent transport systems - Globally unique identification (ISO 17419:2025)
SIST EN ISO 17419:2025

This document:
—    describes and specifies globally unique addresses and identifiers (ITS-S object identifiers) that are both internal and external to ITS stations and are used for ITS station management;
—    describes how ITS-S object identifiers and related technical parameters are used for classification, registration and management of ITS applications and ITS application classes;
—    describes how ITS-S object identifiers are used in the ITS communication protocol stack;
—    introduces an organizational framework for registration and management of ITS-S objects;
—    defines and specifies management procedures at a high functional level;
—    specifies an ASN.1 module for the identifiers, addresses and registry records identified in this document; and
—    specifies an ASN.1 module for a C-ITS data dictionary containing ASN.1 type definitions of general interest.
This document is based on the architecture of an ITS station specified in ISO 21217 as a bounded secured managed domain (BSMD).

  • Draft
    52 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 12855:2025(Main)
Electronic fee collection - Information exchange between service provision and toll charging (ISO 12855:2025)
SIST EN ISO 12855:2025

This document specifies:
—    the interfaces between electronic fee collection (EFC) back-office systems for vehicle-related transport services, e.g. road user charging, parking and access control;
—    an exchange of information between the back-office system of the two roles of service provision and toll charging, e.g.:
—   charging-related data (toll declarations, billing details, payment claims, payment announcements),
—   administrative data (trust objects, EFC context data, etc.), and
—   confirmation data;
—    transfer mechanisms and supporting functions;
—    information objects, data syntax and semantics.
This document is applicable for any vehicle-related toll service and any technology used for charging.
The data types and associated coding related to the data elements described in Clause 6 are specified in Annex A, using the abstract syntax notation one (ASN.1) according to ISO/IEC 8824-1.
This document specifies basic protocol mechanisms over which implementations can specify and perform complex transfers (transactions).
This document does not specify, amongst others:
—    any communication between TC or TSP with any other involved party;
—    any communication between elements of the TC and the TSP that is not part of the back-office communication;
—    interfaces for EFC systems for public transport;
—    any complex transfers (transactions), i.e. sequences of inter-related ADUs that can possibly involve several APDU exchanges;
—    processes regarding payments and exchanges of fiscal, commercial or legal accounting documents;
—    definitions of service communication channels, protocols and service primitives to transfer the APDU.

  • Standard
    307 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 17423:2025(Main)
Intelligent transport systems - Application requirements and objectives (ISO 17423:2025)
SIST EN ISO 17423:2025

This document:
—     specifies communication service parameters presented by ITS station (ITS-S) application processes to the ITS-S management in support of automatic selection of ITS-S communication profiles in an ITS station unit (ITS-SU);
—     specifies related procedures for the static and dynamic ITS-S communication profile selection processes at a high functional level;
—     provides an illustration of objectives used to estimate an optimum ITS-S communication profile.

  • Standard
    42 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 18750:2025(Main)
Intelligent transport systems - Local dynamic map (ISO 18750:2025)
SIST EN ISO 18750:2025

This document:
—     describes the functionality of a "local dynamic map" (LDM) in the context of the "bounded secured managed domain" (BSMD);
—     specifies:
—    general characteristics of LDM Data Objects (LDM-DOs) that can be stored in an LDM, i.e. information on real objects such as vehicles, road works sections, slow traffic sections, special weather condition sections, which are as a minimum requirement location-referenced and time-referenced;
—    service access point functions providing interfaces in an ITS station (ITS-S) to access an LDM for:
—     secure add, update and delete access for ITS-S application processes;
—     secure read access (query) for ITS-S application processes;
—     secure notifications (upon subscription) to ITS-S application processes;
—     management access:
—     secure registration, de-registration and revocation of ITS-S application processes at LDM;
—     secure subscription and cancellation of subscriptions of ITS-S application processes;
—    procedures in an LDM considering:
—     means for maintaining the content and integrity of the data store;
—    mechanisms supporting several LDMs in a single ITS station unit.

  • Standard
    77 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 16072:2025(Main)
Intelligent transport systems - ESafety - Pan-European eCall operating requirements
SIST EN 16072:2025

The objective of implementing the pan-European in-vehicle emergency call system (eCall) is to automate the notification of a traffic accident, wherever in Europe, with the same technical standards and the same quality of services objectives by using ‘Public Land Mobile Networks’(PLMN), which supports the European pre-assigned emergency destination address (see normative references) and to provide a means of manually triggering the notification of an incident.
This document specifies the general operating requirements and intrinsic procedures for in-vehicle emergency call (eCall) services in order to transfer an emergency message from a vehicle to a Public Safety Answering Point (PSAP) in the event of a crash or emergency, via an eCall communication session and to establish a voice channel between the in-vehicle equipment and the PSAP.
Private third party in-vehicle emergency supporting services can also provide a similar eCall function by other means. The provision of such services are defined in EN 16102, and are outside the scope of this document.
The communications protocols and methods for the transmission of the MSD are not specified in this document.
This document specifies the operating requirements for an eCall service. An important part of the eCall service is a Minimum Set of Data (MSD). The operating requirements for the MSD are determined in this document, but the form and data content of the MSD is not defined herein. A common European MSD is determined in EN 15722.
This document does not specify whether eCall is provided using embedded equipment or other means (for example in the case of aftermarket equipment).

  • Standard
    30 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 13143:2025(Main)
Electronic fee collection - Evaluation of on-board and roadside equipment for conformity to ISO 12813 (ISO 13143:2025)
SIST EN ISO 13143:2025

This document specifies the test suite structure (TSS) and test purposes (TPs) for evaluating the conformity of on-board equipment (OBE) and roadside equipment (RSE) to ISO 12813.
It provides a basis for conformance tests for dedicated short-range communication (DSRC) OBE and RSE to support interoperability between different equipment supplied by different manufacturers.
ISO 12813 specifies requirements for the compliance check communication (CCC) interface level, but not for the OBE or RSE internal functional behaviour. Consequently, tests regarding OBE and RSE functional behaviour remain outside the scope of this document.

  • Standard
    91 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN ISO/TS 22726-2:2025(Main)
Intelligent transport systems - Dynamic data and map database specification for connected and automated driving system applications - Part 2: Logical data model of dynamic data (ISO/TS 22726-2:2025)
SIST-TS CEN ISO/TS 22726-2:2025

This document specifies a unified logical data model based on available existing dynamic information standards. The data has precise relative location references to be linked with ISO/TS 22726-1 which specifies the architecture and the logical data model of static map data for connected and automated driving applications. Dynamic event data comes from external systems and has been defined and specified independently by existing standards. Therefore, the logical data model in this document is formed to synthesize contents referring to other standards.

  • Technical specification
    119 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 17573-3:2024(Main)
Electronic fee collection - System architecture for vehicle-related tolling - Part 3: Data dictionary (ISO 17573-3:2024)
SIST EN ISO 17573-3:2025

This document specifies the syntax and semantics of data objects in the field of electronic fee collection (EFC). The definitions of data types and assignment of semantics are provided in accordance with the abstract syntax notation one (ASN.1) technique, as specified in ISO/IEC 8824-1. This document defines:
—     ASN.1 (data) types within the field of EFC;
—     ASN.1 (data) types of a more general use that are used more specifically in standards related to EFC.
This document does not seek to define ASN.1 (data) types that are primarily related to other fields that operate in conjunction with EFC, such as cooperative intelligent transport systems (C-ITS), the financial sector, etc.

  • Standard
    65 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 13141:2024(Main)
Electronic fee collection - Localization augmentation communication for autonomous systems (ISO 13141:2024)
SIST EN ISO 13141:2024

This document establishes requirements for short-range communication for the purposes of augmenting the localization in autonomous electronic fee collection (EFC) systems. Localization augmentation serves to inform on-board equipment (OBE) about geographical location and the identification of a charge object. This document specifies the provision of location and heading information and security means to protect against the manipulation of the OBE with false RSE.
The localization augmentation communication (LAC) takes place between an OBE in a vehicle and fixed RSE. This document is applicable to OBE in an autonomous mode of operation.
This document specifies attributes and functions for the purpose of localization augmentation, by making use of the dedicated short-range communications (DSRC) communication services provided by DSRC Layer 7, and makes these LAC attributes and functions available to the LAC applications at the RSE and the OBE. Attributes and functions are specified on the level of application data units (ADUs; see Figure 1).
As depicted in Figure 1, this document is applicable to:
—     the application interface definition between OBE and RSE;
—     the interface to the DSRC application layer, as specified in ISO 15628 and EN 12834;
—     the use of the DSRC stack.
The LAC is suitable for a range of short-range communication media. This document provides specific definitions regarding the CEN-DSRC stack as specified in EN 15509. Annexes C, D, E and H provide for the use of the Italian DSRC as specified in ETSI/ES 200 674-1, ISO CALM IR ARIB DSRC and WAVE DSRC.
This document contains a protocol implementation conformance statement (PICS) proforma in Annex B and transaction examples in Annex F. Annex G highlights how to use this document for the European Electronic Toll Service (EETS).
Test specifications are not within the scope of this document.

  • Standard
    45 pages
    English language
    sale 10% off
    e-Library read for
    1 day