Document management — Trusted storage sub-system (TSS) functional and technical requirements

Gestion des documents — Exigences fonctionnelles et techniques du sous-système de stockage fiable (TSS)

General Information

Status
Withdrawn
Current Stage
5098 - Project deleted
Completion Date
17-Dec-2019
Ref Project

Buy Standard

Draft
ISO/FDIS 18759 - Document management — Trusted storage sub-system (TSS) functional and technical requirements Released:7/27/2018
English language
22 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


DRAFT INTERNATIONAL STANDARD
ISO/DIS 18759
ISO/TC 171/SC 2 Secretariat: ANSI
Voting begins on: Voting terminates on:
2018-09-25 2018-12-18
Document management — Trusted Storage Sub-System
(TSS) functional and technical requirements
Gestion des documents — Exigences fonctionnelles et techniques du sous-système de stockage fiable (TSS)
ICS: 37.080
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENT AND APPROVAL. IT IS
THEREFORE SUBJECT TO CHANGE AND MAY
NOT BE REFERRED TO AS AN INTERNATIONAL
STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
This document is circulated as received from the committee secretariat.
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
Reference number
NATIONAL REGULATIONS.
ISO/DIS 18759:2018(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
©
PROVIDE SUPPORTING DOCUMENTATION. ISO 2018

ISO/DIS 18759:2018(E)
© ISO 2018
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2018 – All rights reserved

ISO/DIS 18759:2018(E)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Retention requirements for trusted storage environments . 2
4.1 Overview . 2
4.2 Electronically Stored Information (ESI) . 2
4.3 Retained ESI . 2
4.4 Legal Hold of retained ESI . 3
4.5 Enforcement of litigation holds . 3
4.6 Retained ESI retention management . 3
4.7 ESI retention management states . 4
4.7.1 Overview . 4
4.7.2 ESI permanent retention state . 4
4.7.3 ESI fixed retention state. 4
4.7.4 ESI hybrid retention state (Minimum retention and overall retention) . 5
4.8 TSS retention enforcement . 6
4.9 TSS retention policies . 7
4.9.1 Overview . 7
4.9.2 TSS-defined retention policy . 7
4.9.3 Application-defined retention policy . 7
4.9.4 Application-defined retention policy class . 8
5 TSS operational states. 9
5.1 Overview . 9
5.2 Autonomous storage state . 9
5.3 WORM Storage State .10
5.4 Integrated state .10
5.5 Application State .10
6 General Trusted Storage Sub-System requirements .11
6.1 Storage security .11
6.2 ESI encryption .11
6.3 Secure delete and erasure .12
6.4 Redundancy .12
6.5 Retained ESI integrity checks by one or more cryptographic hash values or checksum.12
6.6 Application and ESI security .12
6.7 Storage migration and upgrades .12
6.8 Auditability .13
6.8.1 Overview .13
6.8.2 Trusted Storage Sub-System audit capabilities .13
6.8.3 Trusted Storage Sub-System audit trail .13
7 Technical methods for trusted storage environments .13
7.1 Overview .13
7.2 Trusted Storage Sub-System operational policies .14
7.3 Security .14
7.3.1 Management and organization of security .14
7.3.2 Risk assessment . .14
7.3.3 Physical security .14
7.3.4 Hardware security .14
7.3.5 Security of custom software and software products .15
7.3.6 Maintenance of the TSS .15
7.3.7 System change-management and migration of media .15
ISO/DIS 18759:2018(E)
7.3.8 Security backups .15
7.3.9 Business Continuity Plan to demonstrate of access to stored ESI .15
7.3.10 Date and time stamping .15
7.4 Audit trail .15
7.4.1 General.15
7.4.2 Secure preservation of the audit trail .15
7.4.3 TSS lifecycle log .16
7.4.4 Events log .16
7.5 Hash values or Checksums .16
7.6 Ransomware protection .16
7.7 Error correction .16
7.8 Monitoring, notifications and alerts .16
7.9 Encryption .17
7.10 Permissions .17
7.11 Integrity of storage devices and media .17
8 Compliance requirements and mitigating technical methods .18
8.1 Migration of information between media .18
8.2 Technical obsolescence .18
8.3 Discovery requests .18
8.4 “Rig
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.