35.030 - IT Security

ISO/IEC 15408-5:2026(Main)

Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 5: Pre-defined packages of security requirements

This document provides packages of security assurance and security functional requirements that are intended to be useful in support of common usage by stakeholders. The users of this document can include consumers, developers and evaluators of secure IT products.

Standard
27 pages
English language
sale 15% off
Standard
28 pages
French language
sale 15% off

SIST EN 18235-1:2026(Main)

Trusted data transactions - Part 1: Terminology, concepts and mechanisms

EN 18235-1:2026

This document provides terminology, concepts and a description of mechanisms in the field of data exchange focusing on trusted data transactions.
Those elements can be used in the development of standards in support of trusted data transactions and constitute a basis to identify key dimensions and criteria that contribute to the trust in a data transaction between interested parties.
Therefore, those elements constitute a foundational understanding on which trusted data transactions can be based, independently of any architectural choices or technical implementation.

Standard
13 pages
English language
e-Library read for
AI-Chat
1 day

10-Sep-2025
09-Apr-2026
01.040.35
35.030
2023/2854
M/614
I11

SIST-TS CEN/TS 18264:2026(Main)

Policy and security requirements on trust services on electronic ledgers

CEN/TS 18264:2026

This document defines the policy, functional and security requirements on (qualified) trust services for electronic ledger. This includes requirements to ensure:
-   their provision by one or more trust service providers;
-   the establishment of the origin of data records in the ledger;
-   the unique sequential chronological ordering of data records in the ledger;
-   the recording of data in such a way that any subsequent change to the data is immediately detectable, ensuring their integrity over time.

Technical specification
18 pages
English language
e-Library read for
AI-Chat
1 day

06-Apr-2026
35.030
35.240.01
BLC

EN ISO/IEC 29146:2026(Main)

Information technology - Security techniques - A framework for access management (ISO/IEC 29146:2024)

SIST EN ISO/IEC 29146:2026

This document defines and establishes a framework for access management (AM) and the secure management of the process to access information and information and communications technologies (ICT) resources, associated with the accountability of a subject within some contexts.
This document provides concepts, terms and definitions applicable to distributed access management techniques in network environments.
This document also provides explanations about related architecture, components and management functions.
The subjects involved in access management can be uniquely recognized to access information systems, as defined in the ISO/IEC 24760 series.
The nature and qualities of physical access control involved in access management systems are outside the scope of this document.

Draft
39 pages
English language
e-Library read for
AI-Chat
1 day

24-Mar-2026
35.030
CEN/CLC/TC 13

Trusted data transactions - Part 1: Terminology, concepts and mechanisms

EN 18235-1:2026(Main)

SIST EN 18235-1:2026

Standard
13 pages
English language
e-Library read for
AI-Chat
1 day

Policy and security requirements on trust services on electronic ledgers

CEN/TS 18264:2026(Main)

SIST-TS CEN/TS 18264:2026

Technical specification
18 pages
English language
e-Library read for
AI-Chat
1 day

SIST EN ISO 27799:2026(Main)

Health informatics - Information security controls in health based on ISO/IEC 27002 (ISO 27799:2025)

EN ISO 27799:2026

This document provides information security controls, including implementation guidance, for health organizations. It is based on ISO/IEC 27002:2022
In addition to generic ICT equipment and software used in many other environments, the scope of this document includes software and systems specifically for healthcare, such as electronic health record systems and medical devices incorporating health software. Such medical devices can be programmed or programmable and can contain software, firmware or both.
Other digital equipment (such as that for environmental and infection control, building management, and physical security), which can be used in premises where healthcare is provided, is also in scope.
This document applies to information in all its aspects, whatever form the information takes (including text and numbers, sound recordings, drawings, images and video), by whatever means it has been acquired or captured, whatever means are used to store it (such as printing or writing on paper or storage electronically), and whatever means are used to transfer or exchange it (orally, by hand, by post, movement of storage media, direct links or networking).
This document is for organizations of all types and sizes that provide healthcare or are custodians of personal health information for other reasons. The information that they are responsible for can be stored and processed in many possible ways and locations, including on premises or in the cloud, but remains in scope.
This document applies to all physical settings where healthcare is intended to be delivered, such as hospitals, clinics and other locations or facilities designated for healthcare purposes such as ambulances and mobile imaging or diagnostic units. It also applies to care provided elsewhere, such as in residential premises. In addition to the range of settings, this document applies to all methods of service provision including remote or virtual healthcare.

Standard
83 pages
English language
e-Library read for
AI-Chat
1 day

10-Apr-2025
10-Mar-2026
35.030
35.240.80
ITC

ISO/IEC 19823-16:2026(Main)

Information technology — Conformance test methods for security service crypto suites — Part 16: Crypto suite ECDSA-ECDH

This document describes the test methods for determining conformance for the security crypto suite ECDSA-ECDH defined in ISO/IEC 29167-16. This document contains conformance tests for all mandatory and applicable optional functions. Unless otherwise specified, the tests in this document are only applicable to radio frequency identification (RFID) Tags and Interrogators defined in the ISO/IEC 18000 series using ISO/IEC 29167-16.

Standard
20 pages
English language
sale 15% off

ISO/IEC 19823-10:2026(Main)

Information technology — Conformance test methods for security service crypto suites — Part 10: Crypto suite AES-128

This document describes the test methods for determining conformance for the security crypto suite AES-128 defined in ISO/IEC 29167-10. This document contains conformance tests for all mandatory and applicable optional functions. Unless otherwise specified, the tests in this document are only applicable to radio frequency identification (RFID) Tags and Interrogators defined in the ISO/IEC 15693 series and in the ISO/IEC 18000 series using ISO/IEC 29167-10.

Standard
42 pages
English language
sale 15% off

ISO/IEC 19823-22:2026(Main)

Information technology — Conformance test methods for security service crypto suites — Part 22: Crypto suite SPECK

This document describes the test methods for determining conformance for the security crypto suite SPECK defined in ISO/IEC 29167-22. This document contains conformance tests for all mandatory functions. Unless otherwise specified, the tests in this document are only applicable to radio frequency identification (RFID) Tags and Interrogators defined in the ISO/IEC 18000 series using ISO/IEC 29167-22.

Standard
18 pages
English language
sale 15% off

ISO/IEC 19823-21:2026(Main)

Information technology — Conformance test methods for security service crypto suites — Part 21: Crypto suite SIMON

This document describes the test methods for determining conformance to the security crypto suite SIMON defined in ISO/IEC 29167-21. This document contains conformance tests for all mandatory functions. Unless otherwise specified, the tests in this document are only applicable to radio frequency identification (RFID) Tags and Interrogators defined in the ISO/IEC 18000 series using ISO/IEC 29167-21.

Standard
16 pages
English language
sale 15% off

ISO/IEC 19823-13:2026(Main)

Information technology — Conformance test methods for security service crypto suites — Part 13: Crypto suite Grain-128A

This document describes the test methods for determining conformance for the security crypto suite Grain-128A defined in ISO/IEC 29167-13. This document contains conformance tests for all mandatory and optional functions. Unless otherwise specified, the tests in this document are only applicable to radio frequency identification (RFID) tags and interrogators defined in the ISO/IEC 18000 series using ISO/IEC 29167-13.

Standard
19 pages
English language
sale 15% off

SIST-TS CLC IEC/TS 62443-6-2:2026(Main)

Security for industrial automation and control systems – Part 6-2: Security evaluation methodology for IEC 62443-4-2 (IEC/TS 62443-6-2:2025)

CLC/IEC TS 62443-6-2:2025

This document specifies the evaluation methodology to support achieving repeatable and
reproducible evaluation results for IACS components under evaluation against IEC 62443-4-2
requirements.
This document does not specify the definition of a complete certification scheme or certification
program.
This document does not specify the process evaluations of the secure development lifecycle
according to IEC 62443-4-1. The existing secure development lifecycle according to
IEC 62443-4-1 is a prerequisite in this evaluation methodology.
This document does not specify particular tools, e.g. for the use in vulnerability or penetration
testing.
This document does not focus on lACS components which were not developed according to the
lifecycle process of IEC 62443-4-1.

Technical specification
65 pages
English language
e-Library read for
AI-Chat
1 day

Information security, cybersecurity and privacy protection — Guidelines on privacy preservation based on zero-knowledge proofs

ISO/IEC 27565:2026(Main)

This document provides guidelines on using zero-knowledge proofs (ZKP) to improve privacy by reducing the risks associated with the sharing or transmission of personal data between organizations and users by minimizing unnecessary information disclosure. It includes several ZKP functional requirements relevant to a range of different business use cases, then describes how different ZKP models can be used to meet those functional requirements securely.

Standard
37 pages
English language
sale 15% off

ISO/IEC TS 27103:2026(Main)

Cybersecurity — Guidance on using ISO and IEC standards in a cybersecurity framework

This document provides guidance on how to leverage existing ISO and IEC standards in a cybersecurity framework.

Technical specification
19 pages
English language
sale 15% off

Information technology — Security protocol and data model (SPDM) collection

ISO/IEC 25706:2026(Main)

Standard
220 pages
English language
sale 15% off

02-Feb-2026
35.030
ISO/IEC JTC 1

EN ISO/IEC 19896-2:2026(Main)

Information security, cybersecurity and privacy protection - Requirements for the competence of IT security conformance assessment body personnel - Part 2: Knowledge and skills requirements for testers and validators according to ISO/IEC 19790 and ISO/IEC 24759 (ISO/IEC 19896-2:2026)

SIST EN ISO/IEC 19896-2:2026

This document provides the minimum requirements for the knowledge and skills of assessment body testers and validators performing testing activities and validating activities for a conformance scheme using ISO/IEC 19790 and ISO/IEC 24759.

Draft
39 pages
English language
e-Library read for
AI-Chat
1 day

27-Jan-2026
35.030
CEN/CLC/TC 13

SIST EN ISO/IEC 27019:2026(Main)

Information security, cybersecurity and privacy protection - Information security controls for the energy utility industry (ISO/IEC 27019:2024)

EN ISO/IEC 27019:2025

This document provides information security controls for the energy utility industry, based on ISO/IEC 27002:2022, for controlling and monitoring the production or generation, transmission, storage and distribution of electric power, gas, oil and heat, and for the control of associated supporting processes. This includes in particular the following:
— central and distributed process control, monitoring and automation technology as well as information systems used for their operation, such as programming and parameterization devices;
— digital controllers and automation components such as control and field devices or programmable logic controllers (PLCs), including digital sensor and actuator elements;
— all further supporting information systems used in the process control domain, e.g. for supplementary data visualization tasks and for controlling, monitoring, data archiving, historian logging, reporting and documentation purposes;
— communication technology used in the process control domain, e.g. networks, telemetry, telecontrol applications and remote-control technology;
— Advanced metering infrastructure (AMI) components, e.g. smart meters;
— measurement devices, e.g. for emission values;
— digital protection and safety systems, e.g. protection relays, safety PLCs, emergency governor mechanisms;
— energy management systems, e.g. for distributed energy resources (DER), electric charging infrastructures, and for private households, residential buildings or industrial customer installations;
— distributed components of smart grid environments, e.g. in energy grids, in private households, residential buildings or industrial customer installations;
— all software, firmware and applications installed on above-mentioned systems, e.g. distribution management system (DMS) applications or outage management systems (OMS);
— any premises housing the abovementioned equipment and systems;
— remote maintenance systems for abovementioned systems.
This document does not apply to the process control domain of nuclear facilities. This domain is covered by IEC 63096.

Standard
50 pages
English language
e-Library read for
AI-Chat
1 day

03-Nov-2025
19-Jan-2026
03.100.70
27.010
35.030
ITC

SIST-TP CEN/TR 18241:2026(Main)

Privacy management in products and services - Biometric access control products and services

CEN/TR 18241:2025

This document contains recommendations on how to integrate the principle of ‘data protection and privacy by design’ during the entire lifecycle of biometric access-control products and services, in order to achieve ‘data protection and privacy by default’.
NOTE 1 The GDPR requires the effective integration of data-protection safeguards into the processing of personal data (Article 25).
NOTE 2 Biometric access control includes cards and passports, biometric comparisons on card, in databases and a combination of both, as well as one-to-one and one-to-many (and many-to-many) comparisons.
NOTE 3 Biometric access control is used at work and border control as well as in combination with cards and PINs and in online and mobile services.
Facial recognition for access control is covered by this document.
This document extends EN 17529.
This document applies to aspects of data protection and privacy by design.
This document is not applicable to non-biometric aspects of access control, or to aspects not relating to data protection or privacy.
NOTE 4 In general, biometrics is for example covered by ISO/JTC 1/SC 37 and CEN/TC 224/WG 18.

Technical report
12 pages
English language
e-Library read for
AI-Chat
1 day

14-Oct-2025
19-Jan-2026
35.030
35.240.15
95/46/EC
M/530
ITC

SIST EN ISO/IEC 19896-1:2026(Main)

Information security, cybersecurity and privacy protection - Requirements for the competence of IT security conformance assessment body personnel - Part 1: Overview and concepts (ISO/IEC 19896-1:2025)

EN ISO/IEC 19896-1:2025

This document establishes an organized set of concepts and relationships to understand the competency requirements for information security conformance-testing and evaluation specialists, thereby establishing a basis for shared understanding of the concepts and principles central to the ISO/IEC 19896 series across its user communities.

Standard
20 pages
English language
e-Library read for
AI-Chat
1 day
Standard
20 pages
English language
e-Library read for
AI-Chat
1 day

22-Dec-2024
19-Jan-2026
03.100.30
35.030
ITC

SIST EN ISO/IEC 19896-3:2026(Main)

Information security, cybersecurity and privacy protection - Requirements for the competence of IT security conformance assessment body personnel - Part 3: Knowledge and skills requirements for evaluators and reviewers according to the ISO/IEC 15408 series and ISO/IEC 18045 (ISO/IEC 19896-3:2025)

EN ISO/IEC 19896-3:2025

This document provides the specialized requirements for individuals to demonstrate competence in performing IT product security evaluations and reviews according to the ISO/IEC 15408 series and ISO/IEC 18045.
NOTE It is possible that evaluators and testers belong to bodies operating under ISO/IEC 17025 and reviewers belong to bodies operating under ISO/IEC 17065.

Standard
54 pages
English language
e-Library read for
AI-Chat
1 day

09-Mar-2025
19-Jan-2026
03.100.30
35.030
ITC

ISO/IEC 19896-2:2026(Main)

Information security, cybersecurity and privacy protection — Requirements for the competence of IT security conformance assessment body personnel — Part 2: Knowledge and skills requirements for testers and validators according to ISO/IEC 19790 and ISO/IEC 24759

Standard
17 pages
English language
sale 15% off
Standard
17 pages
French language
sale 15% off

Health informatics - Information security controls in health based on ISO/IEC 27002 (ISO 27799:2025)

EN ISO 27799:2026(Main)

SIST EN ISO 27799:2026

Standard
83 pages
English language
e-Library read for
AI-Chat
1 day

SIST EN 304 223 V2.1.1:2026(Main)

Securing Artificial Intelligence (SAI) - Baseline Cyber Security Requirements for AI Models and Systems

ETSI EN 304 223 V2.1.1 (2025-12)

The present document defines baseline security requirements for AI models and systems. The present document includes in its scope systems that incorporate deep neural networks, such as generative AI. For consistency, the term "AI systems" is used throughout the present document when framing the scope of provisions and the term "AI security", which is considered a subset of cybersecurity, is used when addressing any cybersecurity issues in the scope of the provisions. The present document is not designed for academics who are creating and testing AI systems only for research purposes (AI systems which are not going to be deployed).

Standard
16 pages
English language
sale 15% off
Standard
16 pages
English language
sale 15% off
Standard
16 pages
English language
e-Library read for
AI-Chat
1 day

30-Nov-2025
06-Jan-2026
35.030
SPN

Health informatics — Information security controls in health based on ISO/IEC 27002

ISO 27799:2025(Main)

This document provides information security controls, including implementation guidance, for health organizations. It is based on ISO/IEC 27002:2022 In addition to generic ICT equipment and software used in many other environments, the scope of this document includes software and systems specifically for healthcare, such as electronic health record systems and medical devices incorporating health software. Such medical devices can be programmed or programmable and can contain software, firmware or both. Other digital equipment (such as that for environmental and infection control, building management, and physical security), which can be used in premises where healthcare is provided, is also in scope. This document applies to information in all its aspects, whatever form the information takes (including text and numbers, sound recordings, drawings, images and video), by whatever means it has been acquired or captured, whatever means are used to store it (such as printing or writing on paper or storage electronically), and whatever means are used to transfer or exchange it (orally, by hand, by post, movement of storage media, direct links or networking). This document is for organizations of all types and sizes that provide healthcare or are custodians of personal health information for other reasons. The information that they are responsible for can be stored and processed in many possible ways and locations, including on premises or in the cloud, but remains in scope. This document applies to all physical settings where healthcare is intended to be delivered, such as hospitals, clinics and other locations or facilities designated for healthcare purposes such as ambulances and mobile imaging or diagnostic units. It also applies to care provided elsewhere, such as in residential premises. In addition to the range of settings, this document applies to all methods of service provision including remote or virtual healthcare.

Standard
72 pages
English language
sale 15% off
Standard
82 pages
French language
sale 15% off

ISO/IEC 27566-1:2025(Main)

Information security, cybersecurity and privacy protection — Age assurance systems — Part 1: Framework

This document establishes a framework for age assurance systems and describes their core characteristics, including privacy and security, for enabling age-related eligibility decisions.

Standard
29 pages
English language
sale 15% off

ISO/IEC 29192-1:2012/Amd 1:2025(Amendment)

Information technology — Security techniques — Lightweight cryptography — Part 1: General — Amendment 1

Standard
2 pages
English language
sale 15% off

EN ISO/IEC 27019:2025(Main)

Information security, cybersecurity and privacy protection - Information security controls for the energy utility industry (ISO/IEC 27019:2024)

SIST EN ISO/IEC 27019:2026

Standard
50 pages
English language
e-Library read for
AI-Chat
1 day

09-Dec-2025
35.030
CEN/CLC/TC 13

Privacy management in products and services - Biometric access control products and services

CEN/TR 18241:2025(Main)

SIST-TP CEN/TR 18241:2026

This document contains recommendations on how to integrate the principle of ‘data protection and privacy by design’
during the entire lifecycle of biometric access-control products and services, in order to achieve ‘data protection and
privacy by default’.
Biometric facial recognition for access control is covered by this document. Biometric facial recognition for surveillance is
covered by CEN/CLC/JTC 13 TR ‘Video surveillance’.
This document specifies recommendations for the management of data protection and privacy by design in biometricaccess-
control products and services. This document extends ISO/IEC 27552. This document applies to aspects of data
protection and privacy by design. This document is not applicable to non-biometric aspects of access control, or to aspects
not relating to data protection or privacy.

Technical report
12 pages
English language
e-Library read for
AI-Chat
1 day

EN ISO/IEC 19896-1:2025(Main)

SIST EN ISO/IEC 19896-1:2026

Standard
20 pages
English language
e-Library read for
AI-Chat
1 day
Standard
20 pages
English language
e-Library read for
AI-Chat
1 day

02-Dec-2025
35.030
CEN/CLC/TC 13

EN ISO/IEC 19896-3:2025(Main)

SIST EN ISO/IEC 19896-3:2026

Standard
54 pages
English language
e-Library read for
AI-Chat
1 day

25-Nov-2025
35.030
CEN/CLC/TC 13

ISO/IEC 19896-3:2025(Main)

Information security, cybersecurity and privacy protection — Requirements for the competence of IT security conformance assessment body personnel — Part 3: Knowledge and skills requirements for evaluators and reviewers according to the ISO/IEC 15408 series and ISO/IEC 18045

This document provides the specialized requirements for individuals to demonstrate competence in performing IT product security evaluations and reviews according to the ISO/IEC 15408 series and ISO/IEC 18045. NOTE It is possible that evaluators and testers belong to bodies operating under ISO/IEC 17025 and reviewers belong to bodies operating under ISO/IEC 17065.

Standard
46 pages
English language
sale 15% off
Standard
48 pages
French language
sale 15% off

ISO/IEC 19896-1:2025(Main)

Information security, cybersecurity and privacy protection — Requirements for the competence of IT security conformance assessment body personnel — Part 1: Overview and concepts

Standard
12 pages
English language
sale 15% off
Standard
13 pages
French language
sale 15% off

SIST EN ISO/IEC 27706:2025(Main)

Information security, cybersecurity and privacy protection - Requirements for bodies providing audit and certification of privacy information management systems (ISO/IEC 27706:2025)

EN ISO/IEC 27706:2025

This document specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701, in addition to the requirements contained within ISO/IEC 17021-1.
The requirements contained in this document are demonstrated in terms of competence and reliability by bodies providing PIMS certification. The guidance contained in this document provides additional interpretation of these requirements for bodies providing PIMS certification.
NOTE This document can be used as a criteria document for accreditation, peer assessment or other audit processes.

Standard
33 pages
English language
e-Library read for
AI-Chat
1 day

14-Sep-2023
12-Nov-2025
03.120.20
35.030
ITC

SIST EN ISO/IEC 27701:2025(Main)

Information security, cybersecurity and privacy protection - Privacy information management systems - Requirements and guidance (ISO/IEC 27701:2025)

EN ISO/IEC 27701:2025

This document specifies requirements for establishing, implementing, maintaining and continually improving a privacy information management system (PIMS).
Guidance is also provided to assist in the implementation of the requirements in this document.
This document is intended for personally identifiable information (PII) controllers and PII processors holding responsibility and accountability for PII processing.
This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations.

Standard
73 pages
English language
e-Library read for
AI-Chat
1 day

09-Sep-2024
12-Nov-2025
35.030
ITC

EN ISO/IEC 27701:2025(Main)

Information security, cybersecurity and privacy protection - Privacy information management systems - Requirements and guidance (ISO/IEC 27701:2025)

SIST EN ISO/IEC 27701:2025

Standard
73 pages
English language
e-Library read for
AI-Chat
1 day

21-Oct-2025
35.030
CEN/CLC/TC 13

EN ISO/IEC 27706:2025(Main)

Information security, cybersecurity and privacy protection - Requirements for bodies providing audit and certification of privacy information management systems (ISO/IEC 27706:2025)

SIST EN ISO/IEC 27706:2025

Standard
33 pages
English language
e-Library read for
AI-Chat
1 day

Cybersecurity — IoT security and privacy — Cybersecurity labelling framework for consumer IoT

ISO/IEC 27404:2025(Main)

This document defines a cybersecurity labelling framework for the development and implementation of cybersecurity labelling programmes for consumer Internet of things (IoT) products. It provides requirements and guidance on the following topics: — risks and threats associated with consumer IoT products; — stakeholders, roles and responsibilities; — relevant standards and guidance documents; — conformity assessment; — labelling issuance and maintenance; — mutual recognition. This document is limited to consumer IoT products, such as: — IoT gateways, base stations and hubs to which multiple devices connect; smart cameras, televisions, and speakers; — wearable devices; — connected smoke detectors, door locks and window sensors; — connected home automation and alarm systems; — connected appliances, such as washing machines and fridges; — smart home assistants; and — connected children’s toys and baby monitors. Products that are not intended for consumer use are excluded from this document. Examples of excluded devices are those that are primarily intended for manufacturing, healthcare and other industrial purposes. This document is applicable to consumers, developers, issuing bodies of cybersecurity labels and conformity assessment bodies.

Standard
63 pages
English language
sale 15% off

Information security, cybersecurity and privacy protection — Privacy information management systems — Requirements and guidance

ISO/IEC 27701:2025(Main)

This document specifies requirements for establishing, implementing, maintaining and continually improving a privacy information management system (PIMS). Guidance is also provided to assist in the implementation of the requirements in this document. This document is intended for personally identifiable information (PII) controllers and PII processors holding responsibility and accountability for PII processing. This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations.

Standard
64 pages
English language
sale 15% off
Standard
71 pages
French language
sale 15% off

Information security, cybersecurity and privacy protection — Requirements for bodies providing audit and certification of privacy information management systems

ISO/IEC 27706:2025(Main)

This document specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701, in addition to the requirements contained within ISO/IEC 17021-1. The requirements contained in this document are demonstrated in terms of competence and reliability by bodies providing PIMS certification. The guidance contained in this document provides additional interpretation of these requirements for bodies providing PIMS certification. NOTE This document can be used as a criteria document for accreditation, peer assessment or other audit processes.

Standard
24 pages
English language
sale 15% off
Standard
25 pages
French language
sale 15% off

IEC/TS 81001-2-2:2025(Main)

Health software and health IT systems safety, effectiveness and security — Part 2-2: Guidance for the implementation, disclosure and communication of security needs, risks and controls

This document presents an informative set of common, high-level security-related capabilities and additional considerations to be used across the life cycle of health software and health IT systems, for the information exchange between the health software manufacturers (including medical device manufacturers), healthcare delivery organizations (HDOs) and other stakeholders. It is applicable to health software running on any platform and in any environment such as cloud, on premise or hybrid. While important security topics, the following are outside the scope of this document: a) the security policies of the HDO, b) the product and services security policies of the manufacturer, c) determinations of risk tolerance by the HDO or manufacturer, and d) clinical studies where there is a need to secure personal data. As security risks can be caused by any product on health IT systems and health IT Infrastructure, considerations in this document can be applied for other products that are not health software. IEC TS 81001-2-2:2025 withdraws and replaces: – IEC TR 80001-2-2, Application of risk management for IT-networks incorporating medical devices – Part 2-2: Guidance for the communication of medical device security needs, risks and controls – IEC TR 80001-2-8, Application of risk management for IT-networks incorporating medical devices – Part 2-8: Application guidance – Guidance on standards for establishing the security capabilities identified in IEC TR 80001-2-2 This document includes the following significant changes: a) Combines and updates the contents of IEC TR 80001-2-2 and IEC TR 80001-2-8; b) Extends the scope to health software instead to only medical device software; c) Aligns contents and definitions to ISO 81001-1:2021 and the updated IEC 80001-1; d) Removed the Configuration of Security Features (CNFS) capability, as any configurable security capability shall be clearly communicated. e) Provide security control mappings to several new standards, e.g. IEC TR 60601-4-5, IEC 62443-4-2, ISO/IEEE 11073-40102 and the recent versions of previous standards, e.g. ISO/IEC 27002 and NIST 800-53 version 5.

Technical specification
96 pages
English language
sale 15% off

ISO/IEC 19823-11:2025(Main)

Information technology — Conformance test methods for security service crypto suites — Part 11: Crypto suite PRESENT-80

This document specifies methods for determining conformance to the security crypto suite defined in ISO/IEC 29167-11. This document contains conformance tests for all mandatory functions. Unless otherwise specified, the tests in this document are intended to be applied exclusively to RFID tags and interrogators defined in the ISO/IEC 18000 series using ISO/IEC 29167-11.

Standard
10 pages
English language
sale 15% off

ISO/IEC TS 27564:2025(Main)

Privacy protection — Guidance on the use of models for privacy engineering

This document provides guidance on how to use modelling in privacy engineering. It describes categories of models that can be used, the use of modelling to support engineering, and the relationships with other references, including International Standards on privacy engineering and on modelling. It provides high-level use cases describing how models are used.

Technical specification
32 pages
English language
sale 15% off

ISO/IEC 24760-3:2025(Main)

Information security, cybersecurity and privacy protection — A framework for identity management — Part 3: Practice

This document: — provides requirements and guidance for the management of identity information and for ensuring that an identity management system conforms to ISO/IEC 24760-1 and ISO/IEC 24760-2; — is applicable to any information system where information relating to identity is processed or stored; — is considered to be a horizontal document for the following reasons: — it applies concepts such as distinguishing the term “identity” from the term “identifier” on the implementation of systems for the management of identity information and on the requirements for the implementation and operation of a framework for identity management, — it provides an important contribution to assess identity management systems with regard to their privacy-friendliness and their ability to assure the relevant attributes of an identity, and consequently it provides a foundation and a common understanding for any other standard addressing identity, identity information, and identity management.

Standard
31 pages
English language
sale 15% off

ISO/IEC 24760-2:2025(Main)

Information security, cybersecurity and privacy protection — A framework for identity management — Part 2: Reference architecture and requirements

This document: — provides guidelines for the implementation of systems for the management of identity information; — specifies requirements for the implementation and operation of a framework for identity management; — is applicable to any information system where information relating to identity is processed or stored; — is considered to be a horizontal document for the following reasons: ¾ it applies concepts such as distinguishing the term “identity” from the term “identifier” on the implementation of systems for the management of identity information and on the requirements for the implementation and operation of a framework for identity management, ¾ it provides an important contribution to assess identity management systems with regard to their privacy-friendliness and their ability to assure the relevant attributes of an identity, and consequently it provides a foundation and a common understanding for any other standard addressing identity, identity information, and identity management.

Standard
46 pages
English language
sale 15% off

ISO/IEC 24760-1:2025(Main)

Information security, cybersecurity and privacy protection — A framework for identity management — Part 1: Core concepts and terminology

This document: — defines terms for identity management and specifies core concepts of identity and identity management, and their relationships; — is applicable to any information system where information relating to identity is processed or stored; — is considered to be a horizontal document for the following reasons: ¾ it applies concepts such as distinguishing the term “identity” from the term “identifier” on the implementation of systems for the management of identity information and on the requirements for the implementation and operation of a framework for identity management, ¾ it provides an important contribution to assess identity management systems with regard to their privacy-friendliness and their ability to assure the relevant attributes of an identity, and consequently it provides a foundation and a common understanding for any other standard addressing identity, identity information, and identity management.

Standard
23 pages
English language
sale 15% off

Information security, cybersecurity and privacy protection — Guidelines for protection of personally identifiable information (PII) in public clouds acting as PII processors

ISO/IEC 27018:2025(Main)

This document establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect personally identifiable information (PII) in line with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. In particular, this document specifies guidelines based on ISO/IEC 27002:2022, taking into consideration the regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services. This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations. The guidelines in this document can also be relevant to organizations acting as PII controllers.

Standard
35 pages
English language
sale 15% off

Information technology — Methodologies to evaluate the resistance of biometric systems to morphing attacks

ISO/IEC 20059:2025(Main)

This document establishes a methodology to evaluate the resistance of BSs to morphing attacks, including multiple identity attacks. The document is limited to image-based morphing attacks. The term "image-based" includes modalities such as face, iris and finger image data. The document establishes: — a definition of biometric sample modifications and manipulation with a specific focus on manipulations that constitute a multiple identity attack. This can be, for instance, an enrolment attack with face image morphing; — a methodology to measure the morphing attack potential of a morphing method. The document also describes how morphing algorithms can be used for system evaluation.

Standard
16 pages
English language
sale 15% off

SIST EN 319 421 V1.3.1:2025(Main)

Electronic Signatures and Trust Infrastructures (ESI) - Policy and Security Requirements for Trust Service Providers issuing Time-Stamps

ETSI EN 319 421 V1.3.1 (2025-07)

The present document specifies policy and security requirements relating to the operation and management practices of TSPs issuing time-stamps. These policy requirements are applicable to TSPs issuing time-stamps. Such time-stamps can be used in support of digital signatures or for any application requiring to prove that a datum existed before a particular time. The present document can be used by independent bodies as the basis for confirming that a TSP can be trusted for issuing time-stamps. The present document does not specify protocols used to access the TSUs.
NOTE 1: A time-stamping protocol is defined in IETF RFC 3161 [i.2] including optional update in IETF RFC 5816 [i.3] and profiled in ETSI EN 319 422 [5].
The present document does not specify how the requirements identified can be assessed by an independent party, including requirements for information to be made available to such independent assessors, or requirements on such assessors.
NOTE 2: See ETSI EN 319 403-1 [i.9] for guidance on assessment of TSP's processes and services.
NOTE 3: The present document references ETSI EN 319 401 [4] for general policy requirements common to all classes of TSP's services.

Standard
33 pages
English language
sale 15% off
Standard
34 pages
English language
sale 15% off
Standard
34 pages
English language
sale 15% off
Standard
34 pages
English language
e-Library read for
AI-Chat
1 day

31-Mar-2025
20-Aug-2025
35.030
35.040.01
SPN