Cybersecurity

This document specifies cryptographic secret sharing schemes.

This part of ISO/IEC 18033 specifies
a) output functions to combine a keystream with plaintext,
b) keystream generators for producing keystream, and
c) object identifiers assigned to dedicated keystream generators in accordance with ISO/IEC 9834.

This part of ISO/IEC 18033 specifies block ciphers. A block cipher maps blocks of n bits to blocks of n bits, under the control of a key of k bits. A total of seven different block ciphers are defined.

This part of ISO/IEC 18014 presents a general framework for the provision of time-stamping services.
Time-stamping services may generate, renew and verify time-stamp tokens.
Time-stamp tokens are associations between data and points in time, and are created in a way that aims to provide evidence that the data existed at the associated date and time. In addition, the evidence may be used by non-repudiation services.

This part of ISO/IEC 18014
— defines the functionality of the time assessment authority (TAA),
— describes an overall architecture for providing the time to the time-stamping authority (TSA) and to guarantee the correctness of it through the use of the TAA, and
— gives technical guidelines for the TAA to provide, and to provide assurance in, a trusted time source to the TSA.
 

This International Standard specifies a conceptual model for a random bit generator for cryptographic purposes, together with the elements of this model.
This International Standard
• specifies the characteristics of the main elements required for a non-deterministic random bit generator,
• specifies the characteristics of the main elements required for a deterministic random bit generator,
• establishes the security requirements for both the non-deterministic and the deterministic random bit generator.

This International Standard specifies methods for generating and testing prime numbers as required in cryptographic protocols and algorithms.
Firstly, this International Standard specifies methods for testing whether a given number is prime. The testing methods included in this International Standard can be divided into two groups:
• Probabilistic primality tests, which have a small error probability. All probabilistic tests described here may declare a composite to be a prime. One test described here may declare a prime to be composite.
• Deterministic methods, which are guaranteed to give the right verdict. These methods use so-called primality certificates.

This part of ISO/IEC 18033 is general in nature, and provides definitions that apply in subsequent parts of this International Standard. The nature of encryption is introduced, and certain general aspects of its use and properties are described. The criteria used to select the algorithms specified in subsequent parts of this International Standard are defined in Annexes A and B.

ISO/IEC 27017 gives guidelines for information security controls applicable to the provision and use of cloud services by providing:

• additional implementation guidance for relevant controls specified in ISO/IEC 27002;
• additional controls with implementation guidance that specifically relate to cloud services.

This Recommendation | International Standard provides controls and implementation guidance for both cloud service providers and cloud service customers.
 
The standard can be bought here: https://www.iso.org/standard/43757.html
The informative sections of this standard are publicly available here: https://www.iso.org/obp/ui/#iso:std:iso-iec:27017:ed-1:v1:en

This document establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
In particular, this document specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services.
This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations.
The guidelines in this document can also be relevant to organizations acting as PII controllers. However, PII controllers can be subject to additional PII protection legislation, regulations and obligations, not applying to PII processors. This document is not intended to cover such additional obligations.
 
The standard can be bought here: https://www.iso.org/standard/76559.html
The informative sections of this standard are publicly available here: https://www.iso.org/obp/ui/#iso:std:iso-iec:27018:ed-2:v1:en

This document specifies security and protection of personally identifiable information components, SLOs and SQOs for cloud service level agreements (cloud SLA) including requirements and guidance.
This document is for the benefit and use of both CSPs and CSCs.
 
The standard can be bought here: https://www.iso.org/standard/68242.html
The informative sections of standards are publicly available https://www.iso.org/obp/ui/#iso:std:iso-iec:19086:-4:ed-1:v1:en

ISO/IEC 27036-4 provides cloud service customers and cloud service providers with guidance on
a) gaining visibility into the information security risks associated with the use of cloud services and managing those risks effectively, and
b) responding to risks specific to the acquisition or provision of cloud services that can have an information security impact on organizations using these services.
ISO/IEC 27036-4 does not include business continuity management/resiliency issues involved with the cloud service. ISO/IEC 27031 addresses business continuity.
ISO/IEC 27036-4 does not provide guidance on how a cloud service provider should implement, manage and operate information security. Guidance on those can be found in ISO/IEC 27002 and ISO/IEC 27017.
The scope of ISO/IEC 27036-4 is to define guidelines supporting the implementation of information security management for the use of cloud services.