IT in general

This document specifies three block ciphers suitable for applications requiring lightweight cryptographic implementations:

— PRESENT: a lightweight block cipher with a block size of 64 bits and a key size of 80 or 128 bits;

— CLEFIA: a lightweight block cipher with a block size of 128 bits and a key size of 128, 192 or 256 bits;

— LEA: a lightweight block cipher with a block size of 128 bits and a key size of 128, 192 or 256 bits.

Provides a framework for managing entity authentication assurance in a given context.

This document defines a privacy architecture framework that:

— specifies concerns for ICT systems that process PII;

— lists components for the implementation of such systems; and

— provides architectural views contextualizing these components.

This document is applicable to entities involved in specifying, procuring, architecting, designing, testing, maintaining, administering and operating ICT systems that process PII.

It focuses primarily on ICT systems that are designed to interact with PII principals.

ISO/IEC 29100:2011 provides a privacy framework which

• specifies a common privacy terminology;
• defines the actors and their roles in processing personally identifiable information (PII);
• describes privacy safeguarding considerations; and
• provides references to known privacy principles for information technology.

ISO/IEC 29100:2011 is applicable to natural persons and organizations involved in specifying, procuring, architecting, designing, developing, testing, maintaining, administering, and operating information and communication technology systems or services where privacy controls are required for the processing of PII.

ISO/IEC TS 29003:2018:
gives guidelines for the identity proofing of a person;
specifies levels of identity proofing, and requirements to achieve these levels.
ISO/IEC TS 29003:2018 is applicable to identity management systems.

Although there is substantial overlap between information security and privacy management, both fields are broader. This standard will explain how to ‘enhance’ (adapt and extend) an ISO/IEC 27001 Information Security Management System and the associated ISO/IEC 27002 controls to manage privacy as well as information security.

This document provides privacy engineering guidelines that are intended to help organizations integrate recent advances in privacy engineering into system life cycle processes. It describes:

— the relationship between privacy engineering and other engineering viewpoints (system engineering, security engineering, risk management); and

— privacy engineering activities in key engineering processes such as knowledge management, risk management, requirement analysis, and architecture design.

The intended audience includes engineers and practitioners who are involved in the development, implementation or operation of systems that need privacy consideration, as well as managers in organizations responsible for privacy, development, product management, marketing, and operations.

This document provides guidance for technical and non-technical personnel at senior management levels within an organization, including those with responsibility for compliance with statuary and regulatory requirements, and industry standards.

It describes how such personnel can identify and take ownership of risks related to electronic discovery, set policy and achieve compliance with corresponding external and internal requirements. It also suggests how to produce such policies in a form which can inform process control. Furthermore, it provides guidance on how to implement and control electronic discovery in accordance with the policies.

ISO/IEC TS 27034-5-1:2018 defines XML Schemas that implement the minimal set of information requirements and essential attributes of ASCs and the activities and roles of the Application Security Life Cycle Reference Model (ASLCRM) from ISO/IEC 27034-5.

This document describes the minimum requirements when the required activities specified by an Application Security Control (ASC) are replaced with a Prediction Application Security Rationale (PASR). The ASC mapped to a PASR define the Expected Level of Trust for a subsequent application. In the context of an Expected Level of Trust, there is always an original application where the project team performed the activities of the indicated ASC to achieve an Actual Level of Trust.

The use of Prediction Application Security Rationales (PASRs), defined by this document, is applicable to project teams which have a defined Application Normative Framework (ANF) and an original application with an Actual Level of Trust.

Predictions relative to aggregation of multiple components or the history of the developer in relation to other applications is outside the scope of this document.