ISO

This document defines terms and establishes an organized set of concepts and relationships to understand the competency requirements for information security assurance conformance-testing and evaluation specialists, thereby establishing a basis for shared understanding of the concepts and principles central to the ISO/IEC 19896 series across its user communities. It provides fundamental information to users of the ISO/IEC 19896 series.

This International Standard specifies the subjects to be addressed during a security evaluation of a biometric system.
It covers the biometric-specific aspects and principles to be considered during the security evaluation of a biometric system. It does not address the non-biometric aspects which might form part of the overall security evaluation of a system using biometric technology (e.g. requirements on databases or communication channels).

SC 17 continues to deliver card standards that are ubiquitous in their use by the worldwide cards industry. Perhaps the biggest issue facing the cards world and particularly payments cards, is the need to expand the Issuer Identification Numbering scheme (IINs) from its present 6-digit IIN to an 8-digit IIN going forward. Support from ISO to spread the word in this regard would be very much appreciated by the experts in SC17.

Standardization in the area of:

• Identification and related documents
• Cards
• Security devices and tokens

and interface associated with their use in inter-industry applications and international interchange

This document specifies the following mechanisms for homomorphic encryption.
— Exponential ElGamal encryption;
— Paillier encryption.

This part of ISO/IEC 18033 specifies identity-based encryption mechanisms. For each mechanism the functional interface, the precise operation of the mechanism, and the ciphertext format are specified. However, conforming systems may use alternative formats for storing and transmitting ciphertexts.

This part of ISO/IEC 18033 specifies
a) output functions to combine a keystream with plaintext,
b) keystream generators for producing keystream, and
c) object identifiers assigned to dedicated keystream generators in accordance with ISO/IEC 9834.

This part of ISO/IEC 18033 specifies block ciphers. A block cipher maps blocks of n bits to blocks of n bits, under the control of a key of k bits. A total of seven different block ciphers are defined.

ISO/IEC 18033-2:2006 specifies encryption systems (ciphers) for the purpose of data confidentiality.

In most cases, cloud service providers (CSPs) and cloud service customers (CSCs) negotiate service level agreements (SLAs) which include service level objectives (SLOs) and service qualitative objectives (SQOs) for which CSPs make commitments.. The commitments described in SLAs must be measured against actual performance of the service to ensure compliance with the SLA. How actual performance compares against commitments in SLAs, is explained in ISO/IEC 19086-2:2018[2] Metric model.  Cloud SLAs are covered in ISO/IEC 19086-1:2016[1] Service level agreement (SLA) framework Part 1:  Overview and concepts and in ISO/IEC 19086-4:2019[3] Security and privacy.
ISO/IEC 19086-2 Metric model establishes common terminology, defines a model for specifying metrics for cloud SLAs, and includes applications of the model with examples.  This document provides a primer on using the metrics model in 19086-2 to compose the calculation of a cloud service performance measure in order to compare against an SLA commitment. A few examples from the SLOs listed in ISO/IEC 19086-1 (Clause 10) are given in the document, such as Cloud Service Response Time Mean and Cloud Service Availability. As specific, measurable characteristics of a cloud service, SLOs are the basis for defining the metrics used to evaluate and compare agreements between parties.
In the second half of the document, a basic dissection of these examples is provided using a practical method based on a tabular format. This  format allows for a consistent usage of the model across practitioners such as:
- Extracting metric material from an SLA narrative and representing this content separately and unambiguously.
- Designing and representing a new metric definition.
Along with demonstrating this method on previous examples, some best practices are collected and reported.  These best practices also provide practical guidance on how to extend or complement the model when necessary, which is allowed by the 19086-2 Metric model standard but beyond its scope and non-normative.
The scope of this technical report is to describe a practical method for using ISO/IEC 19086-2 Metric Model.
 
Under development

This document establishes a set of building blocks (concepts, terms and definitions, including Data Level Objectives and Data Qualitative Objectives) that can be used to create Data Sharing Agreements  (DSAs). This document is applicable to DSAs where the data is intended to be processed using one or more cloud services or other distributed platforms.
 
Under development

As the adoption of cloud computing expands and the market grows, cloud service providers (CSPs) offer many different solutions of cloud services that can be classified as infrastructure, platform and application capabilities. Inevitably, CSPs, in designing solutions to meet the functionalities of cloud service customers (CSCs), put together diverse metering elements and billing modes that complement the cloud services offered to cloud service customers (CSCs).  It is challenging for CSCs to determine the differences of many diverse metering elements and billing modes from various CSPs as they navigate their journey to adopt cloud computing.
Measured service is one of the key characteristics of cloud computing (ISO/IEC 17788).  The feature is that a CSC may only be charged for the resources used.  To this end, it is necessary that usage can be monitored, controlled, reported, and billed for delivered cloud service.  Metering elements can be given and classified according to its cloud capabilities type.  Reasonable and scientific metering and billing results can be easily achieved if common operation practices apply.
The purpose of this TR is to provide basic clarity and guidance through a sample set of cloud service metering elements and billing elements for different cloud service capability types, including a discussion on billing function component and metering which is one of four main parts of billing function component. Such a sample set of metering and billing elements can help CSP better describe its billing and metering exercise, and can help CSC better understand the situation in order to make informed decisions.
The scope of this document is to describes a sample set of cloud service metering and billing elements.
 
Under development

Edge computing is increasingly used in systems that deal with aspects of the physical world. Edge computing involves the placement of processing and data storage near or at the places where those systems interact with the physical world, which is where the "edge" exists. One of the trends in this space is the development of increasingly capable IoT devices (sensors and actuators), generating more data or new types of data, which data benefits from processing close to the place where it is generated.
Cloud computing is commonly used in systems that utilise edge computing. This can involve the connection of both devices and edge computing nodes to centralized cloud services. However, it is the case that the locations in which cloud computing is performed are increasingly distributed in nature, with cloud services being implemented in locations that are nearer to the edge, for the purpose of supporting usecases that demand such close placement for reasons of reducing latency or avoiding the need to transmit large volumes of data over networks with limited bandwidth.
This document aims to describe edge computing and the significant elements which contribute to the successful implementation of edge computing systems, with an emphasis on the use of cloud computing and cloud computing technologies in the context of edge computing, including the virtualization of compute, storage and networking resources.
It is useful to read this document in conjunction with the ISO/IEC TR 30164 Edge Computing (under development in SC 41 - Internet of Things and related technologies), which takes a view of edge computing from the point of view of IoT systems and the IoT devices which interact with the physical world.
The scope of this technical report is to investigate and report on the concept of Edge Computing, its relationship to Cloud Computing and IoT, and the technologies that are key to the implementation of Edge Computing.  This report will explore the following topics with respect to Edge Computing:
- Concept of Edge Computing Systems
- Architectural Foundation of Edge Computing
- Edge Computing Terminology
- Software Classifications in Edge Computing – for example: firmware, services, applications 
- Supporting technologies such as Containers, Serverless, Microservices
- Networking for edge systems, including virtual networks
- Data – data flow, data storage, data processing in edge computing
- Management – of software, of data and of networks, resources, quality of service
- Virtual placement of software and data, and metadata
- Security and Privacy
- Real Time
- Mobile Edge Computing, Mobile Devices
 
Under development