Standard

ISO/IEC TR 10032:2003 defines the ISO Reference Model of Data Management. It establishes a framework for coordinating the development of existing and future standards for the management of persistent data in information systems.
ISO/IEC TR 10032:2003 defines common terminology and concepts pertinent to all data held within information systems. Such concepts are used to define more specifically the services provided by particular data management components, such as database management systems or data dictionary systems. The definition of such related services identifies interfaces which may be the subject of future standardization.
ISO/IEC TR 10032:2003 does not specify services and protocols for data management. ISO/IEC TR 10032:2003 is neither an implementation specification for systems, nor a basis for appraising the conformance of implementations.
The scope of ISO/IEC TR 10032:2003 includes processes which are concerned with handling persistent data and their interaction with processes particular to the requirements of a specific information system. This includes common data management services such as those required to define, store, retrieve, update, maintain, backup, restore and communicate applications and dictionary data.
The scope of ISO/IEC TR 10032:2003 includes consideration of standards for the management of data located on one or more computer systems, including services for distributed database management.
ISO/IEC TR 10032:2003 does not include within its scope common services normally provided by an operating system including those processes which are concerned with specific types of physical storage devices, specific techniques for storing data, and specific details of communications and human computer interfaces.

This document defines interfaces for device management of RFID systems. Interfaces are defined that provide for discovery, configuration, initialization and monitoring of RFID systems within the software system infrastructure (SSI).

This document only deals with devices that provide RFID related services. It does not distinguish the form factor of such RFID devices.

This document provides two distinct interface sets, one based on the GS1 EPCglobal DCI standard and the IETF SNMP RFCs and the other based on the Organization for the Advancement of Structured Information Standards (OASIS) DPWS standard. The definition of the Device Profile for RFID is referred to in this document as the RFID Device Management Profile, or RDMP.
Each interface option set provides interface definitions that provide ISO/IEC 24791-3 Client Endpoints and Services Endpoints with the mechanisms for:
— the discovery of the RFID devices and services on a local or remote subnet;
— a firmware upgrade service;
— a management service that implements configuration related functions;
— a monitoring service for reporting alerts, diagnostics, and performance information.
The two interface set definitions provided by this document allow for clients and services endpoints to implement and provide the services based on the specific characteristics of the RFID system to be implemented. Subclause 1.2 defines the Conformance requirements for systems that implement components of one or both of the interface sets.

The ISO/IEC 20944 series of International Standards provides the bindings and their interoperability for metadata registries, such as those specified in the ISO/IEC 11179 series of International Standards. ISO/IEC 20944-2:2013 contains provisions that are common to coding bindings and the coding bindings themselves. The coding bindings have commonality in their conceptualization of data instances and their internal structures. Common features include:

using datatypes to characterize the nature and operations upon data;
using ISO/IEC 11404 to define and declare datatypes;
using common aggregate structures, such as array and record, to describe sets of data;
using common navigation descriptions to reference components within a set of data.
The individual coding bindings each incorporate a mapping of common data semantics to their individual binding requirements. XML and DIVP (dotted identifier value pair) bindings are provided.

The ISO/IEC 20944 series of International Standards provides the bindings and their interoperability for metadata registries, such as those specified in the ISO/IEC 11179 series of International Standards. ISO/IEC 20944-3:2013 contains provisions that are common to application programming interface (API) bindings and the API bindings themselves. The API bindings have commonality in their conceptualization of the services provided. Common features include:

using a session paradigm to access data;
using a parameterized security framework to support a variety of security techniques;
using a hierarchical navigation for data access.
Bindings for C, Java, and ECMAscript programming languages are provided.

The ISO/IEC 20944 series of International Standards provides the bindings and their interoperability for metadata registries, such as those specified in the ISO/IEC 11179 series of International Standards. ISO/IEC 20944-4:2013 contains provisions that are common to protocol bindings and the protocol bindings themselves. The protocol bindings have commonality in their conceptualization of the services provided. Common features include:

common data transfer semantics;
harmonized session services for connection-oriented and connection-less protocols.
Bindings for HTTP and WebDAV protocols are provided.

ISO/IEC TS 30168:2021 specifies a generic programming interface for the integration of secure elements within Industrial IoT devices. This includes requirements from industrial usage scenarios and applications. This document also provides guidance for implementation, testing, and conformity validation.

A European standard to declare the security level of cryptographic modules.

This document defines the structure and the data elements of Authentication Context for Biometrics (ACBio), which is used for checking the validity of the result of a biometric enrolment and verification process executed at a remote site. This document allows any ACBio instance to accompany any biometric processes related to enrolment and verification. The specification of ACBio is applicable not only to single modal biometric enrolment and verification but also to multimodal fusion. The real-time information of presentation attack detection is not provided in this document. Only the assurance information of presentation attack detection (PAD) mechanism can be contained in the BPU report.
Biometric identification is out of the scope of this document.
This document specifies the cryptographic syntax of an ACBio instance. The cryptographic syntax of an ACBio instance is defined in this document applying a data structure specified in Cryptographic Message Syntax (CMS) schema whose concrete values can be represented using a compact binary encoding. This document does not define protocols to be used between entities such as BPUs, claimant, and validator. Its concern is entirely with the content and encoding of the ACBio instances for the various processing activities.

This international standard provides guidance on implementing user authentication and the use of credentials therein, in particular it: -- describes complementary models for implementing authentication with different operational aspects. -- specifies formal descriptions of authentication methods. -- specifies requirements for authenticators as credentials -- managing the lifecycle, -- binding to a principal, -- use in a federated context.

ISO/IEC 24760-2:2015
provides guidelines for the implementation of systems for the management of identity information, and
specifies requirements for the implementation and operation of a framework for identity management.
ISO/IEC 24760-2:2015 is applicable to any information system where information relating to identity is processed or stored.

This document establishes core principles, including privacy, for the purpose of enabling agerelated eligibility decisions, by setting out a framework for indicators of confidence about age or an age range of a natural person.

This document provides detailed technical requirements and guidance on how organizations can achieve an appropriate level of risk mitigation by employing a well-proven and consistent approach to the planning, design, documentation, and implementation of data storage security. Storage security applies to the protection of data both while stored in information and communications technology (ICT) systems and while in transit across the communication links associated with storage. Storage security includes the security of devices and media, management activities related to the devices and media, applications and services, and controlling or monitoring user activities during the lifetime of devices and media and after end of use or end of life.

This document provides an overview of storage security concepts and related definitions. It includes requirements and guidance on the threats, design, and control aspects associated with typical storage scenarios and storage technology areas. In addition, it provides references to other International Standards and technical reports that address existing practices and techniques that can be applied to storage security.