ISO/IEC

ISO/IEC 20922:2016 is a Client Server publish/subscribe messaging transport protocol. It is light weight, open, simple, and designed so as to be easy to implement. These characteristics make it ideal for use in many situations, including constrained environments such as for communication in Machine to Machine (M2M) and Internet of Things (IoT) contexts where a small code footprint is required and/or network bandwidth is at a premium.

The protocol runs over TCP/IP, or over other network protocols that provide ordered, lossless, bi-directional connections. Its features include:

Use of the publish/subscribe message pattern which provides one-to-many message distribution and decoupling of applications.
A messaging transport that is agnostic to the content of the payload.
Three qualities of service for message delivery:
"At most once", where messages are delivered according to the best efforts of the operating environment. Message loss can occur. This level could be used, for example, with ambient sensor data where it does not matter if an individual reading is lost as the next one will be published soon after.
"At least once", where messages are assured to arrive but duplicates can occur.
"Exactly once", where message are assured to arrive exactly once. This level could be used, for example, with billing systems where duplicate or lost messages could lead to incorrect charges being applied

ISO/IEC 19464:2014 defines the Advanced Message Queuing Protocol (AMQP), an open internet protocol for business messaging. It defines a binary wire-level protocol that allows for the reliable exchange of business messages between two parties. AMQP has a layered architecture and the specification is organized as a set of parts that reflects that architecture.

Part 1 defines the AMQP type system and encoding.
Part 2 defines the AMQP transport layer, an efficient, binary, peer-to-peer protocol for transporting messages between two processes over a network.
Part 3 defines the AMQP message format, with a concrete encoding.
Part 4 defines how interactions can be grouped within atomic transactions.
Part 5 defines the AMQP security layers.

This document specifies network models for IIoT connectivity and general compatibility requirements for devices and networks within IIoT systems in terms of:
• data transmission protocols interaction;
• distributed data interoperability & management;
• connectivity framework;
• connectivity transport;
• connectivity network;
• best practices and guidance to use in IIoT area

This document provides principles for IoT trustworthiness based on ISO/IEC 30141 – IoT Reference Architecture.

ISO/IEC 29146:2016 defines and establishes a framework for access management (AM) and the secure management of the process to access information and Information and Communications Technologies (ICT) resources, associated with the accountability of a subject within some context.
This International Standard provides concepts, terms and definitions applicable to distributed access management techniques in network environments.
This International Standard also provides explanations about related architecture, components and management functions.
The subjects involved in access management might be uniquely recognized to access information systems, as defined in ISO/IEC 24760.
The nature and qualities of physical access control involved in access management systems are outside the scope of this International Standard.

This document provides the overview of cybersecurity. The terms and definitions provided in this document — describe cybersecurity and relevant concepts do not cover all terms and definitions applicable to cybersecurity; do not limit other standards in defining new cybersecurity- related terms for use

ISO/IEC TS 33052:2016 defines a process reference model (PRM) for the domain of information security management. The model architecture specifies a process architecture for the domain and comprises a set of processes, with each described in terms of process purpose and outcomes.

This document specifies requirements for an Internet of Things (IoT) data exchange platform
for various services in the technology areas of:
 the middleware components of communication networks allowing the co-existence of IoT
services with legacy services;
 the end-points performance across the communication networks among the IoT and legacy
services;
 the IoT specific functions and functionalities allowing the efficient deployment of IoT
services;
 the IoT service communication networks’ framework and infrastructure; and
 the IoT service implementation guideline for the IoT data exchange platform.

This document specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization.

This document specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing.

This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which are PII controllers and/or PII processors processing PII within an ISMS.

ISO/IEC 29134:2017 gives guidelines for

- a process on privacy impact assessments, and

- a structure and content of a PIA report.

It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations.

ISO/IEC 29134:2017 is relevant to those involved in designing or implementing projects, including the parties operating data processing systems and services that process PII.

ISO/IEC 29191:2012 provides a framework and establishes requirements for partially anonymous, partially unlinkable authentication.

This document defines a privacy architecture framework that:

— specifies concerns for ICT systems that process PII;

— lists components for the implementation of such systems; and

— provides architectural views contextualizing these components.

This document is applicable to entities involved in specifying, procuring, architecting, designing, testing, maintaining, administering and operating ICT systems that process PII.

It focuses primarily on ICT systems that are designed to interact with PII principals.