British Standards Institution

Sector: Governance & Resilience

Overview: Under the direction of IST/33, is responsible for the UK input to ISO/IEC JTC 1/SC 27/WG 3 and CEN/CLC/JTC 13/WG 3 whose scope is the security evaluation of IT systems, components and products, including the definition of security evaluation criteria and related issues such as evaluation methodology and the administrative procedures for testing, evaluation, certification, and accreditation. The scope also includes associated issues such as specification of security properties, security testing methodologies and processes, and vulnerability notification

Committee standards activity

In Progress (19)

Show entries

Reference	Standards description	Status ? The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
PD ISO/TR 25844	Information security, cybersecurity and privacy protection. Transition information for ISO/IEC 19790 and ISO/IEC 24759 Categories: Unclassified documents Drafting begins : 2026-01-07	Drafting
PD ISO/IEC/TR 6890	Towards creating an extension for patch management for ISO/IEC 15408 and ISO/IEC 18045 Categories: Unclassified documents Proposal begins :	Proposal
PD ISO/IEC/TR 25544	The effect of different transmission media on the security evaluation of quantum key distribution Categories: Unclassified documents Drafting begins : 2025-12-24	Drafting
PD ISO/IEC/TR 22216	PD ISO/IEC/TR 22216. Information security, cybersecurity and privacy protection. New concepts and changes in ISO/IEC 15408:2022 and ISO/IEC 18045:2022 Categories: Unclassified documents Drafting begins : 2025-03-27	Drafting
ISO/IEC NP 25959	Information security, cybersecurity and privacy protection — Application of attack potential to deep learning-based technology Categories: Information management \| Standardization. General rules Proposal begins : 2025-06-09	Proposal
ISO/IEC JTC 1/SC 27 N 22089, ISO/IEC PWI 5888	Information security, cybersecurity and privacy protection -- Security requirements and evaluation activities for connected vehicle devices Categories: Information management \| Standardization. General rules \| Engineering \| Road vehicles engineering \| Car informatics. On board computer systems \| Information technology Proposal begins : 2021-11-29	Proposal
BS ISO/IEC 27115	Cybersecurity evaluation of complex systems — Introduction and framework overview Categories: Unclassified documents Proposal begins :	Proposal
BS EN ISO/IEC 29128-3	Information security — Verification of cryptographic protocols — Part 3: Part 3: Evaluation Methods and Activities for Protocol Implementation Verification Categories: Unclassified documents Drafting begins : 2025-05-31	Drafting
BS EN ISO/IEC 29128-2	Information security, cybersecurity and privacy protection — Verification of Cryptographic Protocols — Part 2: Evaluation Methods and Activities for Cryptographic Protocols Categories: Unclassified documents Drafting begins : 2025-05-31	Drafting
BS EN ISO/IEC 19989-1	Information security — Criteria and methodology for security evaluation of biometric systems — Part 1: Framework Categories: Unclassified documents Drafting begins : 2025-11-28	Drafting

Published (34)

Show entries

Reference	Standards description	Status ? The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
PD ISO/IEC/TR 24485:2022	Information security, cybersecurity and privacy protection. Security techniques. Security properties and best practices for test and evaluation of white box cryptography Categories: Published standard begins : 2022-11-01	Published standard
PD ISO/IEC/TR 22216:2022	Information security, cybersecurity and privacy protection. New concepts and changes in ISO/IEC 15408:2022 and ISO/IEC 18045:2022 Categories: Published standard begins : 2022-09-08	Published standard
PD ISO/IEC/TR 19249:2017	Information technology. Security techniques Catalogue of architectural and design principles for secure products, systems and applications Categories: Published standard begins : 2017-12-13	Published standard
PD ISO/IEC/TR 15446:2017	Information technology. Security techniques. Guidance for the production of protection profiles and security targets Categories: Published standard begins : 2017-10-25	Published standard
PD ISO/IEC TS 30104:2015	Information Technology. Security Techniques. Physical Security Attacks, Mitigation Techniques and Security Requirements Categories: Published standard begins : 2015-05-27	Published standard
PD ISO/IEC TS 24462:2024	Information security, cybersecurity and privacy protection. Ontology building blocks for security and risk assessment Categories: Published standard begins : 2024-03-22	Published standard
PD ISO/IEC TS 20540:2025	Information security, cybersecurity and privacy protection. Testing cryptographic modules in their field Categories: Published standard begins : 2025-06-10	Published standard
PD ISO/IEC TS 19608:2018	Guidance for developing security and privacy functional requirements based on ISO/IEC 15408 Categories: Published standard begins : 2018-10-26	Published standard
PD ISO/IEC TR 5891:2024	Information security, cybersecurity and privacy protection — Hardware monitoring technology for hardware security assessment Categories: Published standard begins : 2024-04-15	Published standard
PD ISO/IEC TR 20004:2015	Information technology. Security techniques. Refining software vulnerability analysis under ISO/IEC 15408 and ISO/IEC 18045 Categories: Published standard begins : 2016-01-04	Published standard

Withdrawn (38)

Show entries

Reference	Standards description	Status ? The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
PD ISO/IEC TS 23532-2:2021	Information security, cybersecurity and privacy protection. Requirements for the competence of IT security testing and evaluation laboratories. Testing for ISO/IEC 19790 Categories: Withdrawn begins : 2024-10-11	Withdrawn
PD ISO/IEC TS 20540:2018	Information technology. Security techniques. Testing cryptographic modules in their operational environment Categories: Withdrawn begins : 2025-06-10	Withdrawn
PD ISO/IEC TR 20004:2012	Information technology. Security techniques. Refining software vulnerability analysis under ISO/IEC 15408 and ISO/IEC 18045 Categories: Withdrawn begins : 2016-01-04	Withdrawn
PD ISO/IEC TR 19791:2006	Information technology. Security techniques. Security assessment of operational systems Categories: Withdrawn begins : 2010-04-16	Withdrawn
PD ISO/IEC TR 15446:2009	Information technology. Security techniques. Guide for the production of protection profiles and security targets Categories: Withdrawn begins : 2017-10-25	Withdrawn
PD ISO/IEC TR 15443-1:2005	Information technology. Security techniques. A framework for IT security assurance. Overview and framework Categories: Withdrawn begins : 2012-12-18	Withdrawn
ISO/IEC TR 15443-2:2005	ISO/IECTR15443-2 : 2005 Information technology. Framework for IT Security Assurance. Part 2: Assurance methods Categories: Information coding. Character sets Withdrawn begins : 2012-11-20	Withdrawn
BS ISO/IEC 30111:2019	Information technology. Security techniques. Vulnerability handling processes Categories: Withdrawn begins : 2020-06-11	Withdrawn
BS ISO/IEC 30111:2013	Information technology. Security techniques. Vulnerability handling processes Categories: Withdrawn begins : 2019-10-09	Withdrawn
BS ISO/IEC 29147:2018	Information technology. Security techniques. Vulnerability disclosure Categories: Withdrawn begins : 2020-06-10	Withdrawn

Standards Development

IST/33/3 - Security Evaluation, Testing and Specification

Committee standards activity