If you have difficulty in submitting comments on draft standards you can use a commenting template and email it to admin.start@bsigroup.com. The commenting template can be found here.

We use cookies to give you the best experience and to help improve our website

Find out what cookies we use and how to disable them

IST/33/3 - Security Evaluation, Testing and Specification

Sector: Governance & Resilience

Categories: | Certification. Conformity assessment | | Information coding. Character sets | Identification cards and related devices | | Information technology. General

Overview: Under the direction of IST/33, is responsible for the UK input to ISO/IEC JTC 1/SC 27/WG 3 and CEN/CLC/JTC 13/WG 3 whose scope is the security evaluation of IT systems, components and products, including the definition of security evaluation criteria and related issues such as evaluation methodology and the administrative procedures for testing, evaluation, certification, and accreditation. The scope also includes associated issues such as specification of security properties, security testing methodologies and processes, and vulnerability notification

Committee standards activity

In Progress (22)
Reference Standards description
Status ?

The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
PD ISO/TR 25844 Information security, cybersecurity and privacy protection. Transition information for ISO/IEC 19790 and ISO/IEC 24759

Categories: Unclassified documents

Drafting begins : 2026-02-06 		Drafting
PD ISO/IEC/TR 6890 Towards creating an extension for patch management for ISO/IEC 15408 and ISO/IEC 18045

Categories: Unclassified documents

Proposal begins : 		Proposal
PD ISO/IEC/TR 25544 The effect of different transmission media on the security evaluation of quantum key distribution

Categories: Unclassified documents

Drafting begins : 2025-12-24 		Drafting
PD ISO/IEC/TR 22216 PD ISO/IEC/TR 22216. Information security, cybersecurity and privacy protection. New concepts and changes in ISO/IEC 15408:2022 and ISO/IEC 18045:2022

Categories: Unclassified documents

Drafting begins : 2025-03-27 		Drafting
ISO/IEC NP 25959 Information security, cybersecurity and privacy protection — Application of attack potential to deep learning-based technology

Categories: Information management | Standardization. General rules

Proposal begins : 2025-06-09 		Proposal
ISO/IEC JTC 1/SC 27 N 22089, ISO/IEC PWI 5888 Information security, cybersecurity and privacy protection -- Security requirements and evaluation activities for connected vehicle devices

Categories: Information management | Standardization. General rules | Engineering | Road vehicles engineering | Car informatics. On board computer systems | Information technology

Proposal begins : 2021-11-29 		Proposal
BS ISO/IEC 27115 Cybersecurity evaluation of complex systems — Introduction and framework overview

Categories: Unclassified documents

Proposal begins : 		Proposal
BS EN ISO/IEC 30111 Cybersecurity — Vulnerability handling and disclosure processes

Categories: Unclassified documents

Drafting begins : 2026-07-31 		Drafting
BS EN ISO/IEC 29147 Cybersecurity — Vulnerability disclosure processes

Categories: Unclassified documents

Drafting begins : 2026-07-31 		Drafting
BS EN ISO/IEC 29128-3 Information security — Verification of cryptographic protocols — Part 3: Part 3: Evaluation Methods and Activities for Protocol Implementation Verification

Categories: Unclassified documents

Drafting begins : 2025-05-31 		Drafting
Published (34)
Reference Standards description
Status ?

The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
PD ISO/IEC/TR 24485:2022 Information security, cybersecurity and privacy protection. Security techniques. Security properties and best practices for test and evaluation of white box cryptography

Categories:

Published standard begins : 2022-11-01 		Published standard
PD ISO/IEC/TR 22216:2022 Information security, cybersecurity and privacy protection. New concepts and changes in ISO/IEC 15408:2022 and ISO/IEC 18045:2022

Categories:

Published standard begins : 2022-09-08 		Published standard
PD ISO/IEC/TR 19249:2017 Information technology. Security techniques Catalogue of architectural and design principles for secure products, systems and applications

Categories:

Published standard begins : 2017-12-13 		Published standard
PD ISO/IEC/TR 15446:2017 Information technology. Security techniques. Guidance for the production of protection profiles and security targets

Categories:

Published standard begins : 2017-10-25 		Published standard
PD ISO/IEC TS 30104:2015 Information Technology. Security Techniques. Physical Security Attacks, Mitigation Techniques and Security Requirements

Categories:

Published standard begins : 2015-05-27 		Published standard
PD ISO/IEC TS 24462:2024 Information security, cybersecurity and privacy protection. Ontology building blocks for security and risk assessment

Categories:

Published standard begins : 2024-03-22 		Published standard
PD ISO/IEC TS 20540:2025 Information security, cybersecurity and privacy protection. Testing cryptographic modules in their field

Categories:

Published standard begins : 2025-06-10 		Published standard
PD ISO/IEC TS 19608:2018 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408

Categories:

Published standard begins : 2018-10-26 		Published standard
PD ISO/IEC TR 5891:2024 Information security, cybersecurity and privacy protection — Hardware monitoring technology for hardware security assessment

Categories:

Published standard begins : 2024-04-15 		Published standard
PD ISO/IEC TR 20004:2015 Information technology. Security techniques. Refining software vulnerability analysis under ISO/IEC 15408 and ISO/IEC 18045

Categories:

Published standard begins : 2016-01-04 		Published standard
Withdrawn (38)
Reference Standards description
Status ?

The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
PD ISO/IEC TS 23532-2:2021 Information security, cybersecurity and privacy protection. Requirements for the competence of IT security testing and evaluation laboratories. Testing for ISO/IEC 19790

Categories:

Withdrawn begins : 2024-10-11 		Withdrawn
PD ISO/IEC TS 20540:2018 Information technology. Security techniques. Testing cryptographic modules in their operational environment

Categories:

Withdrawn begins : 2025-06-10 		Withdrawn
PD ISO/IEC TR 20004:2012 Information technology. Security techniques. Refining software vulnerability analysis under ISO/IEC 15408 and ISO/IEC 18045

Categories:

Withdrawn begins : 2016-01-04 		Withdrawn
PD ISO/IEC TR 19791:2006 Information technology. Security techniques. Security assessment of operational systems

Categories:

Withdrawn begins : 2010-04-16 		Withdrawn
PD ISO/IEC TR 15446:2009 Information technology. Security techniques. Guide for the production of protection profiles and security targets

Categories:

Withdrawn begins : 2017-10-25 		Withdrawn
PD ISO/IEC TR 15443-1:2005 Information technology. Security techniques. A framework for IT security assurance. Overview and framework

Categories:

Withdrawn begins : 2012-12-18 		Withdrawn
ISO/IEC TR 15443-2:2005 ISO/IECTR15443-2 : 2005 Information technology. Framework for IT Security Assurance. Part 2: Assurance methods

Categories: Information coding. Character sets

Withdrawn begins : 2012-11-20 		Withdrawn
BS ISO/IEC 30111:2019 Information technology. Security techniques. Vulnerability handling processes

Categories:

Withdrawn begins : 2020-06-11 		Withdrawn
BS ISO/IEC 30111:2013 Information technology. Security techniques. Vulnerability handling processes

Categories:

Withdrawn begins : 2019-10-09 		Withdrawn
BS ISO/IEC 29147:2018 Information technology. Security techniques. Vulnerability disclosure

Categories:

Withdrawn begins : 2020-06-10 		Withdrawn