We use cookies to give you the best experience and to help improve our website

Find out what cookies we use and how to disable them

IST/33/3 - Security Evaluation, Testing and Specification

Sector: Governance & Resilience

Categories: | | Information coding. Character sets | Identification cards and related devices | | Information technology. General

Overview: Under the direction of IST/33, is responsible for the UK input to ISO/IEC JTC 1/SC 27/WG 3 and CEN/CLC/JTC 13/WG 3 whose scope is the security evaluation of IT systems, components and products, including the definition of security evaluation criteria and related issues such as evaluation methodology and the administrative procedures for testing, evaluation, certification, and accreditation. The scope also includes associated issues such as specification of security properties, security testing methodologies and processes, and vulnerability notification

Committee standards activity

In Progress (17)
Reference Standards description
Status ?

The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
PD ISO/IEC/TR 6890 Towards creating an extension for patch management for ISO/IEC 15408 and ISO/IEC 18045

Categories: Unclassified documents

Proposal begins : 		Proposal
PD CLC/TS CEN/CLC/TS 18072 Requirements for Conformity Assessment Bodies certifying Cloud Services

Categories: Unclassified documents

Drafting begins : 2024-01-18 		Drafting
ISO/IEC JTC 1/SC 27 N 22089, ISO/IEC PWI 5888 Information security, cybersecurity and privacy protection -- Security requirements and evaluation activities for connected vehicle devices

Categories: Information management | Standardization. General rules | Engineering | Road vehicles engineering | Car informatics. On board computer systems | Information technology

Proposal begins : 2021-11-29 		Proposal
BS ISO/IEC 27115 Cybersecurity evaluation of complex systems — Introduction and framework overview

Categories: Unclassified documents

Proposal begins : 		Proposal
BS ISO/IEC 24759 Information security, cybersecurity and privacy protection — Test requirements for cryptographic modules

Categories:

Comment resolution begins : 2024-11-18 		Comment resolution
BS ISO/IEC 19790 Information security, cybersecurity and privacy protection — Security requirements for cryptographic modules

Categories:

Comment resolution begins : 2024-11-18 		Comment resolution
BS EN ISO/IEC 29128-3 Information security — Verification of cryptographic protocols — Part 3: Part 3: Evaluation Methods and Activities for Protocol Implementation Verification

Categories: Unclassified documents

Drafting begins : 2025-05-23 		Drafting
BS EN ISO/IEC 29128-2 Information security, cybersecurity and privacy protection — Verification of Cryptographic Protocols — Part 2: Evaluation Methods and Activities for Cryptographic Protocols

Categories: Unclassified documents

Drafting begins : 2025-05-23 		Drafting
BS EN ISO/IEC 19989-1 Information security — Criteria and methodology for security evaluation of biometric systems — Part 1: Framework

Categories: Unclassified documents

Drafting begins : 2025-06-09 		Drafting
BS EN ISO/IEC 19792 Information security, cybersecurity and privacy protection — General principles of security evaluation of biometric systems

Categories:

Public comment begins : 2024-07-05 		Public comment
Published (33)
Reference Standards description
Status ?

The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
PD ISO/IEC/TR 24485:2022 Information security, cybersecurity and privacy protection. Security techniques. Security properties and best practices for test and evaluation of white box cryptography

Categories:

Published standard begins : 2022-11-01 		Published standard
PD ISO/IEC/TR 22216:2022 Information security, cybersecurity and privacy protection. New concepts and changes in ISO/IEC 15408:2022 and ISO/IEC 18045:2022

Categories:

Published standard begins : 2022-09-08 		Published standard
PD ISO/IEC/TR 19249:2017 Information technology. Security techniques Catalogue of architectural and design principles for secure products, systems and applications

Categories:

Published standard begins : 2017-12-13 		Published standard
PD ISO/IEC/TR 15446:2017 Information technology. Security techniques. Guidance for the production of protection profiles and security targets

Categories:

Published standard begins : 2017-10-25 		Published standard
PD ISO/IEC TS 30104:2015 Information Technology. Security Techniques. Physical Security Attacks, Mitigation Techniques and Security Requirements

Categories:

Published standard begins : 2015-05-27 		Published standard
PD ISO/IEC TS 24462:2024 Information security, cybersecurity and privacy protection. Ontology building blocks for security and risk assessment

Categories:

Published standard begins : 2024-03-22 		Published standard
PD ISO/IEC TS 20540:2018 Information technology. Security techniques. Testing cryptographic modules in their operational environment

Categories:

Published standard begins : 2018-06-05 		Published standard
PD ISO/IEC TS 19608:2018 Guidance for developing security and privacy functional requirements based on ISO/IEC 15408

Categories:

Published standard begins : 2018-10-26 		Published standard
PD ISO/IEC TR 5891:2024 Information security, cybersecurity and privacy protection — Hardware monitoring technology for hardware security assessment

Categories:

Published standard begins : 2024-04-15 		Published standard
PD ISO/IEC TR 20004:2015 Information technology. Security techniques. Refining software vulnerability analysis under ISO/IEC 15408 and ISO/IEC 18045

Categories:

Published standard begins : 2016-01-04 		Published standard
Withdrawn (35)
Reference Standards description
Status ?

The standards development process is divided into chronological stages: Proposal; Drafting; Public comment; Comment resolution; Approval; Published standard.
PD ISO/IEC TS 23532-2:2021 Information security, cybersecurity and privacy protection. Requirements for the competence of IT security testing and evaluation laboratories. Testing for ISO/IEC 19790

Categories:

Withdrawn begins : 2024-10-11 		Withdrawn
PD ISO/IEC TR 20004:2012 Information technology. Security techniques. Refining software vulnerability analysis under ISO/IEC 15408 and ISO/IEC 18045

Categories:

Withdrawn begins : 2016-01-04 		Withdrawn
PD ISO/IEC TR 19791:2006 Information technology. Security techniques. Security assessment of operational systems

Categories:

Withdrawn begins : 2010-04-16 		Withdrawn
PD ISO/IEC TR 15446:2009 Information technology. Security techniques. Guide for the production of protection profiles and security targets

Categories:

Withdrawn begins : 2017-10-25 		Withdrawn
PD ISO/IEC TR 15443-1:2005 Information technology. Security techniques. A framework for IT security assurance. Overview and framework

Categories:

Withdrawn begins : 2012-12-18 		Withdrawn
ISO/IEC TR 15443-2:2005 ISO/IECTR15443-2 : 2005 Information technology. Framework for IT Security Assurance. Part 2: Assurance methods

Categories: Information coding. Character sets

Withdrawn begins : 2012-11-20 		Withdrawn
BS ISO/IEC 30111:2019 Information technology. Security techniques. Vulnerability handling processes

Categories:

Withdrawn begins : 2020-06-11 		Withdrawn
BS ISO/IEC 30111:2013 Information technology. Security techniques. Vulnerability handling processes

Categories:

Withdrawn begins : 2019-10-09 		Withdrawn
BS ISO/IEC 29147:2018 Information technology. Security techniques. Vulnerability disclosure

Categories:

Withdrawn begins : 2020-06-10 		Withdrawn
BS ISO/IEC 29147:2014 Information technology. Security techniques. Vulnerability disclosure

Categories:

Withdrawn begins : 2018-10-26 		Withdrawn