• BS ISO/IEC TR 14516 : 2002

    Current The latest, up-to-date edition.

    INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDELINES FOR THE USE AND MANAGEMENT OF TRUSTED THIRD PARTY SERVICES

    Available format(s):  Hardcopy, PDF

    Language(s):  English

    Published date:  01-01-2002

    Publisher:  British Standards Institution

    Add To Cart

    Table of Contents - (Show below) - (Hide below)

    1 Scope
    2 References
       2.1 Identical Recommendations | International Standards
       2.2 Paired Recommendations | International Standards
            equivalent in technical content
       2.3 Additional References
    3 Definitions
    4 General Aspects
       4.1 Basis of Security Assurance and Trust
       4.2 Interaction between a TTP and Entities Using its
            Services
            4.2.1 In-line TTP Services
            4.2.2 On-line TTP Services
            4.2.3 Off-line TTP Services
       4.3 Interworking of TTP Services
    5 Management and Operational Aspects of a TTP
       5.1 Legal Issues
       5.2 Contractual Obligations
       5.3 Responsibilities
       5.4 Security Policy
            5.4.1 Security Policy Elements
            5.4.2 Standards
            5.4.3 Directives and Procedures
            5.4.4 Risk Management
            5.4.5 Selection of Safeguards
                   5.4.5.1 Physical and Environmental Measures
                   5.4.5.2 Organisational and Personnel Measures
                   5.4.5.3 IT Specific Measures
            5.4.6 Implementation Aspects of IT Security
                   5.4.6.1 Awareness and Training
                   5.4.6.2 Trustworthiness and Assurance
                   5.4.6.3 Accreditation of TTP Certification Bodies
            5.4.7 Operational Aspects of IT Security
                   5.4.7.1 Audit/Assessment
                   5.4.7.2 Incident Handling
                   5.4.7.3 Contingency Planning
       5.5 Quality of Service
       5.6 Ethics
       5.7 Fees
    6 Interworking
       6.1 TTP-Users
       6.2 User-User
       6.3 TTP-TTP
       6.4 TTP-Law Enforcement Agency
    7 Major Categories of TTP Services
       7.1 Time Stamping Service
            7.1.1 Time Stamping Authority
       7.2 Non-repudiation Services
       7.3 Key Management Services
            7.3.1 Key Generation Service
            7.3.2 Key Registration Service
            7.3.3 Key Certification Service
            7.3.4 Key Distribution Service
            7.3.5 Key Installation Service
            7.3.6 Key Storage Service
            7.3.7 Key Derivation Service
            7.3.8 Key Archiving Service
            7.3.9 Key Revocation Service
            7.3.10 Key Destruction Service
       7.4 Certificate Management Services
            7.4.1 Public Key Certificate Service
            7.4.2 Privilege Attribute Service
            7.4.3 On-line Authentication Service Based on
                   Certificates
            7.4.4 Revocation of Certificates Service
       7.5 Electronic Notary Public Services
            7.5.1 Evidence Generation Service
            7.5.2 Evidence Storage Service
            7.5.3 Arbitration Service
            7.5.4 Notary Authority
       7.6 Electronic Digital Archiving Service
       7.7 Other Services
            7.7.1 Directory Service
            7.7.2 Identification and Authentication Service
                   7.7.2.1 On-line Authentication Service
                   7.7.2.2 Off-line Authentication Service
                   7.7.2.3 In-line Authentication Service
            7.7.3 In-line Translation Service
            7.7.4 Recovery Services
                   7.7.4.1 Key Recovery Services
                   7.7.4.2 Data Recovery Services
            7.7.5 Personalisation Service
            7.7.6 Access Control Service
            7.7.7 Incident Reporting and Alert Management Service
    Annex A - Security Requirements for Management of TTPs
    Annex B - Aspects of CA management
       B.1 Example of Registration Process Procedures
       B.2 An example of requirements for Certification Authorities
       B.3 Certification Policy and Certification Practice
            Statement (CPS)
    Annex C - Bibliography

    Abstract - (Show below) - (Hide below)

    Specifies guidance on issued regarding the roles, positions and relationships of TTPs and the entities using TTP services. Associated with the provision and operation of a Trusted Third Party (TTP) are a number of security-related issued for which general guidance is necessary to assist business entities, developers and providers of systems and services, etc. Gives guidance for the use and management of TTPs, a clear definition of the basic duties and services provided, their description and their purpose, and the roles and liabilities of TTPs and entities using their services. Identifies different major categories of TTP services including: time stamping, non-repudiation, key management, certificate management, and electronic notary public. Each of these major categories consists of several services which logically belong together.

    General Product Information - (Show below) - (Hide below)

    Committee IST/33
    Development Note Supersedes 98/652588 DC (08/2002)
    Document Type Standard
    Publisher British Standards Institution
    Status Current

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC 13888-2:2010 Information technology Security techniques Non-repudiation Part 2: Mechanisms using symmetric techniques
    ISO 15782-1:2009 Certificate management for financial services Part 1: Public key certificates
    ISO/IEC 15408-2:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components
    ISO/IEC 7498-3:1997 Information technology Open Systems Interconnection Basic Reference Model: Naming and addressing
    ISO/IEC 9798-3:1998 Information technology Security techniques Entity authentication Part 3: Mechanisms using digital signature techniques
    BS 7799(1995) : AMD 9911 CODE OF PRACTICE FOR INFORMATION SECURITY MANAGEMENT
    ISO/IEC 11770-2:2008 Information technology Security techniques Key management Part 2: Mechanisms using symmetric techniques
    ISO/IEC 15945:2002 Information technology Security techniques Specification of TTP services to support the application of digital signatures
    ISO/IEC 15408-3:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components
    ISO/IEC 8824-2:2015 Information technology Abstract Syntax Notation One (ASN.1): Information object specification Part 2:
    ISO/IEC 13888-3:2009 Information technology Security techniques Non-repudiation Part 3: Mechanisms using asymmetric techniques
    ISO/IEC 9798-4:1999 Information technology Security techniques Entity authentication Part 4: Mechanisms using a cryptographic check function
    ISO/IEC 10181-3:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Access control framework
    ISO/IEC 10181-1:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Overview
    ISO/IEC 9798-2:2008 Information technology Security techniques Entity authentication Part 2: Mechanisms using symmetric encipherment algorithms
    ISO/IEC 9594-8:2017 Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks
    ISO/IEC TR 13335-2:1997 Information technology Guidelines for the management of IT Security Part 2: Managing and planning IT Security
    ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
    ISO/IEC 9594-6:2017 Information technology Open Systems Interconnection The Directory Part 6: Selected attribute types
    ISO/IEC 8824-4:2015 Information technology Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 specifications Part 4:
    ISO/IEC 10118-1:2016 Information technology Security techniques Hash-functions Part 1: General
    ISO/IEC TR 13335-3:1998 Information technology Guidelines for the management of IT Security Part 3: Techniques for the management of IT Security
    ISO/IEC 13888-1:2009 Information technology Security techniques Non-repudiation Part 1: General
    ISO/IEC Guide 61:1996 General requirements for assessment and accreditation of certification/registration bodies
    ISO/IEC 10181-4:1997 Information technology Open Systems Interconnection Security frameworks for open systems: Non-repudiation framework Part 4:
    ISO/IEC 10181-2:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Authentication framework
    ISO/IEC TR 13335-4:2000 Information technology Guidelines for the management of IT Security Part 4: Selection of safeguards
    ISO/IEC 10118-3:2004 Information technology Security techniques Hash-functions Part 3: Dedicated hash-functions
    AS/NZS 4444.1:1999 Information security management Code of practice for information security management
    ISO/IEC 15946-3:2002 Information technology Security techniques Cryptographic techniques based on elliptic curves Part 3: Key establishment
    ISO/IEC 10181-5:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Confidentiality framework
    ISO/IEC 15408-1:2009 Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model
    ISO/IEC 8824-1:2015 Information technology Abstract Syntax Notation One (ASN.1): Specification of basic notation Part 1:
    ISO/IEC 10181-6:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Integrity framework
    ISO/IEC 10118-2:2010 Information technology Security techniques Hash-functions Part 2: Hash-functions using an n-bit block cipher
    ISO/IEC Guide 65:1996 General requirements for bodies operating product certification systems
    ISO/IEC 8824-3:2015 Information technology Abstract Syntax Notation One (ASN.1): Constraint specification Part 3:
    ISO/IEC 11770-1:2010 Information technology Security techniques Key management Part 1: Framework
    ISO/IEC 11770-3:2015 Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques
    ISO/IEC 9798-1:2010 Information technology Security techniques Entity authentication Part 1: General
    ISO/IEC TR 13335-1:1996 Information technology — Guidelines for the management of IT Security — Part 1: Concepts and models for IT Security
    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective