CAN/CSA-ISO/IEC 24760-3:18
Current
The latest, up-to-date edition.
Information technology — Security techniques — A framework for identity management — Part 3: Practice (Adopted ISO/IEC 24760-3:2016, first edition, 2016-08-01)
Hardcopy , PDF
English
01-01-2018
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviated terms
5 Mitigating identity related risk in managing identity
information
6 Identity information and identifiers
7 Auditing identity information usage
8 Control objectives and controls
Annex A (normative) - Practice of managing identity information
in a federation of identity management systems
Annex B (normative) - Identity management practice using
attribute-based credentials to enhance privacy protection
Bibliography
Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). Scope This part of ISO/IEC 24760 provides guidance for the management of identity information and for ensuring that an identity management system conforms to ISO/IEC 24760-1 and ISO/IEC 24760-2. This part of ISO/IEC 24760 is applicable to an identity management system where identifiers or PII relating to entities are acquired, processed, stored, transferred or used for the purposes of identifying or authenticating entities and/or for the purpose of decision making using attributes of entities. Practices for identity management can also be addressed in other standards.
DocumentType |
Standard
|
ISBN |
978-1-4883-1024-9
|
Pages |
48
|
PublisherName |
Canadian Standards Association
|
Status |
Current
|
Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). Scope This part of ISO/IEC 24760 provides guidance for the management of identity information and for ensuring that an identity management system conforms to ISO/IEC 24760-1 and ISO/IEC 24760-2. This part of ISO/IEC 24760 is applicable to an identity management system where identifiers or PII relating to entities are acquired, processed, stored, transferred or used for the purposes of identifying or authenticating entities and/or for the purpose of decision making using attributes of entities. Practices for identity management can also be addressed in other standards.
Standards | Relationship |
ISO/IEC 24760-3:2016 | Identical |
ISO/IEC 29146:2016 | Information technology — Security techniques — A framework for access management |
ISO/IEC 29151:2017 | Information technology — Security techniques — Code of practice for personally identifiable information protection |
ISO/IEC 24760-1:2011 | Information technology Security techniques A framework for identity management Part 1: Terminology and concepts |
ISO/IEC 27002:2013 | Information technology Security techniques Code of practice for information security controls |
ISO/IEC 27018:2014 | Information technology Security techniques Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors |
ISO/IEC 29115:2013 | Information technology — Security techniques — Entity authentication assurance framework |
ISO/IEC 29134:2017 | Information technology — Security techniques — Guidelines for privacy impact assessment |
ISO/IEC 29101:2013 | Information technology Security techniques Privacy architecture framework |
ISO/IEC 29100:2011 | Information technology — Security techniques — Privacy framework |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.