• Shopping Cart
    There are no items in your cart

CAN/CSA-ISO/IEC 24760-3:18

Current

Current

The latest, up-to-date edition.

Information technology — Security techniques — A framework for identity management — Part 3: Practice (Adopted ISO/IEC 24760-3:2016, first edition, 2016-08-01)

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

01-01-2018

€142.67
Excluding VAT

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviated terms
5 Mitigating identity related risk in managing identity
  information
6 Identity information and identifiers
7 Auditing identity information usage
8 Control objectives and controls
Annex A (normative) - Practice of managing identity information
        in a federation of identity management systems
Annex B (normative) - Identity management practice using
        attribute-based credentials to enhance privacy protection
Bibliography

Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). Scope This part of ISO/IEC 24760 provides guidance for the management of identity information and for ensuring that an identity management system conforms to ISO/IEC 24760-1 and ISO/IEC 24760-2. This part of ISO/IEC 24760 is applicable to an identity management system where identifiers or PII relating to entities are acquired, processed, stored, transferred or used for the purposes of identifying or authenticating entities and/or for the purpose of decision making using attributes of entities. Practices for identity management can also be addressed in other standards.

DocumentType
Standard
ISBN
978-1-4883-1024-9
Pages
48
PublisherName
Canadian Standards Association
Status
Current

Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). Scope This part of ISO/IEC 24760 provides guidance for the management of identity information and for ensuring that an identity management system conforms to ISO/IEC 24760-1 and ISO/IEC 24760-2. This part of ISO/IEC 24760 is applicable to an identity management system where identifiers or PII relating to entities are acquired, processed, stored, transferred or used for the purposes of identifying or authenticating entities and/or for the purpose of decision making using attributes of entities. Practices for identity management can also be addressed in other standards.

Standards Relationship
ISO/IEC 24760-3:2016 Identical

ISO/IEC 29146:2016 Information technology — Security techniques — A framework for access management
ISO/IEC 29151:2017 Information technology — Security techniques — Code of practice for personally identifiable information protection
ISO/IEC 24760-1:2011 Information technology Security techniques A framework for identity management Part 1: Terminology and concepts
ISO/IEC 27002:2013 Information technology Security techniques Code of practice for information security controls
ISO/IEC 27018:2014 Information technology Security techniques Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
ISO/IEC 29115:2013 Information technology — Security techniques — Entity authentication assurance framework
ISO/IEC 29134:2017 Information technology — Security techniques — Guidelines for privacy impact assessment
ISO/IEC 29101:2013 Information technology Security techniques Privacy architecture framework
ISO/IEC 29100:2011 Information technology — Security techniques — Privacy framework

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.