ISO/IEC TR 14516:2002
Current
Current
The latest, up-to-date edition.
Information technology — Security techniques — Guidelines for the use and management of Trusted Third Party services
Available format(s)
Hardcopy , PDF
Language(s)
English, French
Published date
27-06-2002
€149.00
Excluding VAT
Associated with the provision and operation of a Trusted Third Party (TTP) are a number of security-related issues for
which general guidance is necessary to assist business entities, developers and providers of systems and services, etc.
This includes guidance on issues regarding the roles, positions and relationships of TTPs and the entities using TTP
services, the generic security requirements, who should provide what type of security, what the possible security
solutions are, and the operational use and management of TTP service security.
This Recommendation | Technical Report provides guidance for the use and management of TTPs, a clear definition of
the basic duties and services provided, their description and their purpose, and the roles and liabilities of TTPs and
entities using their services. It is intended primarily for system managers, developers, TTP operators and enterprise users
to select those TTP services needed for particular requirements, their subsequent management, use and operational
deployment, and the establishment of a Security Policy within a TTP. It is not intended to be used as a basis for a formal
assessment of a TTP or a comparison of TTPs.
This Recommendation | Technical Report identifies different major categories of TTP services including: time stamping,
non-repudiation, key management, certificate management, and electronic notary public. Each of these major categories
consists of several services which logically belong together.
| Committee |
ISO/IEC JTC 1/SC 27
|
| DocumentType |
Standard
|
| Pages |
33
|
| PublisherName |
International Organization for Standardization
|
| Status |
Current
|
| Standards | Relationship |
| AS ISO/IEC 14516-2004 | Identical |
| INCITS/ISO/IEC TR 14516 : 2015 | Identical |
| NEN NPR ISO/IEC TR 14516 : 2002 | Identical |
| BS ISO/IEC TR 14516:2002 | Identical |
| INCITS/ISO/IEC TR 14516:2002(R2020) | Identical |
| INCITS/ISO/IEC TR 14516:2002(R2025) | Identical |
| TR X 0081:2003 | Identical |
| INCITS/ISO/IEC TR 14516:2002(R2025) | Identical |
| ISO/IEC 18028-5:2006 | Information technology — Security techniques — IT network security — Part 5: Securing communications across networks using virtual private networks |
| BS PD ISO/TR 17068 : 2012 | INFORMATION AND DOCUMENTATION - TRUSTED THIRD PARTY REPOSITORY FOR DIGITAL RECORDS |
| BS ISO 17068:2017 | Information and documentation. Trusted third party repository for digital records |
| 08/30194076 DC : DRAFT DEC 2008 | BS ISO 21091 - HEALTH INFORMATICS - DIRECTORY SERVICES FOR SECURITY, COMMUNICATIONS AND IDENTIFICATION OF PROFESSIONALS AND PATIENTS |
| 05/30040757 DC : DRAFT JUN 2005 | ISO/IEC 18028 - INFORMATION TECHNOLOGY - IT NETWORK SECURITY - PART 1: NETWORK SECURITY MANAGEMENT |
| 08/30169511 DC : DRAFT DEC 2008 | BS ISO/IEC 13888-3 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - NON-REPUDIATION - PART 3: MECHANISMS USING ASYMMETRIC TECHNIQUES |
| ISO 17068:2017 | Information and documentation — Trusted third party repository for digital records |
| 08/30145964 DC : DRAFT SEP 2008 | BS ISO/IEC 24713-3 - BIOMETRIC PROFILES FOR INTEROPERABILITY AND DATA INTERCHANGE - PART 3: BIOMETRIC PROFILE FOR SEAFARERS |
| BS ISO/IEC 18014-1:2008 | Information technology. Security techniques. Time- stamping services Framework |
| INCITS/ISO/IEC 18028-1 : 2008 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - IT NETWORK SECURITY - PART 1: NETWORK SECURITY MANAGEMENT |
| ISO/IEC 24713-3:2009 | Information technology — Biometric profiles for interoperability and data interchange — Part 3: Biometrics-based verification and identification of seafarers |
| ISO 17090-2:2015 | Health informatics — Public key infrastructure — Part 2: Certificate profile |
| BS ISO 15782-1:2009 | Certificate management for financial services Public key certificates |
| ISO/IEC 21827:2008 | Information technology — Security techniques — Systems Security Engineering — Capability Maturity Model® (SSE-CMM®) |
| I.S. EN ISO 21091:2013 | HEALTH INFORMATICS - DIRECTORY SERVICES FOR HEALTHCARE PROVIDERS, SUBJECTS OF CARE AND OTHER ENTITIES (ISO 21091:2013) |
| BS EN ISO 21091:2013 | Health informatics. Directory services for healthcare providers, subjects of care and other entities |
| BS ISO/IEC 18028-5:2006 | Information technology. Security techniques. IT network security Securing communications across networks using virtual private networks |
| 09/30168526 DC : 0 | BS ISO/IEC 27033-1 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - NETWORK SECURITY - PART 1: GUIDELINES FOR NETWORK SECURITY |
| ISO/TS 17090-3:2002 | Health informatics — Public key infrastructure — Part 3: Policy management of certification authority |
| 12/30271004 DC : 0 | BS ISO 22600-2 - HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 2: FORMAL MODELS |
| 07/30169475 DC : 0 | BS ISO 15782-1 - CERTIFICATE MANAGEMENT FOR FINANCIAL SERVICES - PART 1: PUBLIC KEY CERTIFICATES |
| BS ISO 17090-1:2013 | Health informatics. Public key infrastructure Overview of digital certificate services |
| BS ISO/IEC TR 13335-5:2001 | Information technology. Guidelines for the management of IT security Management guidance of network security |
| INCITS/ISO/IEC 24713-3 : 2010 | INFORMATION TECHNOLOGY - BIOMETRIC PROFILES FOR INTEROPERABILITY AND DATA INTERCHANGE - PART 3: BIOMETRICS BASED VERIFICATION AND IDENTIFICATION OF SEAFARERS |
| INCITS/ISO/IEC 18028-5 : 2008 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - IT NETWORK SECURITY - PART 5: SECURING COMMUNICATIONS BETWEEN NETWORKS USING VIRTUAL PRIVATE NETWORKS |
| ISO/IEC 13888-3:2009 | Information technology — Security techniques — Non-repudiation — Part 3: Mechanisms using asymmetric techniques |
| DD ISO/TS 17090-2:2002 | Health informatics. Public key infrastructure Certificate profile |
| ISO/IEC 18014-1:2008 | Information technology — Security techniques — Time-stamping services — Part 1: Framework |
| ISO/IEC 13888-1:2009 | Information technology — Security techniques — Non-repudiation — Part 1: General |
| INCITS/ISO/IEC TR 13335-5 : 2001 | INFORMATION TECHNOLOGY - GUIDELINES FOR THE MANAGEMENT OF IT SECURITY - PART 5: MANAGEMENT GUIDANCE ON NETWORK SECURITY |
| 08/30135161 DC : 0 | ISO/IEC 18014-2 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - TIME-STAMPING SERVICES - PART 2: MECHANISMS PRODUCING INDEPENDENT TOKENS |
| 04/30062174 DC : DRAFT JUN 2004 | ISO/IEC FCD 17799 - INFORMATION TECHNOLOGY - CODE OF PRACTICE FOR INFORMATION SECURITY MANAGEMENT |
| 17/30281253 DC : 0 | BS ISO 21188 - PUBLIC KEY INFRASTRUCTURE FOR FINANCIAL SERVICES - PRACTICES AND POLICY FRAMEWORK |
| BS ISO/IEC 13888-3:1997 | Information technology. Security techniques. Non-repudiation Mechanisms using asymmetric techniques |
| 14/30278505 DC : 0 | BS ISO/IEC 27033-1 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - NETWORK SECURITY PART 1: OVERVIEW AND CONCEPTS |
| 15/30282567 DC : 0 | BS ISO 12812-5 - CORE BANKING - MOBILE FINANCIAL SERVICES - PART 5: MOBILE PAYMENTS TO BUSINESS |
| BS ISO/IEC 18028-1:2006 | Information technology. Security techniques. IT network security Network security management |
| DD ISO/TS 17090-3:2002 | Health informatics. Public key infrastructure Policy management of certification authority |
| BS ISO/IEC 18014-2:2009 | Information technology. Security techniques. Time-stamping services Mechanisms producing independent tokens |
| DD ISO/TS 17090-1:2002 | Health informatics. Public key infrastructure Framework and overview |
| 07/30135157 DC : 0 | BS ISO/IEC 18014-1 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - TIME-STAMPING SERVICES - PART 1: FRAMEWORK |
| BS ISO/IEC 21827:2008 | Information technology. Security techniques. Systems security engineering. Capability maturity model (SSE- CMM) |
| 12/30186137 DC : 0 | BS ISO/IEC 27002 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS |
| BS EN ISO 22600-2:2014 | Health informatics. Privilege management and access control Formal models |
| BS ISO 17090-3:2008 | Health informatics. Public key infrastructure Policy management of certification authority |
| ISO/TS 22600-2:2006 | Health informatics — Privilege management and access control — Part 2: Formal models |
| INCITS/ISO/IEC TR 13335-5 : 2001 : R2007 | INFORMATION TECHNOLOGY - GUIDELINES FOR THE MANAGEMENT OF IT SECURITY - PART 5: MANAGEMENT GUIDANCE ON NETWORK SECURITY |
| BS ISO/IEC 13888-1:2009 | Information technology. Security techniques. Non-repudiation General |
| ISO/TR 17068:2012 | Information and documentation - Trusted third party repository for digital records |
| ISO 15782-1:2009 | Certificate management for financial services — Part 1: Public key certificates |
| ISO/TS 17090-1:2002 | Health informatics — Public key infrastructure — Part 1: Framework and overview |
| EN ISO 21091:2013 | Health informatics - Directory services for healthcare providers, subjects of care and other entities (ISO 21091:2013) |
| ISO 17090-1:2013 | Health informatics — Public key infrastructure — Part 1: Overview of digital certificate services |
| 05/30092187 DC : DRAFT APR 2005 | ISO 21188 - PUBLIC KEY INFRASTRUCTURE FOR FINANCIAL SERVICES - PRACTICES AND POLICY FRAMEWORK |
| BS ISO 17090-2:2015 | Health informatics. Public key infrastructure Certificate profile |
| ISO 17090-3:2008 | Health informatics — Public key infrastructure — Part 3: Policy management of certification authority |
| DIN EN ISO 22600-2:2015-02 | HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 2: FORMAL MODELS (ISO 22600-2:2014) |
| 15/30303638 DC : 0 | BS ISO 17068 - INFORMATION AND DOCUMENTATION - TRUSTED THIRD PARTY REPOSITORY FOR DIGITAL RECORDS |
| PD ISO/TS 12812-5:2017 | Core banking. Mobile financial services Mobile payments to businesses |
| ISO/IEC 18014-2:2009 | Information technology — Security techniques — Time-stamping services — Part 2: Mechanisms producing independent tokens |
| ISO/TS 17090-2:2002 | Health informatics — Public key infrastructure — Part 2: Certificate profile |
| ISO/IEC 18028-1:2006 | Information technology — Security techniques — IT network security — Part 1: Network security management |
| ISO 21091:2013 | Health informatics — Directory services for healthcare providers, subjects of care and other entities |
| ISO 22600-2:2014 | Health informatics — Privilege management and access control — Part 2: Formal models |
| EN ISO 22600-2:2014 | Health informatics - Privilege management and access control - Part 2: Formal models (ISO 22600-2:2014) |
| 05/30104603 DC : DRAFT JUN 2005 | ISO/IEC FCD 18028-5 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - IT NETWORK SECURITY - PART 5: SECURING COMMUNICATIONS ACROSS NETWORKS USING VIRTUAL PRIVATE NETWORKS |
| 13/30274150 DC : 0 | BS ISO 17090-2 - HEALTH INFORMATICS - PUBLIC KEY INFRASTRUCTURE - PART 2: CERTIFICATE PROFILE |
| BS ISO/IEC 24713-3:2009 | Information technology. Biometric profiles for interoperability and data interchange Biometrics-based verification and identification of seafarers |
| DD ISO/TS 22600-2:2006 | Health informatics. Privilege management and access control Formal models |
| ISO/IEC 20248:2018 | Information technology — Automatic identification and data capture techniques — Data structures — Digital signature meta structure |
| ISO/IEC TR 13335-5:2001 | Information technology — Guidelines for the management of IT Security — Part 5: Management guidance on network security |
| ISO/TS 12812-5:2017 | Core banking — Mobile financial services — Part 5: Mobile payments to businesses |
| I.S. EN ISO 22600-2:2014 | HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 2: FORMAL MODELS (ISO 22600-2:2014) |
| UNE-ISO/TR 17068:2013 | Information and documentation. Trusted third party repository for digital records. |
| ISO/IEC 13888-2:2010 | Information technology — Security techniques — Non-repudiation — Part 2: Mechanisms using symmetric techniques |
| ISO 15782-1:2009 | Certificate management for financial services — Part 1: Public key certificates |
| ISO/IEC 15408-2:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components |
| ISO/IEC 7498-3:1997 | Information technology — Open Systems Interconnection — Basic Reference Model: Naming and addressing |
| ISO/IEC 9798-3:1998 | Information technology — Security techniques — Entity authentication — Part 3: Mechanisms using digital signature techniques |
| BS 7799(1995) : AMD 9911 | CODE OF PRACTICE FOR INFORMATION SECURITY MANAGEMENT |
| ISO/IEC 11770-2:2008 | Information technology — Security techniques — Key management — Part 2: Mechanisms using symmetric techniques |
| ISO/IEC 15945:2002 | Information technology — Security techniques — Specification of TTP services to support the application of digital signatures |
| ISO/IEC 15408-3:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components |
| ISO/IEC 8824-2:2015 | Information technology — Abstract Syntax Notation One (ASN.1): Information object specification — Part 2: |
| ISO/IEC 13888-3:2009 | Information technology — Security techniques — Non-repudiation — Part 3: Mechanisms using asymmetric techniques |
| ISO/IEC 9798-4:1999 | Information technology — Security techniques — Entity authentication — Part 4: Mechanisms using a cryptographic check function |
| ISO/IEC 10181-3:1996 | Information technology — Open Systems Interconnection — Security frameworks for open systems: Access control framework |
| ISO/IEC 10181-1:1996 | Information technology — Open Systems Interconnection — Security frameworks for open systems: Overview |
| ISO/IEC 9798-2:2008 | Information technology — Security techniques — Entity authentication — Part 2: Mechanisms using symmetric encipherment algorithms |
| ISO/IEC 9594-8:2017 | Information technology — Open Systems Interconnection — The Directory — Part 8: Public-key and attribute certificate frameworks |
| ISO/IEC TR 13335-2:1997 | Information technology — Guidelines for the management of IT Security — Part 2: Managing and planning IT Security |
| ISO 7498-2:1989 | Information processing systems — Open Systems Interconnection — Basic Reference Model — Part 2: Security Architecture |
| ISO/IEC 9594-6:2017 | Information technology — Open Systems Interconnection — The Directory — Part 6: Selected attribute types |
| ISO/IEC 8824-4:2015 | Information technology — Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 specifications — Part 4: |
| ISO/IEC 10118-1:2016 | Information technology — Security techniques — Hash-functions — Part 1: General |
| ISO/IEC TR 13335-3:1998 | Information technology — Guidelines for the management of IT Security — Part 3: Techniques for the management of IT Security |
| ISO/IEC 13888-1:2009 | Information technology — Security techniques — Non-repudiation — Part 1: General |
| ISO/IEC Guide 61:1996 | General requirements for assessment and accreditation of certification/registration bodies |
| ISO/IEC 10181-4:1997 | Information technology — Open Systems Interconnection — Security frameworks for open systems: Non-repudiation framework — Part 4: |
| ISO/IEC 10181-2:1996 | Information technology — Open Systems Interconnection — Security frameworks for open systems: Authentication framework |
| ISO/IEC TR 13335-4:2000 | Information technology — Guidelines for the management of IT Security — Part 4: Selection of safeguards |
| ISO/IEC 10118-3:2004 | Information technology — Security techniques — Hash-functions — Part 3: Dedicated hash-functions |
| AS/NZS 4444.1:1999 | Information security management Code of practice for information security management |
| ISO/IEC 15946-3:2002 | Information technology — Security techniques — Cryptographic techniques based on elliptic curves — Part 3: Key establishment |
| ISO/IEC 10181-5:1996 | Information technology — Open Systems Interconnection — Security frameworks for open systems: Confidentiality framework |
| ISO/IEC 15408-1:2009 | Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model |
| ISO/IEC 8824-1:2015 | Information technology — Abstract Syntax Notation One (ASN.1): Specification of basic notation — Part 1: |
| ISO/IEC 10181-6:1996 | Information technology — Open Systems Interconnection — Security frameworks for open systems: Integrity framework |
| ISO/IEC 10118-2:2010 | Information technology — Security techniques — Hash-functions — Part 2: Hash-functions using an n-bit block cipher |
| ISO/IEC Guide 65:1996 | General requirements for bodies operating product certification systems |
| ISO/IEC 8824-3:2015 | Information technology — Abstract Syntax Notation One (ASN.1): Constraint specification — Part 3: |
| ISO/IEC 11770-1:2010 | Information technology — Security techniques — Key management — Part 1: Framework |
| ISO/IEC 11770-3:2015 | Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques |
| ISO/IEC 9798-1:2010 | Information technology — Security techniques — Entity authentication — Part 1: General |
| ISO/IEC TR 13335-1:1996 | Information technology — Guidelines for the management of IT Security — Part 1: Concepts and models for IT Security |
Summarise
Access your standards online with a subscription
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.
Important note : Users cannot be edited or removed once added to your Multi user PDF.