ISO/IEC TR 14516:2002
Current
The latest, up-to-date edition.
Information technology Security techniques Guidelines for the use and management of Trusted Third Party services
Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users
English, French
27-06-2002
Associated with the provision and operation of a Trusted Third Party (TTP) are a number of security-related issues for
which general guidance is necessary to assist business entities, developers and providers of systems and services, etc.
This includes guidance on issues regarding the roles, positions and relationships of TTPs and the entities using TTP
services, the generic security requirements, who should provide what type of security, what the possible security
solutions are, and the operational use and management of TTP service security.
This Recommendation | Technical Report provides guidance for the use and management of TTPs, a clear definition of
the basic duties and services provided, their description and their purpose, and the roles and liabilities of TTPs and
entities using their services. It is intended primarily for system managers, developers, TTP operators and enterprise users
to select those TTP services needed for particular requirements, their subsequent management, use and operational
deployment, and the establishment of a Security Policy within a TTP. It is not intended to be used as a basis for a formal
assessment of a TTP or a comparison of TTPs.
This Recommendation | Technical Report identifies different major categories of TTP services including: time stamping,
non-repudiation, key management, certificate management, and electronic notary public. Each of these major categories
consists of several services which logically belong together.
DocumentType |
Standard
|
Pages |
33
|
PublisherName |
International Organization for Standardization
|
Status |
Current
|
Standards | Relationship |
AS ISO/IEC 14516-2004 | Identical |
INCITS/ISO/IEC TR 14516 : 2015 | Identical |
NEN NPR ISO/IEC TR 14516 : 2002 | Identical |
BS ISO/IEC TR 14516:2002 | Identical |
INCITS/ISO/IEC TR 14516:2002(R2020) | Identical |
CSA ISO/IEC TR 14516 : 2004 | Identical |
CAN/CSA-ISO/IEC TR 14516-04 (R2017) | Identical |
CSA ISO/IEC TR 14516 : 2004 : R2012 | Identical |
ISO/IEC 18028-5:2006 | Information technology Security techniques IT network security Part 5: Securing communications across networks using virtual private networks |
BS PD ISO/TR 17068 : 2012 | INFORMATION AND DOCUMENTATION - TRUSTED THIRD PARTY REPOSITORY FOR DIGITAL RECORDS |
BS ISO 17068:2017 | Information and documentation. Trusted third party repository for digital records |
CSA ISO/IEC 21827 : 2009 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - SYSTEMS SECURITY ENGINEERING - CAPABILITY MATURITY MODEL (SSE-CMM) |
08/30194076 DC : DRAFT DEC 2008 | BS ISO 21091 - HEALTH INFORMATICS - DIRECTORY SERVICES FOR SECURITY, COMMUNICATIONS AND IDENTIFICATION OF PROFESSIONALS AND PATIENTS |
CSA ISO TS 17090-2 : 2005 | HEALTH INFORMATICS - PUBLIC KEY INFRASTRUCTURE - PART 2: CERTIFICATE PROFILE |
05/30040757 DC : DRAFT JUN 2005 | ISO/IEC 18028 - INFORMATION TECHNOLOGY - IT NETWORK SECURITY - PART 1: NETWORK SECURITY MANAGEMENT |
EN 319 411-1 : 1.2.2 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); POLICY AND SECURITY REQUIREMENTS FOR TRUST SERVICE PROVIDERS ISSUING CERTIFICATES; PART 1: GENERAL REQUIREMENTS |
08/30169511 DC : DRAFT DEC 2008 | BS ISO/IEC 13888-3 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - NON-REPUDIATION - PART 3: MECHANISMS USING ASYMMETRIC TECHNIQUES |
ISO 17068:2017 | Information and documentation — Trusted third party repository for digital records |
08/30145964 DC : DRAFT SEP 2008 | BS ISO/IEC 24713-3 - BIOMETRIC PROFILES FOR INTEROPERABILITY AND DATA INTERCHANGE - PART 3: BIOMETRIC PROFILE FOR SEAFARERS |
BS ISO/IEC 18014-1:2008 | Information technology. Security techniques. Time- stamping services Framework |
CAN/CSA-ISO/IEC 27033-1:16 | Information technology - Security techniques - Network security - Part 1: Overview and concepts (Adopted ISO/IEC 27033-1:2015, second edition, 2015-08-15) |
CSA ISO/IEC 13888-1 : 2010 : R2015 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - NON-REPUDIATION - PART 1: GENERAL |
INCITS/ISO/IEC 18028-1 : 2008 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - IT NETWORK SECURITY - PART 1: NETWORK SECURITY MANAGEMENT |
ISO/IEC 24713-3:2009 | Information technology Biometric profiles for interoperability and data interchange Part 3: Biometrics-based verification and identification of seafarers |
UNI EN ISO 22600-2 : 2014 | HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 2: FORMAL MODELS |
ISO 17090-2:2015 | Health informatics Public key infrastructure Part 2: Certificate profile |
BS ISO 15782-1:2009 | Certificate management for financial services Public key certificates |
ISO/IEC 21827:2008 | Information technology Security techniques Systems Security Engineering Capability Maturity Model (SSE-CMM) |
I.S. EN ISO 21091:2013 | HEALTH INFORMATICS - DIRECTORY SERVICES FOR HEALTHCARE PROVIDERS, SUBJECTS OF CARE AND OTHER ENTITIES (ISO 21091:2013) |
BS EN ISO 21091:2013 | Health informatics. Directory services for healthcare providers, subjects of care and other entities |
BS ISO/IEC 18028-5:2006 | Information technology. Security techniques. IT network security Securing communications across networks using virtual private networks |
09/30168526 DC : 0 | BS ISO/IEC 27033-1 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - NETWORK SECURITY - PART 1: GUIDELINES FOR NETWORK SECURITY |
ISO/TS 17090-3:2002 | Health informatics Public key infrastructure Part 3: Policy management of certification authority |
TR 102 040 : 1.3.1 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); INTERNATIONAL HARMONIZATION OF POLICY REQUIREMENTS FOR CAS ISSUING CERTIFICATES |
12/30271004 DC : 0 | BS ISO 22600-2 - HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 2: FORMAL MODELS |
07/30169475 DC : 0 | BS ISO 15782-1 - CERTIFICATE MANAGEMENT FOR FINANCIAL SERVICES - PART 1: PUBLIC KEY CERTIFICATES |
BS ISO 17090-1:2013 | Health informatics. Public key infrastructure Overview of digital certificate services |
BS ISO/IEC TR 13335-5:2001 | Information technology. Guidelines for the management of IT security Management guidance of network security |
CSA ISO/IEC 13888-3 : 2010 : R2015 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - NON-REPUDIATION - PART 3: MECHANISMS USING ASYMMETRIC TECHNIQUES |
CSA ISO/IEC 18014-2 : 2010 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - TIME-STAMPING SERVICES - PART 2: MECHANISMS PRODUCING INDEPENDENT TOKENS |
CSA ISO/IEC 18014-1 : 2009 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - TIME-STAMPING SERVICES - PART 1: FRAMEWORK |
INCITS/ISO/IEC 24713-3 : 2010 | INFORMATION TECHNOLOGY - BIOMETRIC PROFILES FOR INTEROPERABILITY AND DATA INTERCHANGE - PART 3: BIOMETRICS BASED VERIFICATION AND IDENTIFICATION OF SEAFARERS |
CSA ISO TS 17090-3 : 2005 | HEALTH INFORMATICS - PUBLIC KEY INFRASTRUCTURE - PART 3: POLICY MANAGEMENT OF CERTIFICATION AUTHORITY |
INCITS/ISO/IEC 18028-5 : 2008 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - IT NETWORK SECURITY - PART 5: SECURING COMMUNICATIONS BETWEEN NETWORKS USING VIRTUAL PRIVATE NETWORKS |
ISO/IEC 13888-3:2009 | Information technology Security techniques Non-repudiation Part 3: Mechanisms using asymmetric techniques |
DD ISO/TS 17090-2:2002 | Health informatics. Public key infrastructure Certificate profile |
ISO/IEC 18014-1:2008 | Information technology Security techniques Time-stamping services Part 1: Framework |
ISO/IEC 13888-1:2009 | Information technology Security techniques Non-repudiation Part 1: General |
INCITS/ISO/IEC TR 13335-5 : 2001 | INFORMATION TECHNOLOGY - GUIDELINES FOR THE MANAGEMENT OF IT SECURITY - PART 5: MANAGEMENT GUIDANCE ON NETWORK SECURITY |
08/30135161 DC : 0 | ISO/IEC 18014-2 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - TIME-STAMPING SERVICES - PART 2: MECHANISMS PRODUCING INDEPENDENT TOKENS |
04/30062174 DC : DRAFT JUN 2004 | ISO/IEC FCD 17799 - INFORMATION TECHNOLOGY - CODE OF PRACTICE FOR INFORMATION SECURITY MANAGEMENT |
17/30281253 DC : 0 | BS ISO 21188 - PUBLIC KEY INFRASTRUCTURE FOR FINANCIAL SERVICES - PRACTICES AND POLICY FRAMEWORK |
BS ISO/IEC 13888-3:1997 | Information technology. Security techniques. Non-repudiation Mechanisms using asymmetric techniques |
14/30278505 DC : 0 | BS ISO/IEC 27033-1 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - NETWORK SECURITY PART 1: OVERVIEW AND CONCEPTS |
15/30282567 DC : 0 | BS ISO 12812-5 - CORE BANKING - MOBILE FINANCIAL SERVICES - PART 5: MOBILE PAYMENTS TO BUSINESS |
BS ISO/IEC 18028-1:2006 | Information technology. Security techniques. IT network security Network security management |
DD ISO/TS 17090-3:2002 | Health informatics. Public key infrastructure Policy management of certification authority |
BS ISO/IEC 18014-2:2009 | Information technology. Security techniques. Time-stamping services Mechanisms producing independent tokens |
DD ISO/TS 17090-1:2002 | Health informatics. Public key infrastructure Framework and overview |
07/30135157 DC : 0 | BS ISO/IEC 18014-1 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - TIME-STAMPING SERVICES - PART 1: FRAMEWORK |
BS ISO/IEC 21827:2008 | Information technology. Security techniques. Systems security engineering. Capability maturity model (SSE- CMM) |
12/30186137 DC : 0 | BS ISO/IEC 27002 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS |
BS EN ISO 22600-2:2014 | Health informatics. Privilege management and access control Formal models |
BS ISO 17090-3:2008 | Health informatics. Public key infrastructure Policy management of certification authority |
ISO/TS 22600-2:2006 | Health informatics Privilege management and access control Part 2: Formal models |
INCITS/ISO/IEC TR 13335-5 : 2001 : R2007 | INFORMATION TECHNOLOGY - GUIDELINES FOR THE MANAGEMENT OF IT SECURITY - PART 5: MANAGEMENT GUIDANCE ON NETWORK SECURITY |
CSA ISO/IEC 18014-2 : 2010 : R2015 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - TIME-STAMPING SERVICES - PART 2: MECHANISMS PRODUCING INDEPENDENT TOKENS |
BS ISO/IEC 13888-1:2009 | Information technology. Security techniques. Non-repudiation General |
CSA ISO TS 17090-1 : 2005 | HEALTH INFORMATICS - PUBLIC KEY INFRASTRUCTURE - PART 1: FRAMEWORK AND OVERVIEW |
CSA ISO/IEC 18028-5 : 2006 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - IT NETWORK SECURITY - PART 5: SECURING COMMUNICATIONS ACROSS NETWORKS USING VIRTUAL PRIVATE NETWORKS |
ISO/TR 17068:2012 | Information and documentation - Trusted third party repository for digital records |
ISO 15782-1:2009 | Certificate management for financial services Part 1: Public key certificates |
ISO/TS 17090-1:2002 | Health informatics Public key infrastructure Part 1: Framework and overview |
EN ISO 21091:2013 | Health informatics - Directory services for healthcare providers, subjects of care and other entities (ISO 21091:2013) |
CSA Z21091 : 2007 | HEALTH INFORMATICS - DIRECTORY SERVICES FOR SECURITY, COMMUNICATIONS AND IDENTIFICATION OF PROFESSIONALS AND PATIENTS |
ISO 17090-1:2013 | Health informatics Public key infrastructure Part 1: Overview of digital certificate services |
05/30092187 DC : DRAFT APR 2005 | ISO 21188 - PUBLIC KEY INFRASTRUCTURE FOR FINANCIAL SERVICES - PRACTICES AND POLICY FRAMEWORK |
BS ISO 17090-2:2015 | Health informatics. Public key infrastructure Certificate profile |
CSA ISO/IEC 18014-1 : 2009 : R2014 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - TIME-STAMPING SERVICES - PART 1: FRAMEWORK |
UNE-ISO/TR 17068:2013 | Information and documentation. Trusted third party repository for digital records. |
ISO 17090-3:2008 | Health informatics Public key infrastructure Part 3: Policy management of certification authority |
DIN EN ISO 22600-2:2015-02 | HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 2: FORMAL MODELS (ISO 22600-2:2014) |
15/30303638 DC : 0 | BS ISO 17068 - INFORMATION AND DOCUMENTATION - TRUSTED THIRD PARTY REPOSITORY FOR DIGITAL RECORDS |
PD ISO/TS 12812-5:2017 | Core banking. Mobile financial services Mobile payments to businesses |
CSA ISO/IEC 21827 : 2009 : R2014 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - SYSTEMS SECURITY ENGINEERING - CAPABILITY MATURITY MODEL (SSE-CMM) |
CSA ISO/IEC 13888-1:2010 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - NON-REPUDIATION - PART 1: GENERAL |
ISO/IEC 18014-2:2009 | Information technology Security techniques Time-stamping services Part 2: Mechanisms producing independent tokens |
ISO/TS 17090-2:2002 | Health informatics Public key infrastructure Part 2: Certificate profile |
ISO/IEC 18028-1:2006 | Information technology Security techniques IT network security Part 1: Network security management |
ISO 21091:2013 | Health informatics — Directory services for healthcare providers, subjects of care and other entities |
ISO 22600-2:2014 | Health informatics Privilege management and access control Part 2: Formal models |
EN ISO 22600-2:2014 | Health informatics - Privilege management and access control - Part 2: Formal models (ISO 22600-2:2014) |
05/30104603 DC : DRAFT JUN 2005 | ISO/IEC FCD 18028-5 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - IT NETWORK SECURITY - PART 5: SECURING COMMUNICATIONS ACROSS NETWORKS USING VIRTUAL PRIVATE NETWORKS |
13/30274150 DC : 0 | BS ISO 17090-2 - HEALTH INFORMATICS - PUBLIC KEY INFRASTRUCTURE - PART 2: CERTIFICATE PROFILE |
UNI EN ISO 21091 : 2013 | HEALTH INFORMATICS - DIRECTORY SERVICES FOR HEALTHCARE PROVIDERS, SUBJECTS OF CARE AND OTHER ENTITIES |
BS ISO/IEC 24713-3:2009 | Information technology. Biometric profiles for interoperability and data interchange Biometrics-based verification and identification of seafarers |
CSA ISO/IEC TR 13335-5 : 2004 | INFORMATION TECHNOLOGY - GUIDELINES FOR THE MANAGEMENT OF IT SECURITY - PART 5: MANAGEMENT GUIDANCE ON NETWORK SECURITY |
DD ISO/TS 22600-2:2006 | Health informatics. Privilege management and access control Formal models |
CSA ISO/IEC 13888-3:2010 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - NON-REPUDIATION - PART 3: MECHANISMS USING ASYMMETRIC TECHNIQUES |
ISO/IEC 20248:2018 | Information technology Automatic identification and data capture techniques Data structures Digital signature meta structure |
ISO/IEC TR 13335-5:2001 | Information technology Guidelines for the management of IT Security Part 5: Management guidance on network security |
ISO/TS 12812-5:2017 | Core banking — Mobile financial services — Part 5: Mobile payments to businesses |
CSA ISO/IEC 18028-1 : 2006 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - IT NETWORK SECURITY - PART 1: NETWORK SECURITY MANAGEMENT |
I.S. EN ISO 22600-2:2014 | HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 2: FORMAL MODELS (ISO 22600-2:2014) |
ISO/IEC 13888-2:2010 | Information technology Security techniques Non-repudiation Part 2: Mechanisms using symmetric techniques |
ISO 15782-1:2009 | Certificate management for financial services Part 1: Public key certificates |
ISO/IEC 15408-2:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components |
ISO/IEC 7498-3:1997 | Information technology Open Systems Interconnection Basic Reference Model: Naming and addressing |
ISO/IEC 9798-3:1998 | Information technology Security techniques Entity authentication Part 3: Mechanisms using digital signature techniques |
BS 7799(1995) : AMD 9911 | CODE OF PRACTICE FOR INFORMATION SECURITY MANAGEMENT |
ISO/IEC 11770-2:2008 | Information technology Security techniques Key management Part 2: Mechanisms using symmetric techniques |
ISO/IEC 15945:2002 | Information technology — Security techniques — Specification of TTP services to support the application of digital signatures |
ISO/IEC 15408-3:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components |
ISO/IEC 8824-2:2015 | Information technology Abstract Syntax Notation One (ASN.1): Information object specification Part 2: |
ISO/IEC 13888-3:2009 | Information technology Security techniques Non-repudiation Part 3: Mechanisms using asymmetric techniques |
ISO/IEC 9798-4:1999 | Information technology Security techniques Entity authentication Part 4: Mechanisms using a cryptographic check function |
ISO/IEC 10181-3:1996 | Information technology Open Systems Interconnection Security frameworks for open systems: Access control framework |
ISO/IEC 10181-1:1996 | Information technology Open Systems Interconnection Security frameworks for open systems: Overview |
ISO/IEC 9798-2:2008 | Information technology Security techniques Entity authentication Part 2: Mechanisms using symmetric encipherment algorithms |
ISO/IEC 9594-8:2017 | Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks |
ISO/IEC TR 13335-2:1997 | Information technology Guidelines for the management of IT Security Part 2: Managing and planning IT Security |
ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
ISO/IEC 9594-6:2017 | Information technology Open Systems Interconnection The Directory Part 6: Selected attribute types |
ISO/IEC 8824-4:2015 | Information technology Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 specifications Part 4: |
ISO/IEC 10118-1:2016 | Information technology Security techniques Hash-functions Part 1: General |
ISO/IEC TR 13335-3:1998 | Information technology Guidelines for the management of IT Security Part 3: Techniques for the management of IT Security |
ISO/IEC 13888-1:2009 | Information technology Security techniques Non-repudiation Part 1: General |
ISO/IEC Guide 61:1996 | General requirements for assessment and accreditation of certification/registration bodies |
ISO/IEC 10181-4:1997 | Information technology Open Systems Interconnection Security frameworks for open systems: Non-repudiation framework Part 4: |
ISO/IEC 10181-2:1996 | Information technology Open Systems Interconnection Security frameworks for open systems: Authentication framework |
ISO/IEC TR 13335-4:2000 | Information technology Guidelines for the management of IT Security Part 4: Selection of safeguards |
ISO/IEC 10118-3:2004 | Information technology Security techniques Hash-functions Part 3: Dedicated hash-functions |
AS/NZS 4444.1:1999 | Information security management Code of practice for information security management |
ISO/IEC 15946-3:2002 | Information technology Security techniques Cryptographic techniques based on elliptic curves Part 3: Key establishment |
ISO/IEC 10181-5:1996 | Information technology Open Systems Interconnection Security frameworks for open systems: Confidentiality framework |
ISO/IEC 15408-1:2009 | Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model |
ISO/IEC 8824-1:2015 | Information technology Abstract Syntax Notation One (ASN.1): Specification of basic notation Part 1: |
ISO/IEC 10181-6:1996 | Information technology Open Systems Interconnection Security frameworks for open systems: Integrity framework |
ISO/IEC 10118-2:2010 | Information technology Security techniques Hash-functions Part 2: Hash-functions using an n-bit block cipher |
ISO/IEC Guide 65:1996 | General requirements for bodies operating product certification systems |
ISO/IEC 8824-3:2015 | Information technology Abstract Syntax Notation One (ASN.1): Constraint specification Part 3: |
ISO/IEC 11770-1:2010 | Information technology Security techniques Key management Part 1: Framework |
ISO/IEC 11770-3:2015 | Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques |
ISO/IEC 9798-1:2010 | Information technology Security techniques Entity authentication Part 1: General |
ISO/IEC TR 13335-1:1996 | Information technology — Guidelines for the management of IT Security — Part 1: Concepts and models for IT Security |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.