UNE-EN ISO 19299:2020
Current
The latest, up-to-date edition.
Electronic fee collection - Security framework (ISO 19299:2020) (Endorsed by Asociación Española de Normalización in October of 2020.)
Hardcopy , PDF
English
01-10-2020
The overall scope of this document is the definition of an information security framework for all organizational and technical entities of an EFC scheme and for the related interfaces, based on the system architecture defined in ISO 17573-1. The security framework describes a set of requirements and associated security measures.
The scope of this document comprises the following:
definition of a trust model (Clause 5): basic assumptions and principles for establishing trust between the stakeholders.
security requirements (Clause 6): security requirements to support actual EFC system implementations;
security measures countermeasures (Clause 7);
security specifications for interface implementation (Clause 8): security add-on to EFC standards, as shown in Figure 6;
key management (Clause 9): initial setup of key exchange between stakeholders and several operational procedures like key renewal, certificate revocation, etc.;
security profiles (Annex A);
implementation conformance statement (Annex B): checklist to be used by an equipment supplier, a system implementation, or an actor of a role declaring his conformity to this document;
general information security objectives of the stakeholders (Annex C) which provide a basic motivation for the security requirements;
threat analysis (Annex D) on the EFC system model and its assets using two different complementary methods, an attack-based analysis, and an asset-based analysis;
security policy examples (Annex E and Annex F);
recommendations for privacy-focused implementation (Annex G);
proposal for end-entity certificates (Annex H).
The following are outside the scope of this document:
a complete risk assessment for an EFC system;
security issues rising from an EFC application running on an ITS station;
NOTE Security issues associated with an EFC application running on an ITS station are covered in CEN/TR 16690.
entities and interfaces of the interoperability management role;
the technical trust relation between TSP and service user;
concrete implementation specifications for implementation of security for specific EFC services (e.g. European Electronic Toll Service (EETS));
detailed specifications required for privacy-friendly EFC implementations;
any financial transactions between the payment service provider and the payment medium (e.g. ICC) issued by it.
| Committee |
CTN 159
|
| DocumentType |
Standard
|
| Pages |
145
|
| ProductNote |
THIS STANDARD ALSO REFERS:IETF RFC 4648,IETF RFC 5280,ISO 14907-2
|
| PublisherName |
Asociación Española de Normalización
|
| Status |
Current
|
| Standards | Relationship |
| ISO 19299:2020 | Identical |
| EN ISO 19299:2020 | Identical |
Access your standards online with a subscription
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.
Important note : Users cannot be edited or removed once added to your Multi user PDF.