ISO JTC 1/SC 27

is the creation of standards for general methods and techniques in the area of information security.

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) created the Joint Committee JTC 1 for cooperation in the area of information technology. Working drafts of international standards are sent out to the participating national standardization bodies. The publication as ISO/IEC-Standard or International Standard (IS) requires a quorum of 75%.^[1]

The international secretariat of ISO/IEC JTC 1/SC 27 is at the Deutsches Institut für Normung (DIN) in Germany.

Working groups:

A complete overview of the standards that it maintains is contained in Standing Document No 7 - SC27 Projects & Standards (SD7).^[2]

SC 27 WG1 Information Security Management Systems

Work group 1 is editing the ISO/IEC 2700x series that related to ISMS, Information security controls and Information security risk management.

SC 27 WG3 Security evaluation criteria

Work group 3 maintains the three parts of ISO/IEC 15408 for Common Criteria.

SC 27 WG5 Identity management and privacy technologies

The effort of work group 5 goes into documents such as

• A framework for identity management (24760)
• A framework for access management (29146)
• Privacy Framework (29100)
• Privacy Reference Architecture (29101)
• Privacy Capability Assessment Model (29190)
• Entity Authentication Assurance Framework (29115)

• ISO/IEC JTC 1/SC 27 IT Security Techniques
• Common Criteria Official Website
• ISO/IEC 27001

This page is available in 1 language

• Deutsch