BS PD CEN ISO/TS 19299:2015

BS PD CEN ISO/TS 19299:2015 is an information security framework for all organizational and technical entities of an EFC scheme and in detail for the interfaces between them, based on the system architecture defined in ISO 17573. The security framework describes a set of requirements and associated security measures for stakeholders to implement and thus ensure a secure operation of their part of an EFC system as required for a trustworthy environment according to its security policy.

The scope of this Technical Specification comprises the following:

• definition of a trust model (Clause 5);
  Basic assumptions and principles for establishing trust between the stakeholders.
• security requirements (Clause 6);
• security measures - countermeasures (Clause 7);
  Security requirements to support actual EFC system implementations.
• security specifications for interface implementation (Clause 8);
  These specifications represent an add-on for security to the corresponding standards. Figure 5 above shows the relevant interfaces and the corresponding relevant interface standards, as illustrated in Figure 6.
• key management (Clause 9);
  Covering the (initial) setup of key exchange between stakeholders and several operational procedures like key renewal, certificate revocation, etc.
• security profiles (Annex A);
• implementation conformance statement (Annex B) provides a checklist to be used by an equipment supplier, a system implementation, or an actor of a role declaring his conformity to this Technical Specification;
• general information security objectives of the stakeholders (Annex C) which provide a basic motivation for the security requirements;
• threat analysis (Annex D) on the EFC system model and its assets using two different complementary methods, an attack-based analysis, and an asset-based analysis;
• security policy examples (Annex E and Annex F);
• recommendations for privacy-focused implementation (Annex G);
• proposal for end-entity certificates (Annex H).

Cross References:
ISO 12813:2015
ISO 12855:2015
ISO 13141:2015
ISO 14906:2011
EN 15509:2014
CEN/TS 16702-1:2014
ISO 17575-1:2015
ISO/IEC 7816-3
ISO/IEC 8825-1
ISO/IEC 9594-8:2014
ISO/IEC 9797-1:2011
ISO/IEC 11770-1:2010
ISO/IEC 11770-3:2015
ISO/IEC 18031
ISO/IEC 18033-2
ISO/IEC 19790
ISO/IEC 27001
ISO/IEC 27002:2013
ISO/IEC 27005
IETF RFC 4301:2005
IETF RFC 4347:2006
IETF RFC 4648:2006
IETF RFC 5035:2007
IETF RFC 5246:2008
IETF RFC 5280:2008
IETF RFC 5746:2010
FIPS 140-2:2002
ISO 7498-2:1989
ISO/IEC 8825-2
ISO/IEC 8825-4
ISO/IEC 9646-7:1995
ISO 17573:2010
2004/52/EC
95/46/EC
2006/24/EC
2008/597/EC
ISO/IEC 27000:2014
ISO/IEC 27003:2010
IETF RFC 2634
NIST 800-131A:2011
ISO/IEC 14888-1:2008
ISO/IEC 14888-2:2008
ISO/IEC 14888-3:2006
ISO/IEC 18033-3:2010
ISO/IEC 10118-3
ISO/IEC 10181-1:1996
ISO/TS 14907-2:2011
ISO 15782-1:2009
ISO/TS 17575-3:2011
ISO/TS 17575-3:2011/Corrigendum 1:2013
CEN/TS 16702-2:2014
CEN/TR 16690:2014
CEN/TR 16092:2011
ETSI/TR 102 893:2010
ETSI ES 674 200-1


All current amendments available at time of purchase are included with the purchase of this document.