Low prices! Originals & Translations! Save your budget and time!
ONLINENORMS: Online Standards Store
Click View Shopping Cart
  1. Home
  2. INTERNATIONAL ORGANIZATION FOR STANDARDIZATION-INTERNATIONAL ELECTROTECHNICAL COMMISSION
  3. ISO/IEC 27099:2022 PDF

ISO/IEC 27099:2022 PDF

ISO/IEC 27099:2022 PDF

Name:
ISO/IEC 27099:2022 PDF

Published Date:
07/01/2022

Status:
Active

Description:

Information technology - Public key infrastructure - Practices and policy framework

Publisher:
International Organization for Standardization/International Electrotechnical Commission

Document status:
Active
Format:
Electronic (PDF)
Delivery time:
10 minutes
Delivery time (for Russian version):
200 business days
SKU:
Choose Document Language:
$83.4
Need Help?

This document sets out a framework of requirements to manage information security for Public key infrastructure (PKI) trust service providers through certificate policies, certificate practice statements, and, where applicable, their internal underpinning by an information security management system (ISMS). The framework of requirements includes the assessment and treatment of information security risks, tailored to meet the agreed service requirements of its users as specified through the certificate policy. This document is also intended to help trust service providers to support multiple certificate policies.

This document addresses the life cycle of public key certificates that are used for digital signatures, authentication, or key establishment for data encryption. It does not address authentication methods, non-repudiation requirements, or key management protocols based on the use of public key certificates. For the purposes of this document, the term °certificate° refers to public key certificates. This document is not applicable to attribute certificates.

This document uses concepts and requirements of an ISMS as defined in the ISO/IEC 27000 family of standards. It uses the code of practice for information security controls as defined in ISO/IEC 27002. Specific PKI requirements (e.g. certificate content, identity proofing, certificate revocation handling) are not addressed directly by an ISMS such as defined by ISO/IEC 27001 [26].

The use of an ISMS or equivalent is adapted to the application of PKI service requirements specified in the certificate policy as described in this document.

A PKI trust service provider is a special class of trust service for the use of public key certificates.

This document draws a distinction between PKI systems used in closed, open and contractual environments. This document is intended to facilitate the implementation of operational, baseline controls and practices in a contractual environment. While the focus of this document is on the contractual environment, application of this document to open or closed environments is not specifically precluded.


File Size : 1 file , 4.7 MB
Note : This product is unavailable in Russia, Ukraine, Belarus
Number of Pages : 102
Published : 07/01/2022

History

Related products

ISO/IEC 13888-1:2020
ISO/IEC 13888-1:2020
Published Date: 09/01/2020
Information security - Non-repudiation - Part 1: General
$49.8
ISO/IEC 20009-1:2013
ISO/IEC 20009-1:2013
Published Date: 08/01/2013
Information technology - Security techniques - Anonymous entity authentication - Part 1: General
$16.2
ISO/IEC 20008-1:2013
ISO/IEC 20008-1:2013
Published Date: 12/15/2013
Information technology - Security techniques - Anonymous digital signatures - Part 1: General
$49.8
ISO/IEC 29147:2018
ISO/IEC 29147:2018
Published Date: 10/01/2018
Information technology - Security techniques - Vulnerability disclosure
$58.2

Best-Selling Products

864 none
864 none
Published Date: 01/01/1996
Guidelines for Canadian Drinking Water Quality - Sixth Edition
$7.2