JTC1/SC27

Structure

Current activities of SC 27 are divided into five Working Groups:

  • Working Group 1: Information Security Management Systems
  • Working Group 2: Cryptography and Security Mechanisms
  • Working Group 3: Security Evaluation, Testing and Specification
  • Working Group 4: Security Controls and Services
  • Working Group 5: Identity Management and Privacy Technologies
  • SC 27 Management Advisory Group (MAG)
  • Special Working Group on Transversal Items (SWG-T)


To obtain the International Standards developed by JTC 1/SC 27 or further information, please contact your National Body of ISO/IEC JTC 1/SC 27.

--------------------------------------------------------------------------------

ISO/IEC JTC1/SC 27/WG 1

Information Security Management Systems

Convener: Edward Humphreys, BSI, United Kingdom
(9th three-year term, May 2015 - May 2018)

Vice-Convener: Dale Johnstone, SA, Australia
(3rd three-year term, May 2015 - May 2018)


The Terms of Reference of this working group are:

The scope of WG 1 covers the development of ISMS (Information Security Management System) standards and guidelines (see SC 27 N5114). This includes:

  1. Development and maintenance of the ISO/IEC 27000 ISMS standards family
  2. Identification of requirements for future ISMS standards and guidelines
  3. On-going maintenance of WG1 standing document SD WG 1/1 (WG 1 Roadmap)
  4. Collaboration with other Working Groups in SC 27, in particular with WG 4 on standards addressing the implementation of control objectives and controls as defined in ISO/IEC 27001.


Liaison and collaboration with those organizations and committees dealing with specific requirements and guidelines for ISMS, for example:

  • ITU-T Telecoms
  • ISO/TC 215 Healthcare
  • ISO/TC 68 Banking
  • ISO/TC 204 Intelligent transport systems
  • ISO/TC 223 Civil defense
  • ISSEA
  • Aerospace
  • Automotive industry
  • Standards bodies, such as IETF, IEEE
  • International institutions, e.g. OECD, APEC, EU
  • IAF and CASCO, and other relevant groups regarding the development of accreditation and certification standards and guidelines

--------------------------------------------------------------------------------

ISO/IEC JTC1/SC 27/WG 2

Cryptography and Security Mechanisms

Convener: Takeshi Chikazawa, JISC, Japan
(3rd three-year term, April 2016 - April 2019)

Vice-Convener: Toshio Tatsuta, JISC, Japan
(3rd three-year term, April 2016 - April 2019)


The terms of reference of this working group are:

WG 2 provides a center of expertise for the standardization of IT Security techniques and mechanisms within JTC 1.
Terms of Reference:

  • identify the need and requirements for these techniques and mechanisms in IT systems and applications;
  • develop terminology, general models and standards for these techniques and mechanisms for use in security services.


The scope covers both cryptographic and non-cryptographic techniques and mechanisms including:

  • confidentiality;
  • entity authentication;
  • non-repudation;
  • key management;
  • data integrity such as message authentication;
    • hash-functions;
    • digital signatures.

The mechanisms in general include several options with respect to the techniques used including symmetric cryptographic, asymmetric cryptographic and non-cryptographic.

--------------------------------------------------------------------------------

ISO/IEC JTC 1/SC 27/WG 3

Security Evaluation, Testing and Specification

Convener: Miguel Bañón, UNE, Spain
(3rd three-year term, May 2015 - May 2018)

Vice-Convener: Naruki Kai, JISC, Japan
(2nd three-year term, April 2016 - April 2019)


The terms of reference of this working group are:

The scope covers aspects related to security engineering, with particular emphasis on, but not limited to standards for IT security specification, evaluation, testing and certification of IT systems, components, and products. This will include consideration of computer networks, distributed systems, associated application services, biometrics, etc.
The following aspects may be distinguished:

  • security evaluation criteria;
  • methodology for application of the criteria;
  • security functional and assurance specification of IT systems, components and products;
  • testing methodology for determination of security functional and assurance conformance;
  • administrative procedures for testing, evaluation, certification, and accreditation schemes.


This work will reflect the needs of relevant sectors in society, as represented through ISO/IEC National Bodies and other organizations in liaison, expressed in standards for security functionality and assurance.
Account will be taken of related ISO/IEC and ISO standards for quality management and testing so as not to duplicate these efforts.

--------------------------------------------------------------------------------

ISO/IEC JTC 1/SC 27/WG 4

Security Controls and Services

Convener: Johann Amsenga, CSA, South Africa
(2nd term of office May 2015 - May 2018)

Vice-Convener: François Lorek, AFNOR, France
(1st term of office May 2015 - May 2018)


The terms of reference of this working group are:

The scope of WG 4 covers the development and maintenance of standards and guidelines addressing services and applications supporting the implementation of control objectives and controls as defined in ISO/IEC 27001. This includes:

1. Current SC 27 projects:

  • IT Network security (ISO/IEC 27033)
  • Information security incident management (ISO/IEC 27035)
  • Selection, deployment and operation of Intrusion Detection Systems (IDS) (ISO/IEC 27039)
  • Guidelines on use and management of Trusted Third Party services (ITU-T X.842 I ISO/IEC TR 14516)
  • Specification of TTP services to support the application of digital signatures (ITU-T X.843 I ISO/IEC 15945)
  • Security information objects for access control (ITU-T X.841 I ISO/IEC 15816)


2. Identification of requirements for and development of future service and applications standards and guidelines, for example in the areas of

  • Business Continuity
  • Cyber Security
  • Outsourcing


3. On-going maintenance of WG4 standing document SD WG 4/1 (WG 4 Road Map)

4. Collaboration with other Working Groups in SC 27, in particular with WG1 on ISMS standards and guidelines

5. Liaison and collaboration with those organizations and committees dealing with specific requirements and guidelines for services and applications, for example:

  • ITU-T Telecoms
  • ISO/TC 215 Health informatics
  • ISO/TC 68 Banking
  • ISSEA
  • Aerospace
  • Automotive industry
  • Standards bodies, such as IETF, IEEE
  • International institutions, e.g. OECD, APEC, EU
  • IAF and CASCO, and other relevant groups regarding the development of accreditation and certification standards and guidelines


--------------------------------------------------------------------------------

ISO/IEC JTC 1/SC 27/WG 5

Identity Management and Privacy Technologies

Convener: Kai Rannenberg, DIN, Germany
(4th three-year term, April 2016 - April 2019)

Vice-Convener: Jan Schallaböck, DIN, Germany
(3rd three-year term, April 2016 - April 2019)


The terms of reference of this working group are:

The scope of SC 27/WG 5 covers the development and maintenance of standards and guidelines addressing security aspects of identity management, biometrics and the protection of personal data.
This includes:

1. Current SC 27 projects:

  • Framework for Identity Management (ISO/IEC 24760)
  • Biometric template protection (ISO/IEC 24745)
  • Authentication context for biometrics (ISO/IEC 24761)

2. Identification of requirements for and development of future standards and guidelines in these areas. For example in the area of Identity Management, topics such as

  • Role based access control
  • Provisioning
  • Identifiers
  • Single sign-on

In the area of Privacy, topics such as

  • A Privacy Framework
  • A Privacy Reference Architecture
  • Privacy infrastructures
  • Anonymity and credentials
  • Specific Privacy Enhancing Technologies (PETs)
  • Privacy Engineering


In the area of Biometrics, topics such as

  • Protection of biometric data
  • Authentication techniques

3. Collaboration with other Working Groups in SC 27, e.g., WG 1 on management aspects, WG 2 on specific cryptographic techniques and WG 3 on evaluation aspects.

4. Liaison and collaboration with those organizations and committees dealing with specific requirements and guidelines for services and applications in this area, for example:

  • ISO/IEC SC 37 Biometrics
  • ECRYPT
  • ISO/TC68/SC2 Financial Services Security
  • ISO/TC68/SC6/WG10 Financial Services-Retail Financial Services-Privacy
  • ITU-T SG17 Security, languages and telecommunication software
  • Future of Identity in the Information Society (FIDIS)
  • The International Conference of Data Protection and Privacy Commissioners
  • The Open Group (IdM Forum and Jericho Forum)

 

--------------------------------------------------------------------------------

SC 27 Management Advisory Group (MAG)

Convenor: Jean-Pierre Quemard, AFNOR, France
(1st three-year term, December 2017 - December 2020)
Vice-Convenor: Mike Nash, BIS, United Kingdom
(1st three-year term, December 2017 - December 2020)

The Terms of Reference of this advisory group are:
The Advisory Group operates under the direction of SC 27 Management to review and evaluate the effectiveness of SC 27 and to make recommendations to SC 27 Management  to this effect.

This includes:

  • Review, audit and evaluate the structure and management processes in SC 27 and develop recommendations for improvements;
  • Explore alternatives for the meeting structures (Plenary and Working Groups) and agenda of the SC 27 Plenary meetings;
  • Provide advice on matters of operational efficiency;
  • Advise and review of tools used to support the SC 27 processes;
  • Review of the effective distribution of public information on SC 27 activities and propose suggestions for improvements;
  • Provide advice, help and guidance to SC 27 Management on standards management and development;
  • Serve as an appeal body in case of an arbitration request from an SC27 member or Officer;
  • Monitor the activities, reports and recommendations of the JTC 1 Advisory Group (JAG);
  • Periodically report results and recommendations to SC 27 Management and coordinate ongoing work with related plans prior to the SC 27 Plenary meetings.

The Advisory Group functions purely in an advisory capacity to the SC 27 Management. Any recommendations or proposals conveyed to the SC 27 Management shall reflect a consensus outcome among Advisory Group members. The Advisory Group is not empowered to make proposals directly to the SC 27 Plenary, except if prior delegation of authority is provided by the SC 27 Management.

Administration
The Advisory Group will be managed by a Convenor, supported by a Vice-Convener, under approval of the SC 27 Management and endorsement by the SC 27 Plenary. The Advisory Group management is responsible for the administration of the group.

Membership and composition
Membership shall consist of maximum ten (10) SC 27 members having at least 5, but ideally 10 years experience within SC 27, preferably as an SC 27 Officer but shall not involve anybody in office of the SC 27 Management. The size of the Advisory Group is kept small enough to communicate and operate effectively.
Members to the Advisory Group shall be nominated by National Bodies or Working Group Convenors but are appointed by the SC 27 Management for a term of three (3) years in agreement with the Advisory Group Management. A statement of motivation shall accompany National Body nominations. The Convenor and Vice-Convenor are elected by the Advisory Group members for a term of three (3) years. Any appointment to the Advisory Group (Convenor, Vice-Convenor or member) can only be renewed once. No alternate is allowed if a member cannot attend a meeting. Any Advisory Group Member not attending two meetings in a row will be subject to replacement.
The Advisory Group membership will contain at least one member from each Working Group and should ensure an appropriate geographical spread. Experts/ guests may be invited to meetings for specific subjects at the discretion of the Advisory Group Convenor.

Modus Operandi
The Advisory Group shall mainly work electronically via e-mail. From time to time a remote meeting (e.g., WebEx, teleconference) may be organised to progress the work and at least one physical meeting in conjunction with the SC27 meetings shall be held each half year.
Agendas and minutes (including action points) of the Advisory Group remote or physical meetings shall be prepared in due time and shared with the SC27 Management.
The Advisory Group shall agree yearly on a list of issues and priorities. Work items should be progressed via written position papers / proposals.
The Advisory Group Convenor and Vice-Convenor will be invited to the SC27 Management Coordination meetings.   

 --------------------------------------------------------------------------------

Special Working Group on Transversal Items (SWG-T)

Convenor: Andreas Fuchsberger, DIN, Germany
(2nd three-year term, October 2016 - April 2019)

The Terms of Reference of this special working group are:
SWG-T operates under the direction of SC 27 to address topics which are beyond the scope of the respective existing WGs or can affect directly or indirectly multiple WGs. SWG-T can make recommendations to SC 27 and to the SWG-M to this effect. This includes:

  • Identify any gaps in the portfolio of SC 27 standards and projects to ensure market needs are being adequately addressed;
  • Alignment and coordination of WG roadmaps and overall SC 27 roadmap;
  • Harmonisation of vocabulary;
  • Review of issues arising from overlapping / conflicting scopes, activities and projects as well as disagreement on project assignments between Working Groups and beyond. SWG-T shall work with SC 27 Working Group Conveners and Liaison Officers to identify issues and to reach acceptable resolutions;
  • Adherence to scope for projects under development and monitoring of project progress with related work programmes / plans and regularly report results and recommendations to SC 27;
  • Review proposals and provide advice to SC 27 on initiatives such as Study Groups,
  • New Work Item Proposals (NWIPs), Fast-Tracks, and PAS submissions;
  • Monitor progress of SC 27 Study Groups;
  • SC 27 liaisons and common topics with other SCs or Standardization Bodies.

The SWG-T functions purely in an advisory capacity to the SC 27 Management and SC 27. Any recommendations or organizational decisions conveyed to the SC 27 Management and SC 27 by the SWG shall reflect a consensus outcome among SWG-T members present at the meeting. SWG-T is not empowered to make decisions on behalf of the SC 27 Plenary, except if delegation of authority is provided by SC 27 Plenary.
--------------------------------------------------------------------------------

JTC 1/SC 27 Chairman: DIN, Germany, Walter Fumy (7th year term, October 2017 - April 2018)
JTC 1/SC 27 Vice-chair: NBN, Belgium, Marijke De Soete (5th three-year term, April 2016 - April 2019)
JTC 1/SC 27 Communications Officer: BSI, United Kingdom, Edward Humphreys
JTC 1/SC 27 Secretariat: DIN, Germany, Krystyna Passia

TOP