You are interested in:
Standards in Security and Cryptography

Contents

• International organisations: ISO, ITU, IETF, ...
• European organisations: CEN, ETSI, ...
• National governmental organisations: NIST, DIN, ...
• Sector specific organisations: ECBS, ECMA, IEEE, ...
• Industry standards: RSA, The Open Group (OSF + X/Open), ...
• Other sources of standards in security and cryptography

International organisations

Internet Engineering Task Force (IETF), as of October 26, 2000

Structure

• Security Area Web Page
• Workingsgroups in the Security Area
• An Open Specification for Pretty Good Privacy (openpgp)
• Authenticated Firewall Traversal (aft)
• Common Authentication Technology (cat)
• IP Security Policy (ipsp)
• IP Security Protocol (ipsec)
• IP Security Remote Access (ipsra)
• Intrusion Detection Exchange Format (idwg)
• Kerberized Internet Negotiation of Keys (kink)
• Kerberos WG (krb-wg)
• One Time Password Authentication (otp)
• Public-Key Infrastructure (X.509) (pkix)
• S/MIME Mail Security (smime)
• Secure Network Time Protocol (stime)
• Secure Shell (secsh)
• Securely Available Credentials (sacred)
• Security Issues in Network Event Logging (syslog)
• Simple Public Key Infrastructure (spki)
• Transport Layer Security (tls)
• Web Transaction Security (wts)
• XML Digital Signatures (xmldsig)

Some Standards

International Organization for Standardization (ISO)

Structure

• ISO/IEC JTC1: Information Technology (standards)
• SC6: Telecommunications and information exchange between systems (standards)
• SC17: Identification cards and related devices (standards)
• SC18: Document processing and related communication (standards)
• SC21: Open systems interconnection (OSI) (standards)
• SC27: IT Security Techniques (standards)
• ISO TC68: Banking and related financial services (standards)

Some Standards

• ISO 7498-2:1989 Information processing systems -- Open Systems Interconnection -- Basic Reference Model -- Part 2: Security Architecture
• ISO/IEC 10164-7:1992 Information technology -- Open Systems Interconnection -- Systems Management: Security alarm reporting function
• ISO/IEC 10164-8:1993 Information technology -- Open Systems Interconnection -- Systems Management: Security audit trail function
• ISO/IEC DIS 10164-9 Information technology -- Open Systems Interconnection -- Systems management: Objects and attributes for access control
• ISO/IEC DIS 10181-1 Information technology -- Open Systems Interconnection -- Security Frameworks for Open Systems: Overview
• ISO/IEC DIS 10181-2 Information technology -- Open Systems Interconnection -- Security Frameworks for Open Systems -- Part 2: Authentication Framework
• ISO/IEC DIS 10181-3 Information technology -- Open Systems Interconnection -- Security frameworks in open systems -- Part 3: Access control
• ISO/IEC DIS 10181-4 Information technology -- Open Systems Interconnection -- Security frameworks in Open Systems -- Part 4: Non-repudiation
• ISO/IEC DIS 10181-5 Information technology -- Security frameworks in open systems -- Part 5: Confidentiality
• ISO/IEC DIS 10181-6 Information technology -- Security frameworks in open systems -- Part 6: Integrity
• ISO/IEC DIS 10181-7 Information technology -- Open Systems Interconnection -- Security Frameworks for Open Systems: Security Audit Framework
• ISO/IEC 10745:1995 Information technology -- Open Systems Interconnection -- Upper layers security model
• ISO/IEC DIS 11586-1 Information technology -- Open Systems Interconnection -- Generic Upper Layers Security -- Part 1: Overview, Models and Notation
• ISO/IEC DIS 11586-2 Information technology -- Open Systems Interconnection -- Generic Upper Layers Security -- Part 2: Security Exchange Service Element (SESE) Service Specification
• ISO/IEC DIS 11586-3 Information technology -- Open Systems Interconnection -- Generic Upper Layers Security -- Part 3: Security Exchange Service Element (SESE) Protocol Specification
• ISO/IEC DIS 11586-4 Information technology -- Open Systems Interconnection -- Generic Upper Layers Security -- Part 4: Protecting Transfer Syntax Specification
• ISO/IEC DIS 11586-5 Information technology -- Open Systems Interconnection -- Generic Upper Layers Security: Security Exchange Service Element Protocol Implementation Conformance Statement (PICS) Proforma
• ISO/IEC DIS 11586-6 Information technology -- Open Systems Interconnection -- Generic Upper Layers Security: Protecting Transfer Syntax Implementation Conformance Statement (PICS) Proforma
• ISO/IEC DIS 11587 Information technology -- Open Systems Interconnection -- Application Context for Systems Management with Transaction Processing
• ISO 8372:1987 Information processing -- Modes of operation for a 64-bit block cipher algorithm
• ISO 9160:1988 Information processing -- Data encipherment -- Physical layer interoperability requirements
• ISO/IEC 9796:1991 Information technology -- Security techniques -- Digital signature scheme giving message recovery
• ISO/IEC 9797:1994 Information technology -- Security techniques -- Data integrity mechanism using a cryptographic check function employing a block cipher algorithm
• ISO/IEC 9798-1:1991 Information technology -- Security techniques -- Entity authentication mechanisms -- Part 1: General model
• ISO/IEC 9798-2:1994 Information technology -- Security techniques -- Entity authentication -- Part 2: Mechanisms using symmetric encipherment algorithms
• ISO/IEC 9798-3:1993 Information technology -- Security techniques -- Entity authentication mechanisms -- Part 3: Entity authentication using a public key algorithm
• ISO/IEC 9798-4:1995 Information technology -- Security techniques -- Entity authentication -- Part 4: Mechanisms using a cryptographic check function
• ISO/IEC 9979:1991 Data cryptographic techniques -- Procedures for the registration of cryptographic algorithms
• ISO/IEC 10116:1991 Information technology -- Modes of operation for an n-bit block cipher algorithm
• ISO/IEC 10118-1:1994 Information technology -- Security techniques -- Hash-functions -- Part 1: General
• ISO/IEC 10118-2:1994 Information technology -- Security techniques -- Hash-functions -- Part 2: Hash-functions using an n-bit block cipher algorithm
• ISO/IEC DIS 11770-2 Information technology -- Security techniques -- Key management -- Part 2: Mechanisms using symmetric techniques
• ISO/IEC DTR 13335-1 Information technology -- Guidelines for the management of IT security -- Part 1: Concepts and models for IT security
• ISO/IEC DTR 13335-2 Information technology -- Guidelines for the management of IT security -- Part 2: Planning and managing IT security
• ISO/IEC DTR 13335-3 Information technology -- Guidelines for the management of IT security -- Part 3: Techniques for the management of IT security
• ISO/IEC DIS 14980 Information technology -- Code of practice for information security management

International Telecommunication Union (ITU) {previously known as CCITT}

Some Standards of Series X Recommendations - Data networks and open system communication

• [X.273] Recommendation X.273 - Information technology - Open Systems Interconnection - Network layer security protocol (9)
• [X.274] Recommendation X.274 - Information technology - Telecommunication and information exchange between systems - transport layer security protocol (6)
• [X.509] Recommendation X.509 - Information technology - Open Systems Interconnection - The directory: Authentication framework (4)
• [X.736] Recommendation X.736 - Information technology - Open Systems Interconnection - Systems management: Security alarm reporting function (6)
• [X.736 SUMMARY] Summary of Recommendation X.736 - Information technology - open systems interconnection - systems management: security alarm reporting function (1)
• [X.740] Recommendation X.740 - Information technology - Open Systems Interconnection - systems management: security audit trail function (6)
• [X.800] Recommendation X.800 - Security architecture for Open Systems Interconnection for CCITT applications (6)
• [X.800 SUMMARY] Summary of Recommendation X.800 - Security architecture for open systems interconnection for CCITT applications (1)
• [X.802] Recommendation X.802 - Information technology - Lower layers security model (2)
• [X.803] Recommendation X.803 - Information Technology - Open Systems Interconnection - Upper layers security model (2)

More Information

• ITU
• ITU-T Recommendations (catalogue, text for subscribers only)

European organisations

(*) These organizations are now part of CEN. 

CEN: European Committee for Standardisation / CENELEC: European Committee for Electrotechnical Standardisation

• ISSS, Information Society Standardization System, including the former
• EBES, European Board for EDI Standards
• EWOS, European Workshop on Open Systems

CEU: Commission of the European Union

• ITSEC/ITSEM

ECBS: European Committee for Banking Standards

Some Standards

• TR 401 Secure Banking over the Internet, March 1997
• TR 402 Certification Authorities, December 1997
• TR 405 Key recovery in Financial Systems, June 1998

ECMA: European Computer Manufacturers Association

Technical Reports

• ECMA-138, Security in Open Systems - Data Elements and Service Definitions, 1st Edition (December 1989)
• ECMA-205, Commercially oriented functionality class for security evaluation (COFC), 1st Edition (December 1993)
• ECMA-206, Association Context Management including Security Context Management, 1st Edition (December 1993)
• ECMA-219, Authentication and Privilege Attribute Security Application with related key distribution functions, 1st Edition (December 1994)

Technical Reports

• Technical Report ECMA TR/46, Security in Open Systems - A Security Framework, 1st Edition (July 1988)
• Technical Report ECMA TR/64, Secure Information Processing versus the Context of Product Evaluation, 1st Edition (December 1993)

More Information

• ECMA
• ECMA Technical Committees and Working Groups
• TC 36 - IT Security
• TC36-TG1 - IT Security evaluation criteria
• TC36-TG9 - Security in open systems
• List of standards (texts online)

ETSI: European Telecommunications Standards Institute

More Information

• Security

EWOS: European Workshop on Open Systems

EBES: European Board for EDI/EC Standardization

Information and Communications Technologies Standards Board

More Information

• ICT

National Governmental Organisations

USA: National Institute of Standards and Technology (NIST)

• X3: Information processing systems
• X9: Financial services
• X9.9: Existing wholesale DES MAC standard
• X9.19: Existing retail DES MAC standard
• X9.23: Existing wholesale encryption standard
• X9.17: Existing, recently updated wholesale DES key management standard
• X9.24: Existing retail DES key management standard
• X9.30:
• Part 1: Digital Signature Algorithm
• Part 2: Secure Hash Algorithm
• Part 3: Certificate management for DSA
• X9.31
• Part 1: RSA signature standard
• Part 2: MD2, MD5, SHA, MDC-2
• Part 3: certificate management
• X9.42: Diffie-Hellman key agreement
• X9.44: Transport of keys using RSA
• X9.45: Attribute certificates
• X9.41: mechanisms to manage security services
• X12: Electronic business data interchange
• X12.58 (version 2): EDI security structures

• Common Criteria for IT Security Evaluation (CC) (also an ISO standard). Server also hosts CEM (Evaluation Methodology), a Guide for Production of Protection Profiles and Security Targets, and registered protection profiles.
• Advanced Encryption Standard (AES)

Sector specific organisations

• IEEE
  • P1363 Standard Specifications For Public-Key Cryptography

Industry standards

RSA DSI

• Public Key Cryptographic Standard (PKCS)
• Overview
• PKCS #1: RSA Encryption and Signature
• PKCS #2: not valid
• PKCS #3: Diffie-Hellman Key Agreement
• PKCS #4: not valid
• PKCS #5: Password-based Encryption
• PKCS #6: Extended Certificate Syntax
• PKCS #7: Cryptographic Message Syntax
• PKCS #8: Private Key Information Syntax
• PKCS #9: Selected Attribute Syntaxes
• PKCS #10: Certificate Request Syntax)
• PKCS #11: Abstract Token Interface API
• More information:
• http://www.rsa.com
• ftp://ftp.rsa.com/pub/

Other Industry Specifications

• Intel's Common Data Security Architecture

The Open Group, as of May 28, 1997

• Security and Electronic Commerce; links to
• DCE Security, Baseline Security, Single Sign-On, GCS (Generic Cryptographic Services), Secure Communications Services, Public Key Infrastructure, Virtual SmartCard (Personal Security Module), Distributed Audit Services, The Open Group's Distributed Security Framework
• Standard Security - X/Open Security: Overview
• Security Publications of The Open Group

EMV (Europay, Mastercard, VISA)

• Europay, Mastercard, VISA
• Integrated Circuit Card Specifications for Payment Systems;
• EMV' 95: Version 2.0, Part 1 (Electromechanical Characteristics), Part 2 (Data Elements and Commands), Part 3 (Transaction Processing), and the Terminal Specification
• EMV '96: Version 3.0, Card, Terminal, and Application Specifications
• Mastercard and VISA
• see SET under Payment Systems

Other sources

• European Commission: OII -- Open Information Interchange service
• Warwick Ford: Computer Communications Security -- Principles, Standards, Protocols, and Techniques; Prentice Hall, Englewood Cliffs 1994.
• Richard Ankney: Introduction to Cryptographic Standards; Cipher, Electronic Newsletter of IEEE Computer Society TC on Security and Privacy. (Last updated in 1995.
• Webstart Communications: Standard
• CEN/ISSS survey of standards-related fora and consortia: Lists relevant organizations and gives a brief (few lines) summary of their activities.
• Lists of Standards Organizations, maintained by ANSI and ISO