CAN/CSA-ISO/IEC TR 14516-04 (R2017)
Current
The latest, up-to-date edition.
Information Technology - Security Techniques - Guidelines for the use and Management of Trusted Third Party Services (Adopted ISO/IEC TR 14516:2002, first edition, 2002-06-15)
Hardcopy , PDF
English, French
01-01-2004
Important note : All end users must be registered with an Account prior to user licenses being assigned.
1 Scope
2 References
3 Definitions
4 General Aspects
5 Management and Operational Aspects of a TTP
6 Interworking
7 Major Categories of TTP Services
Annex A - Security Requirements for Management of TTPs
Annex B - Aspects of CA management
Annex C - Bibliography
Associated with the provision and operation of a Trusted Third Party (TTP) are a number of security-related issues for which general guidance is necessary to assist business entities, developers and providers of systems and services, etc.
| DocumentType |
Standard
|
| ISBN |
1-55397-261-9
|
| Pages |
44
|
| ProductNote |
Reconfirmed EN
|
| PublisherName |
Canadian Standards Association
|
| Status |
Current
|
| Supersedes |
Scope Associated with the provision and operation of a Trusted Third Party (TTP) are a number of security-related issues for which general guidance is necessary to assist business entities, developers and providers of systems and services, etc. This includes guidance on issues regarding the roles, positions and relationships of TTPs and the entities using TTP services, the generic security requirements, who should provide what type of security, what the possible security solutions are, and the operational use and management of TTP service security. This Recommendation | Technical Report provides guidance for the use and management of TTPs, a clear definition of the basic duties and services provided, their description and their purpose, and the roles and liabilities of TTPs and entities using their services. It is intended primarily for system managers, developers, TTP operators and enterprise users to select those TTP services needed for particular requirements, their subsequent management, use and operational deployment, and the establishment of a Security Policy within a TTP. It is not intended to be used as a basis for a formal assessment of a TTP or a comparison of TTPs. This Recommendation | Technical Report identifies different major categories of TTP services including: time stamping, non-repudiation, key management, certificate management, and electronic notary public. Each of these major categories consists of several services which logically belong together.
| Standards | Relationship |
| ISO/IEC TR 14516:2002 | Identical |
| ISO/IEC 13888-2:2010 | Information technology Security techniques Non-repudiation Part 2: Mechanisms using symmetric techniques |
| ISO 15782-1:2009 | Certificate management for financial services Part 1: Public key certificates |
| ISO/IEC 15408-2:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components |
| ISO/IEC 9798-3:1998 | Information technology Security techniques Entity authentication Part 3: Mechanisms using digital signature techniques |
| BS 7799(1995) : AMD 9911 | CODE OF PRACTICE FOR INFORMATION SECURITY MANAGEMENT |
| ISO/IEC 11770-2:2008 | Information technology Security techniques Key management Part 2: Mechanisms using symmetric techniques |
| ISO/IEC 15945:2002 | Information technology — Security techniques — Specification of TTP services to support the application of digital signatures |
| ISO/IEC 15408-3:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components |
| ISO/IEC 13888-3:2009 | Information technology Security techniques Non-repudiation Part 3: Mechanisms using asymmetric techniques |
| ISO/IEC 9798-4:1999 | Information technology Security techniques Entity authentication Part 4: Mechanisms using a cryptographic check function |
| ISO/IEC 9798-2:2008 | Information technology Security techniques Entity authentication Part 2: Mechanisms using symmetric encipherment algorithms |
| ISO/IEC TR 13335-2:1997 | Information technology Guidelines for the management of IT Security Part 2: Managing and planning IT Security |
| ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
| ISO/IEC 10118-1:2016 | Information technology Security techniques Hash-functions Part 1: General |
| ISO/IEC TR 13335-3:1998 | Information technology Guidelines for the management of IT Security Part 3: Techniques for the management of IT Security |
| ISO/IEC 13888-1:2009 | Information technology Security techniques Non-repudiation Part 1: General |
| ISO/IEC Guide 61:1996 | General requirements for assessment and accreditation of certification/registration bodies |
| ISO/IEC TR 13335-4:2000 | Information technology Guidelines for the management of IT Security Part 4: Selection of safeguards |
| ISO/IEC 10118-3:2004 | Information technology Security techniques Hash-functions Part 3: Dedicated hash-functions |
| AS/NZS 4444.1:1999 | Information security management Code of practice for information security management |
| ISO/IEC 15946-3:2002 | Information technology Security techniques Cryptographic techniques based on elliptic curves Part 3: Key establishment |
| ISO/IEC 15408-1:2009 | Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model |
| ISO/IEC 10118-2:2010 | Information technology Security techniques Hash-functions Part 2: Hash-functions using an n-bit block cipher |
| ISO/IEC Guide 65:1996 | General requirements for bodies operating product certification systems |
| ISO/IEC 11770-1:2010 | Information technology Security techniques Key management Part 1: Framework |
| ISO/IEC 11770-3:2015 | Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques |
| ISO/IEC 9798-1:2010 | Information technology Security techniques Entity authentication Part 1: General |
| ISO/IEC TR 13335-1:1996 | Information technology — Guidelines for the management of IT Security — Part 1: Concepts and models for IT Security |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.