INCITS/CS1 was established in April 2005 to serve as the US
TAG for ISO/IEC JTC 1/SC 27 and all
SC 27 Working Groups. The INCITS/CS1 area of work includes standardization
in the following areas:
- Management
of information security and systems
- Management
of third party information security service providers
- Intrusion
detection
- Network
security
- Incident
handling
- IT
Security evaluation and assurance
- Security
assessment of operational systems
- Security
requirements for cryptographic modules
- Protection
profiles
- Role based access control
- Security
checklists
- Security
metrics
- Cryptographic and non-crytographic techniques and mechanisms
including:
- confidentiality
- entity authentication
- non-repudiation
- key management
- data integrity
- message authentication
- hash-functions
- digital signatures
- Future service and applications standards supporting the
implementation of control objectives and controls as
defined in IS 27001, in the areas of:
- business continuity
- outsourcing
- Identity management, including:
- identity management framework
- role based access control
- single sign-on
- Privacy technologies, including:
- privacy framework
- privacy reference architecture
- privacy
- anonymity and credentials
- specific privacy enhancing technologies
The scope of CS1 explicitly
excludes the areas of work on cyber security standardization presently
underway in INCITS B10, M1, T3, T10 and T11; as well as other standard groups,
such as ATIS, IEEE, IETF, TIA, and X9.
|
CS1 Officers:
|
