InterNational Committee for Information Technology Standards

CS1 - Cyber Security


INCITS/CS1 was established in April 2005 to serve as the US TAG for ISO/IEC JTC 1/SC 27 and all SC 27 Working Groups. The INCITS/CS1 area of work includes standardization in the following areas:
  • Management of information security and systems
  • Management of third party information security service providers
  • Intrusion detection
  • Network security
  • Incident handling
  • IT Security evaluation and assurance
  • Security assessment of operational systems
  • Security requirements for cryptographic modules
  • Protection profiles
    • Role based access control
  • Security checklists
  • Security metrics
  • Cryptographic and non-crytographic techniques and mechanisms including:
    • confidentiality
    • entity authentication
    • non-repudiation
    • key management
    • data integrity
    • message authentication
    • hash-functions
    • digital signatures
  • Future service and applications standards supporting the implementation of control objectives and controls as
    defined in IS 27001, in the areas of:
    • business continuity
    • outsourcing
  • Identity management, including:
    • identity management framework
    • role based access control
    • single sign-on
  • Privacy technologies, including:
    • privacy framework
    • privacy reference architecture
    • privacy 
    • anonymity and credentials
    • specific privacy enhancing technologies
The scope of CS1 explicitly excludes the areas of work on cyber security standardization presently underway in INCITS B10, M1, T3, T10 and T11; as well as other standard groups, such as ATIS, IEEE, IETF, TIA, and X9.
CS1 Officers:







INCITS/CS1 has one Task Group, CS1.1 that has been assigned to facilitate the work for Role Based Access Control (RBAC)

CS1.1 Officers:





Comments and questions can be sent to the INCITS Secretariat at incits@itic.org