M00001323
New product
ISO TS 19299 1st Edition, October 1, 2015 Electronic fee collection - Security framework
In stock
Warning: Last items in stock!
Availability date: 07/13/2021
Description / Abstract:
The overall scope of this Technical Specification is an
information security framework for all organizational and technical
entities of an EFC scheme and in detail for the interfaces between
them, based on the system architecture defined in ISO 17573. The
security framework describes a set of requirements and associated
security measures for stakeholders to implement and thus ensure a
secure operation of their part of an EFC system as required for a
trustworthy environment according to its security policy.
The scope of this Technical Specification comprises the
following:
— definition of a trust model (Clause 5); Basic assumptions and
principles for establishing trust between the stakeholders.
— security requirements (Clause 6);
— security measures
— countermeasures (Clause 7); Security requirements to support
actual EFC system implementations.
— security specifications for interface implementation (Clause
8);
These specifications represent an add-on for security to the
corresponding standards. Figure 5 above shows the relevant
interfaces and the corresponding relevant interface standards, as
illustrated in Figure 6.
— key management (Clause 9);
Covering the (initial) setup of key exchange between
stakeholders and several operational procedures like key renewal,
certificate revocation, etc.
— security profiles (Annex A);
— implementation conformance statement (Annex B) provides a
checklist to be used by an equipment supplier, a system
implementation, or an actor of a role declaring his conformity to
this Technical Specification;
— general information security objectives of the stakeholders
(Annex C) which provide a basic motivation for the security
requirements;
— threat analysis (Annex D) on the EFC system model and its
assets using two different complementary methods, an attack-based
analysis, and an asset-based analysis;
— security policy examples (Annex E and Annex F);
— recommendations for privacy-focused implementation (Annex
G);
— proposal for end-entity certificates (Annex H).