iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 24392:2023

(Main)

Cybersecurity — Security reference model for industrial internet platform (SRM- IIP)

Cybersecurity — Security reference model for industrial internet platform (SRM- IIP)

This document presents specific characteristics of industrial internet platforms (IIPs), including related security threats, context-specific security control objectives and security controls. This document covers specific security concerns in the industrial context and thus complements generic security standards and reference models. In particular, this document includes secure data collection and transmission among industrial devices, data security of industrial cloud platforms, and secure collaborations with various industry stakeholders. The users of this document are organizations who develop, operate, or use any components of IIPs, including third parties who provide services to the abovementioned stakeholders. This document provides recommendations for users on how to protect IIPs against IIP-specific threats.

Cybersécurité — Modèle de référence de sécurité pour plateforme internet industrielle (SRM- IIP)

General Information

Status
Published
Publication Date
17-Jul-2023
ICS
35.030 - IT Security
Technical Committee
ISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protection
Drafting Committee
ISO/IEC JTC 1/SC 27/WG 4 - Security controls and services
Current Stage
6060 - International Standard published
Start Date
18-Jul-2023
Due Date
13-Dec-2023
Completion Date
18-Jul-2023
Ref Project

Buy Standard

ISO/IEC 24392:2023 - Cybersecurity — Security reference model for industrial internet platform (SRM- IIP) Released:18. 07. 2023ISO/IEC 24392:2023 - Cybersecurity — Security reference model for industrial internet platform (SRM- IIP) Released:18. 07. 2023
PreviousNext
Standard
ISO/IEC 24392:2023 - Cybersecurity — Security reference model for industrial internet platform (SRM- IIP) Released:18. 07. 2023
English language
34 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC FDIS 24392 - Cybersecurity — Security reference model for industrial Internet platform (SRM- IIP) Released:5/6/2022ISO/IEC FDIS 24392 - Cybersecurity — Security reference model for industrial Internet platform (SRM- IIP) Released:5/6/2022
PreviousNext
Draft
ISO/IEC FDIS 24392 - Cybersecurity — Security reference model for industrial Internet platform (SRM- IIP) Released:5/6/2022
English language
33 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 24392
First edition
2023-07
Cybersecurity — Security reference
model for industrial internet platform
(SRM- IIP)
Cybersécurité — Modèle de référence de sécurité pour plateforme
internet industrielle (SRM- IIP)
Reference number
ISO/IEC 24392:2023(E)
© ISO/IEC 2023

---------------------- Page: 1 ----------------------
ISO/IEC 24392:2023(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
  © ISO/IEC 2023 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 24392:2023(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 3
5 Overview . 4
6 IIP-specific security threats to industrial internet platforms . 6
6.1 Characteristics of IIPs . 6
6.2 Security threats to IIPs . 8
7 Security reference model of industrial internet platform .12
7.1 General .12
7.2 Security domains of IIPs .12
7.2.1 General .12
7.2.2 Edge security domain .13
7.2.3 Cloud infrastructure security domain . . 13
7.2.4 Platform security domain . 14
7.2.5 Application security domain . 14
7.3 System life cycle . 14
7.3.1 General .
...

DRAFT INTERNATIONAL STANDARD
ISO/IEC DIS 24392
ISO/IEC JTC 1/SC 27 Secretariat: DIN
Voting begins on: Voting terminates on:
2022-07-01 2022-09-23
Cybersecurity — Security reference model for industrial
Internet platform (SRM- IIP)
ICS: 35.030
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENT AND APPROVAL. IT IS
THEREFORE SUBJECT TO CHANGE AND MAY
This document is circulated as received from the committee secretariat.
NOT BE REFERRED TO AS AN INTERNATIONAL
STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
Reference number
NATIONAL REGULATIONS.
ISO/IEC DIS 24392:2022(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION. © ISO/IEC 2022

---------------------- Page: 1 ----------------------
ISO/IEC DIS 24392:2022(E)
DRAFT INTERNATIONAL STANDARD
ISO/IEC DIS 24392
ISO/IEC JTC 1/SC 27 Secretariat: DIN
Voting begins on: Voting terminates on:

Cybersecurity — Security reference model for industrial
Internet platform (SRM- IIP)
ICS: 35.030
COPYRIGHT PROTECTED DOCUMENT
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENT AND APPROVAL. IT IS
© ISO/IEC 2022
THEREFORE SUBJECT TO CHANGE AND MAY
This document is circulated as received from the committee secretariat.
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
NOT BE REFERRED TO AS AN INTERNATIONAL
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on STANDARD UNTIL PUBLISHED AS SUCH.
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
IN ADDITION TO THEIR EVALUATION AS
or ISO’s member body in the country of the requester. BEING ACCEPTABLE FOR INDUSTRIAL,
TECHNOLOGICAL, COMMERCIAL AND
ISO copyright office
USER PURPOSES, DRAFT INTERNATIONAL
CP 401 • Ch. de Blandonnet 8
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
CH-1214 Vernier, Geneva
POTENTIAL TO BECOME STANDARDS TO
Phone: +41 22 749 01 11
WHICH REFERENCE MAY BE MADE IN
Reference number
Email: copyright@iso.org
NATIONAL REGULATIONS.
Website: www.iso.org ISO/IEC DIS 24392:2022(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
Published in Switzerland
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
ii
  © ISO/IEC 2022 – All rights reserved
PROVIDE SUPPORTING DOCUMENTATION. © ISO/IEC 2022

---------------------- Page: 2 ----------------------
ISO/IEC DIS 24392:2022(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms and acronyms .3
5 Overview . 4
6 IIP-specific security threats to industrial Internet platforms . 6
6.1 Characteristics of IIPs . 6
6.2 Security threats to IIPs .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 27040:2024(Main)
Information technology — Security techniques — Storage security

This document provides detailed technical requirements and guidance on how organizations can achieve an appropriate level of risk mitigation by employing a well-proven and consistent approach to the planning, design, documentation, and implementation of data storage security. Storage security applies to the protection of data both while stored in information and communications technology (ICT) systems and while in transit across the communication links associated with storage. Storage security includes the security of devices and media, management activities related to the devices and media, applications and services, and controlling or monitoring user activities during the lifetime of devices and media, and after end of use or end of life. Storage security is relevant to anyone involved in owning, operating, or using data storage devices, media, and networks. This includes senior managers, acquirers of storage products and services, and other non-technical managers or users, in addition to managers and administrators who have specific responsibilities for information or storage security, storage operation, or who are responsible for an organization’s overall security programme and security policy development. It is also relevant to anyone involved in the planning, design, and implementation of the architectural aspects of storage network security. This document provides an overview of storage security concepts and related definitions. It includes requirements and guidance on the threats, design, and control aspects associated with typical storage scenarios and storage technology areas. In addition, it provides references to other international standards and technical reports that address existing practices and techniques that can be applied to storage security.

  • Draft
    93 pages
    English language
    sale 15% off
  • Draft
    87 pages
    English language
    sale 15% off
  • Draft
    87 pages
    English language
    sale 15% off
ISO
ISO/IEC 17825:2024(Main)
Information technology — Security techniques — Testing methods for the mitigation of non-invasive attack classes against cryptographic modules

This document specifies the non-invasive attack mitigation test metrics for determining conformance to the requirements specified in ISO/IEC 19790:2012 for security levels 3 and 4. The test metrics are associated with the security functions addressed in ISO/IEC 19790:2012. Testing is conducted at the defined boundary of the cryptographic module and the inputs/outputs available at its defined boundary. This document is intended to be used in conjunction with ISO/IEC 24759:2017 to demonstrate conformance to ISO/IEC 19790:2012. NOTE ISO/IEC 24759:2017 specifies the test methods used by testing laboratories to assess whether the cryptographic module conforms to the requirements specified in ISO/IEC 19790:2012 and the test metrics specified in this document for each of the associated security functions addressed in ISO/IEC 19790:2012. The test approach employed in this document is an efficient “push-button” approach, i.e. the tests are technically sound, repeatable and have moderate costs.

  • Draft
    38 pages
    English language
    sale 15% off
  • Draft
    38 pages
    English language
    sale 15% off
ISO
ISO/IEC 29146:2024(Main)
Information technology — Security techniques — A framework for access management

This document defines and establishes a framework for access management (AM) and the secure management of the process to access information and information and communications technologies (ICT) resources, associated with the accountability of a subject within some contexts. This document provides concepts, terms and definitions applicable to distributed access management techniques in network environments. This document also provides explanations about related architecture, components and management functions. The subjects involved in access management can be uniquely recognized to access information systems, as defined in the ISO/IEC 24760 series. The nature and qualities of physical access control involved in access management systems are outside the scope of this document.

  • Draft
    34 pages
    English language
    sale 15% off
  • Draft
    34 pages
    English language
    sale 15% off
ISO
ISO/IEC 27033-7:2023(Main)
Information technology – Network security — Part 7: Guidelines for network virtualization security

This document aims to identify security risks of network virtualization and proposes guidelines for the implementation of network virtualization security. Overall, this document intends to considerably aid the comprehensive definition and implementation of security for any organization’s virtualization environments. It is aimed at users and implementers who are responsible for the implementation and maintenance of the technical controls required to provide secure virtualization environments.

  • Standard
    23 pages
    English language
    sale 15% off
  • Draft
    23 pages
    English language
    sale 15% off
  • Draft
    23 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 9569:2023(Main)
Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Patch Management Extension for the ISO/IEC 15408 series and ISO/IEC 18045

This document specifies patch management (PAM) security assurance requirements and is intended to be used as an extension of the ISO/IEC 15408 series and ISO/IEC 18045. The security assurance requirements specified in this document do not include evaluation or test activities on the final target of evaluation (TOE), but focus on the initial TOE and on the life cycle processes used by manufacturers. Additionally, this document gives guidance to facilitate the evaluation of the TOE, including the patch and development processes which support the patch management. This document lists options for evaluation authorities (or mutual recognition agreements) on how to utilize the additional assurance and additional evidence in their processes to enable the developer to consistently re-certify their updated or patched TOEs to the benefit of the users. The implementation of these options using an evaluation scheme is out of the scope of this document.

  • Technical specification
    36 pages
    English language
    sale 15% off
  • Draft
    36 pages
    English language
    sale 15% off
  • Draft
    36 pages
    English language
    sale 15% off
ISO
ISO/IEC 27402:2023(Main)
Cybersecurity — IoT security and privacy — Device baseline requirements

This document provides baseline ICT requirements for IoT devices to support security and privacy controls.

  • Standard
    16 pages
    English language
    sale 15% off
  • Draft
    16 pages
    English language
    sale 15% off
  • Draft
    16 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 6114:2023(Main)
Cybersecurity — Security considerations throughout the product life cycle

This document describes security considerations throughout the product life cycle (SCLC), which is a framework that spans the entire information and communications technology (ICT) product life cycle. The aim of the framework is to align the industry and bring greater transparency to customers at every point on the ICT product life cycle. This document describes the following items for suppliers, end users (consumers), intermediaries of the ICT supply chain, service providers, and regulators: — definition of phases in the ICT product life cycle from concept to retirement; — threat vectors possible in each phase of the life cycle; — potential controls against those threat vectors. The target audiences of this document are suppliers and consumers of ICT products, including all participants throughout the supply chain such as silicon chip designers, fabricators, product assemblers, logistics providers, service providers, and information security organizations. Clauses 5 to 11 target an organization’s strategic and risk management teams. This document provides an end-to-end view of the threats in each phase to help the organization shape their plans, procedures and policies.

  • Technical report
    44 pages
    English language
    sale 15% off
  • Draft
    46 pages
    English language
    sale 15% off
  • Draft
    46 pages
    English language
    sale 15% off
ISO
ISO/IEC 23837-2:2023(Main)
Information security — Security requirements, test and evaluation methods for quantum key distribution — Part 2: Evaluation and testing methods

This document specifies test and evaluation methods for the security evaluation of quantum key distribution (QKD). It also describes evaluation activities that constitute the test and evaluation methods for the security functional requirements on the implementation of QKD protocols, the quantum optical components and conventional network components in QKD modules. Moreover, supplementary evaluation activities for security assurance requirements are provided to support the security evaluation of QKD with appropriate assurance levels.

  • Standard
    106 pages
    English language
    sale 15% off
  • Draft
    106 pages
    English language
    sale 15% off
  • Draft
    106 pages
    English language
    sale 15% off
ISO
ISO/IEC 23837-1:2023(Main)
Information security — Security requirements, test and evaluation methods for quantum key distribution — Part 1: Requirements

This document specifies a general framework for the security evaluation of quantum key distribution (QKD) according to the ISO/IEC 15408 series. Specifically, it specifies a baseline set of common security functional requirements (SFRs) for QKD modules, including SFRs on the conventional network components and the quantum optical components, and the entire implementation of QKD protocols. To facilitate the analysis of SFRs, security problems that QKD modules can face in their operational environment are analysed based on a structural analysis of the security functionality of QKD modules and the classification of QKD protocols. The SFRs on conventional network components of QKD modules are mainly characterized under the framework of the ISO/IEC 15408 series and also refer to the methodology of ISO/IEC 19790 and relevant standards on testing of cryptographic modules and network devices.

  • Standard
    52 pages
    English language
    sale 15% off
ISO
ISO/IEC 9797-1:2011/Amd 1:2023(Amendment)
Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher — Amendment 1
  • Standard
    1 page
    English language
    sale 15% off