menu layout menu layout

Hyperlink: Security: Standards
Meta-Reference on Information Technology

HOME : Security : Standards | Go to contents | Selecionar Idioma | Esta em Português |
 

Security Standards

ISO/IEC 15408 - Common Criteria (CC)

Common Criteria Evaluation and Validation Scheme (CCEVS) & Rainbow Series

  • The Common Criteria Evaluation and Validation Scheme (CCEVS)
    By National Information Assurance Partnership (NIAP), a U.S. Government initiative.
  • Rainbow Series
    From Wikipedia, the free encyclopedia.
  • Rainbow Series Library
    The Rainbow Series (sometimes known as the Rainbow Books) is a series of computer security standards and guidelines published by the United States government in the 1980s and 1990s. They were originally published by the U.S. Department of Defense (DoD) Computer Security Center, and then by the National Computer Security Center.
    The Rainbow Series is six-foot tall stack of books on evaluating "Trusted Computer Systems" according to the National Security Agency (NSA). The term "Rainbow Series" comes from the fact that each book is a different color. The main book, upon which all other expound, was the Orange Book.
    Note (2003): Portions of the Rainbow Series (e.g. the Orange book and the Red Book) have been superseded by the Common Criteria Evaluation and Validation Scheme (CCEVS).
    Format: ASCII Text. Available at Federation of American Scientists (FAS), Intelligence Resource Program. Alternative: csrc.nist.gov.
  • The Orange Book Site - Dynamoo.com
    First published in 1983, the US Department of Defense Trusted Computer System Evaluation Criteria, (DOD-5200.28-STD) known as the Orange Book was a de facto standard for computer security, now superseded by the Common Criteria Evaluation and Validation Scheme (CCEVS). Orange Book was part of NSA/DoD Rainbow Series.
    Orange Book Summary.
    USA Department of Defense Standard: Trusted Computer System Evaluation Criteria (DoD 5200.28-STD).

ISO/IEC 27000 series (formerly 17799, BS 7799) - Information Security Management

The British Standard 7799 (BS7799) was originally a code of practice issued by the UK Government (Department of Trade and Industry - DTI) in 1993, then published as standard in 1995 by the British Standards Institution (BSi) and revised in 1999. When initially published as an ISO international standard in December 2000, BS7799 part 1 (BS7799-1) became ISO 17799, because a standard called ISO 7799 already existed.

In October 2005, British Standard BS 7799 part 2 (BS7799-2) was adopted by ISO, re-badged beggining the new 27000 international information security standard series, released as ISO/IEC 27001:2005 standard.

From 2001 to 2004, the ISO 17799 (BS7799-1) international standard went throught a major revision, culminating in the new version ISO/IEC 17799:2005 published in June 2005. In July 2007, the 17799:2005 standard was renumbered to 27002:2005 (by ISO/IEC 17799:2005/Cor.1:2007), integrating the new 27000 series.

ISO 27001 [BS7799-2]: information security management systems (ISMS) requirements. ISO/IEC 27001:2005 = BS 7799-2:2005. Requirements (shall) to implement an information security management system.
ISO 27002 [BS7799-1]: code of practice for information security management. ISO/IEC 27002:2005 = ISO 17799:2005 = BS7799-1:2005. Recommendations (should) of information security controls.

Open Web Application Security Standards


Public-Key Cryptography and Digital Signature Standards

Public-Key Cryptography Standards (PKCS)

The Public-Key Cryptography Standards are specifications produced by RSA Laboratories in cooperation with secure systems developers worldwide for the purpose of accelerating the deployment of public-key cryptography. First published in 1991 as a result of meetings with a small group of early adopters of public-key technology, the PKCS documents have become widely referenced and implemented. Contributions from the PKCS series have become part of many formal and de facto standards, including ANSI X9 documents, PKIX, SET, S/MIME, and SSL.

Cryptographic Message Syntax (CMS) & PKCS #7

Cryptographic Tokens and Smart Cards - PKCS #11 and #15

  • PKCS #11: Cryptographic Token Interface Standard
    RSA Laboratories Public-Key Cryptography Standards (PKCS).
    This standard specifies an API, called Cryptoki, to devices which hold cryptographic information and perform cryptographic functions. Cryptoki, pronounced crypto-key and short for cryptographic token interface, follows a simple object-based approach, addressing the goals of technology independence (any kind of device) and resource sharing (multiple applications accessing multiple devices), presenting to applications a common, logical view of the device called a cryptographic token.
  • PKCS #15: Cryptographic Token Information Format Standard
    RSA Laboratories Public-Key Cryptography Standards (PKCS).
    PKCS #15 establishes a standard that enables users in to use cryptographic tokens to identify themselves to multiple, standards-aware applications, regardless of the application's cryptoki (or other token interface) provider.
  • ISO/IEC 7816-15:2004
    Identification cards -- Integrated circuit cards -- Part 15: Cryptographic information application.
    Preview.
  • Wikipedia: PKCS #11
    From Wikipedia, the free encyclopedia.
  • PKCS#11 Explorer
    PKCS#11 Explorer is a tool for examining the contents of PKCS#11 tokens (e.g. USB tokens and smartcards), and for carrying out various operations on them, including: show all objects stored and all mechanisms supported and their properties; monitor token insert/removal; initialize tokens; set and change PINs; create test keys; seed and generate random data. Free download, including executable and full Delphi source code.
  • FreeOTFE Explorer - Appendix E: PKCS#11 Driver Libraries (PDF)
    FreeOTFE Explorer manual, p 145-150. Not exhaustive list of token manufacturers, devices and their PKCS#11 driver libraries.
    FreeOTFE at Sourceforge.
  • PKCS#11 Task Force - Found Drivers
  • Wikipedia: Smart card
    From Wikipedia, the free encyclopedia.
    A smart card, chip card, or integrated circuit card (ICC) is any pocket-sized card with embedded integrated circuits. Smart cards can provide strong security identification, authentication, data storage (including digital certificates) and application processing.
  • Smart Card Alliance
    Smart Card Alliance mission is to accelerate the widespread adoption, usage, and application of smart card technology in North America by bringing together users and technology providers in an open forum to address opportunities and challenges for our industry.
  • OpenSC - tools and libraries for smart cards
    OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the PKCS#11 API so applications supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On the card OpenSC implements the PKCS#15 standard and aims to be compatible with every software/card that does so, too.
  • M.U.S.C.L.E. - Movement for the Use of Smart Cards in a Linux Environment
    MUSCLE is a project to coordinate the development of smart cards and applications under Linux. The purpose is to develop a set of compliant drivers, API's, and a resource manager for various smart cards and readers for the GNU environment. Source code is now distributed by this site that supports the Schlumbeger Reflex 60 line of reader and all ISO-7816-4 compliant smart cards. I would like to see a Linux resource manager for smart cards and other cryptographic tokens such as Ibuttons or SecureId. A good standpoint for this is the PC/SC specifications written for Microsoft OS.
  • PCSC-Lite projects on Alioth
    PC/SC-Lite: Middleware to access a smart card using SCard API (PC/SC). CCID driver: This package provides the source code for a generic USB CCID (Chip/Smart Card Interface Devices) driver and ICCD (Integrated Circuit(s) Card Devices).

Advanced Electronic Signatures Standards (CAdES, XAdES, PAdES)

Page Top   -   Home