International standards bodies - ISO, ITU-T, ETSI


ISO conformity assessment

ISO 27K and BS 7799 related

BS 7799 Part 1 'Code of practice for information security management' evolved into ISO 17799 and into ISO 27002, Part 2 'ISMS specifications' was further extended into the 2700X family

ISO 15408 Common Criteria (and related)

Security evaluation standards


Security techniques

ISO Biometrics

ISO blockchain and DLT standards

ISO TC 307 blockchain and distributed ledger technology - Chairperson (until end 2019): Mr Craig Dunn

Blockchain: distributed ledger system with confirmed blocks organized in an append-only, sequential chain using cryptographic links. Consensus: agreement among nodes that a transaction is valid and that there is a consistent set and ordering of the transactions stored in the distributed ledger. Distributed ledger: ledger that is shared and synchronized in a distributed manner


Standards and work in progress


ISO crypto standards

Refer to crypto-timestamping

Hashing and MAC



Trusted Platform Module

The TPM is a security chip connected to the CPU that provides isolated storage of encryption keys and of Platform Configuration Registers (PCRs). These PCRs hold hash values, which can only be updated by extending them. An extension consists of appending the current register value to the input, hashing it and storing the resulting hash in the register. The registers are complemented by a 'measurement log' which consists of a list of items that have been executed. Replaying the log should result in the same value as stored in the register. This can be used to record the boot process of a platform by 'extending' every piece of code to be executed into a register before the code is loaded. The first item loaded, the bootloader, cannot be measured in this way and is therefore referred to as the 'root of trust for measurement'. Remote attestation allows a platform to report the measurements collected during boot.


Long term signature
Blind signature
Anonymous signatures



Assurance and testing

Biometric protection

Authenticated encryption


ISO smart card standards

Also CEN and ETSI/3GPP are very influencial in this field.

ISO other standards



ISO other standards - TTP and related

ISO other standards - healthcare

ISO other standards - transport and vehicle related

ISO other standards - IT governance

ISO other standards - devices

ISA - International Society of Automation


EU standards and related matters

Europe's Standard Development Organisations are CEN, CENELEC and ETSI. Regarding security standards, there is the SOG-IS group.




EU standards were particularly successful in mobile communication such as GSM. These standards were originally driven through CEPT (European Conference on Post and Telecommunications Administrations). In 1988, ETSI took over, and in 2001 GSM standardisation was transferred to the global 3GPP. Areas covered by ETSI: For ETSI security and crypto standards refer to ETSI security standards.

For the different types of ETSI standards refer to the ETSI standards information page.



Coordinate the standardisation of Common Criteria protection profiles and certification policies between European Certification Bodies in order to have a common position in the fast growing international CCRA group. Coordinate the development of protection profiles whenever the European commission launches a directive that should be implemented in national laws as far as IT-security is involved

Selected EU Member States participate in SOG-IS - Senior Officials Group Information Systems Security. The SOG-IS agreement was produced in response to the EU Council Decision of March 31st 1992 (92/242/EEC) in the field of security of information systems, and the subsequent Council recommendation of April 7th (1995/144/EC) on common information technology security evaluation criteria. SOG-IS participants subscribe to the MRA, the Mutual Recognition Agreement of Information Technology Security Certificates. Participants are: More info:



Standards from consortia

Global de-facto standards and related matters

Emerging: BS 1008:2208 Evidential weight and legal admissibility of electronic information



US standards and related matters