ISO/IEC Standard 15816
ISO/IEC Standard 15816 – Information technology -- Security techniques -- Security information objects for access control
Published under Risk Management
| Title: | ISO/IEC 15816:2002 - Information technology -- Security techniques -- Security information objects for access control |
| Source reference: | http://www.iso.org/ (Note: this is a reference to the ISO page where the standard can be acquired. However, the standard is not free of charge, and its provisions are not publicly available. For this reason, specific provisions cannot be quoted). |
| Topic: | Security management – Access control |
| Direct / indirect relevance | Indirect. The text is a basic resource which can be used in access control issues, but contains no RM/RA obligations/methodologies as such. |
| Scope: | Not publicly available ISO standard, which can be voluntarily applied. |
| Legal force: | Nonbinding ISO standard. |
| Affected sectors: | Generic. The standard can be applied by security professionals in any sector confronted by access control difficulties. |
| Relevant provision(s): | The standard is not free of charge, and its provisions are not publicly available. For this reason, specific provisions cannot be quoted. Generically, it is described as containing: a) the definition of guidelines for specifying the abstract syntax of generic and specific Security Information Objects (SIOs) for Access Control; b) the specification of generic SIOs for Access Control; c) the specification of specific SIOs for Access Control. The scope of this Recommendation | International Standard covers only the "statics" of SIOs through syntactic definitions in terms of ASN.1 descriptions and additional semantic explanations. It does not cover the "dynamics" of SIOs, for example rules relating to their creation and deletion. The dynamics of SIOs are a local implementation issue. |
| Relevance to RM/RA: | The standard allows security professionals to rely on a specific set of syntactic definitions and explanations with regard to SIOs, thus avoiding duplication or divergence in other standardisation efforts. |
Latest publications
-
Interoperable EU Risk Management ToolboxThis document presents the EU RM toolbox, a solution proposed by ENISA to address interoperability concerns related to the use of information...
-
Interoperable EU Risk Management FrameworkThis report proposes a methodology for assessing the potential interoperability of risk management (RM) frameworks and methodologies and presents...
Browse the Topics