CS1 - Cyber Security
About This Committee
INCITS/CS1 was established in April 2005 to serve as the US TAG for ISO/IEC JTC 1/SC 27 and all SC 27 Working Groups. The INCITS/CS1 area of work includes standardization in the following areas:
*Management of information security and systems
*Management of third party information security service providers
*Intrusion detection
*Network security
*Incident handling
*IT Security evaluation and assurance
*Security assessment of operational systems
*Security requirements for cryptographic modules
Protection profiles
* Role based access control
*Security checklists
*Security metrics
*Cryptographic and non-crytographic techniques and mechanisms including:
* confidentiality
* entity authentication
* non-repudiation
* key management
* data integrity
* message authentication
* hash-functions
* digital signatures
*Future service and applications standards supporting the implementation of control objectives and controls as
defined in IS 27001, in the areas of:
* business continuity
* outsourcing
*Identity management, including:
* identity management framework
* role based access control
* single sign-on
*Privacy technologies, including:
* privacy framework
* privacy reference architecture
* privacy
* anonymity and credentials
* specific privacy enhancing technologies
The scope of CS1 explicitly excludes the areas of work on cyber security standardization presently underway in INCITS B10, M1, T3, T10 and T11; as well as other standard groups, such as ATIS, IEEE, IETF, TIA, and X9.
*Management of information security and systems
*Management of third party information security service providers
*Intrusion detection
*Network security
*Incident handling
*IT Security evaluation and assurance
*Security assessment of operational systems
*Security requirements for cryptographic modules
Protection profiles
* Role based access control
*Security checklists
*Security metrics
*Cryptographic and non-crytographic techniques and mechanisms including:
* confidentiality
* entity authentication
* non-repudiation
* key management
* data integrity
* message authentication
* hash-functions
* digital signatures
*Future service and applications standards supporting the implementation of control objectives and controls as
defined in IS 27001, in the areas of:
* business continuity
* outsourcing
*Identity management, including:
* identity management framework
* role based access control
* single sign-on
*Privacy technologies, including:
* privacy framework
* privacy reference architecture
* privacy
* anonymity and credentials
* specific privacy enhancing technologies
The scope of CS1 explicitly excludes the areas of work on cyber security standardization presently underway in INCITS B10, M1, T3, T10 and T11; as well as other standard groups, such as ATIS, IEEE, IETF, TIA, and X9.
Group Participants
- Oracle
- Plum Hall Inc
- Raytheon Company
- Ricoh Corporation
- SAFECode
- Salesforce.com
- Symantec
- The Open Group
- Unified Compliance Framework
- United States Dept of Defense
- United States Dept of Defense - NSA
- United States Dept of Homeland Security
- Utilities Telecom Council
- VHA CHIO
- VisioTech Solutions (Pvt) Ltd
- Yaana Technologies
- Zygma LLC
- kCura
- Alcatel-Lucent
- Atsec Information Security Corporation
- Booz Allen & Hamilton Inc
- CERT Coordination Center
- Cisco Systems Inc
- Cummings
- EMC Corporation
- Gemalto
- Haliphron
- Hewlett-Packard Company
- Hitachi Data Systems
- Intel Corporation
- Kantara Initiative
- Lexmark International
- Microsoft Corporation
- Mitre Corporation
- NIST
- NetApp
- OSIBIA Inc