Cybersecurity and Privacy

About This Committee

The scope of the INCITS/Cybersecurity and Privacy Technical Committee is focused on the development of international standards in information security, cybersecurity, and privacy protection. This includes generic methods, techniques, and guidelines to address both security and privacy aspects, such as:

• Management of cybersecurity; in particular, information security management system (ISMS) standards, security processes, security controls and services.
• Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information.
• Security management support documentation including terminology, guidelines as well as procedures for the registration of security components.
• Security aspects of identity management, biometrics, and privacy.
• Conformance assessment, accreditation, and auditing requirements in the area of information security management systems.
• Security evaluation criteria and methodology and security requirements for cryptographic modules.
• Security requirements capture methodology.

The scope of INCITS/Cybersecurity and Privacy also includes the development of U.S. standards in information security, cybersecurity, and privacy protection. Additionally, INCITS/Cybersecurity and Privacy can collaborate with other INCITS Technical Committee to ensure that security and privacy are adequately addressed in U.S. standards that do not have information security, cybersecurity, and privacy protection as a primary focus.

The scope of INCITS/Cybersecurity and Privacy explicitly excludes the areas of work on cyber security standardization presently underway in INCITS B10, M1, T3, T10 and T11 as well as other standard groups, such as ATIS, IEEE, IETF, TIA, and X9.

Note: INCITS/Cybersecurity and Privacy was previously known as INCITS/CS1.

Group Participants

  • Meta Platforms Inc
  • Microsoft Corporation
  • NetApp Inc
  • Oracle
  • Pacific Northwest University - Cyber Education
  • PrivSec Consulting LLC
  • QRC America LLC
  • Raytheon Technologies
  • Ricoh Corporation
  • Samsung Semiconductor Inc (SSI)
  • Schellman Compliance LLC
  • Securisea Inc
  • Software Engineering Institute/CERT, a division of Carnegie Mellon University
  • Sylint Group
  • Thales DIS USA
  • The Aerospace Corporation
  • The Open Group
  • Uber Technologies Inc
  • Underwriters Laboratories Inc
  • United States Dept of Defense
  • United States Dept of Defense - NSA
  • United States Dept of Homeland Security
  • VISA
  • nuTonomy Inc
  • Amazon Web Services Inc
  • Apple
  • Atsec Information Security Corporation
  • BCG
  • Benigni
  • Cisco Systems Inc
  • Consumer Technology Association (CTA)
  • Dell Inc
  • Deloitte & Touche LLP
  • Department of Commerce - NIST
  • Exponent Inc
  • Futurewei Technologies Inc
  • Google
  • HP Inc
  • Hitachi Vantara
  • IBM Corporation
  • Intel Corporation
  • International Council on System Engineering (INCOSE)
  • Kaiser Permanente
  • Kantara Initiative
  • Legrand US
  • Lexmark International
  • Lockheed Martin Corporation
  • Lorica Systems Inc