D8.3 Overview of existing standards and ongoing standardization activities in the field of cyber security

[featured_image]
Download
Download is available until [expire_date]
  • Version
  • Download 3
  • File Size 1.42 MB
  • File Count 1
  • Create Date 29 de August de 2023
  • Last Updated 29 de August de 2023

D8.3 Overview of existing standards and ongoing standardization activities in the field of cyber security

This document is intended to demonstrate the research and evaluation methodology followed by DIN (German Institute for Standardization) that has resulted in an initial listing of standards to assist the IDUNN project partners in planning, executing, and delineating the project's progress against the backdrop of already existing knowledge of the subject area. Before that, within the framework of introductory chapters the reader shall be familiarized with standardization per se in order to sharpen the understanding of the necessity of standardization itself.
The search for standards was conducted by DIN with the help of the project partners. The project partners were first asked to list standards they already knew that could be relevant to the project. They were also asked to list guidelines, work programs, etc. that we subsequently examined for relevant documents, committees and consortia. Afterwards we examined theses specified committees and consortia with regard to further project-relevant standards. Finally, they were asked to list key terms that they associated with each work package. We used these key terms to conduct a search for potentially relevant standards using the Perinorm reference database. Based on all the information provided and researched, we compiled a list of 347 European and international standards.

The elements of the listing were then checked by the technical partners for their project relevance on the basis of their title and abstract. The project partners were more specifically asked, if the application of the standard is:
• classification I: recommended for IDUNN,
• classification II: possible, but not necessary for IDUNN, or
• classification III: not necessary for IDUNN.

After the evaluation 14 documents were assigned to classification I, 127 to classification II and 206 to classification III. Documents assigned to classification III were not considered as necessary and are thus not included in the deliverable. Nevertheless the listings of recommended and possible standards represent an assessment at the current stage of the project's progress. It is therefore possible that some of the documents that have initially been sorted out as not relevant for now may still be consulted during the course of the project. It is planned to conduct further rounds of evaluation of these 206 documents in the further course of the project and to make them available to the project members as required.

The majority of documents assigned to classification I and II by the project partners are Electrotechnical standards, published by IEC with ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection and IEC/TC 65 Industrial process measurement and control as the main Technical Committees. This document also contains an overview of ongoing standardization activities of ISO/IEC JTC 1 Information security.